760 Companies Hit in Massive Hack

By: From CNN Money
By: From CNN Money

NEW YORK (CNNMoney) -- A massive cyberattack that led to a vulnerability in RSA's SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week.

A list of 760 organizations that were attacked was presented to Congress recently and published by security analyst Brian Krebs on his blog Monday.

The list is the first glimpse into the pervasiveness of the attack that brought RSA to its knees. Those in the security industry have long suspected that RSA was not the hack's only victim, but no other companies have been willing to talk publicly about whether they had also been compromised.

The names mentioned on Krebs' list include about a fifth of the Fortune 100, as well as many other massive corporations.

Abbot Laboratories (ABT, Fortune 500), Charles Schwab (SCHW, Fortune 500), Freddie Mac, PriceWaterhouseCoopers and Wells Fargo (WFC, Fortune 500) are all named.

Tech giants like Amazon, IBM, Intel, Yahoo, Cisco, Fortune, Google, Facebook, and Microsoft are also included, as well as government agencies like the European Space Agency, the IRS, and the General Services Administration. Government security contractor Northrop Grumman was on the list, as was MIT.

The list of affected companies was obtained from a breached "command and control" server, the name for a machine that hackers use to direct the fleets of compromised PCs that they have gained control over. Krebs said he wasn't at liberty to reveal how that server was discovered or who analyzed the data.

The names came to light after researchers traced back the corporate networks that were communicating with the server that attacked RSA. The first victims started "phoning home" as early as November 2010, Krebs said.

But there's a big caveat: As Krebs was quick to note, many Internet service providers were on the list, most likely because their subscribers were attacked using their network, not because the companies themselves were compromised. That means that companies like Comcast, Windstream, Verizon, AT&T and Sprint (S, Fortune 500) may be off the hook.

But Google and Amazon, which host Domain Name System services to help people surf the Web, may also have made the list because of activity on their networks, not within their corporate walls. And some companies -- especially security technology vendors like McAfee -- could be named because they discovered the attack and intentionally compromised their own systems in an attempt to reverse-engineer the malware used in the hack.

One last footnote: It's not clear how deeply the hackers were able to penetrate each compromised business' systems. RSA got hammered -- the attackers used the breach to plant malware that let them gain access to RSA's systems -- but other companies may have fended off the intrusion without any damage.

Microsoft, one of the few companies we contacted that was willing to talk on the record about the attack, said it has "not seen any evidence supporting the claim." Several other companies gave similar statements but asked not to be named in this story.

Still, experts say the revelation of the massive number of companies involved in the attack shouldn't be taken lightly.


631 SW Commerce Pl. Topeka, Kansas 66615 phone: 785-272-6397 fax: 785-272-1363 email: feedback@wibw.com
Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 132758218 - wibw.com/a?a=132758218
Gray Television, Inc.