Text size:

  • Small
  • Normal
  • Large
A hacking attack on Sony's PlayStation Network has led to renewed corporate concern about computer security. Shizuo Kambayashi / AP Photo
A hacking attack on Sony's PlayStation Network has led to renewed corporate concern about computer security. Shizuo Kambayashi / AP Photo

UAE companies on high alert after hack

SecurID tokens give random number that give access to websites.

DUBAI // Corporations are continuing to monitor their computer systems and customer accounts following a sophisticated hack on an international security firm with offices in the emirate.

A secret code for a computer access key used by top multinationals and governments is believed to have been among the data stolen by hackers in an attack on RSA, an international security company under the parent company EMC, which also has offices in Dubai.

The SecurID tokens, which are around the size of a key-chain fob, generate a random number every minute which, when entered onto a computer, grants users access to websites or systems.

They are widely used by retail and business banking customers, including those for Emirates NBD and National Bank of Abu Dhabi.

National Bank of Abu Dhabi has been in regular communication with RSA and has received assurances on the safety of customers.

"NBAD does not believe that the RSA security breach can lead to a successful direct attack against its account holders that use RSA SecurID," said Suvo Sarkar, general manager of NBAD's Consumer and Elite Banking.

"Our bank has implemented the best security practices and hardening guidelines recommended by RSA and is also actively monitoring our systems and customer transactions closely. To date, NBAD has no evidence of any impact to nbadOnline."

The hack comes on the heels of a massive security breach at Sony.

Last week, executives at the Japanese conglomerate apologised for the April breach, which resulted in personal information losses in 77 million accounts - including addresses, usernames, passwords and credit card information - belonging to users of its PlayStation Network.

Corporations are paying attention now, said David Michaux, a computer forensics investigator for the Dubai-based firm Forward Discovery.

"A number of companies have sought expert advice on what kind of problems they may face," he said.

EMC announced on March 17 that its security division, RSA, had been subject to "an extremely sophisticated cyber attack". The attackers sent out e-mails to low-level employees with an excel file attached entitled "2011 Recruitment plan.xls".

After one employee opened the file, the attackers were granted access to the system. They were then able to jump to operators with increasing levels of privileges until finally they harvested information on the SecurID system.

Mr Michaux said that there was only a five per cent chance that the attack could have come from "script kiddies", a disparaging nickname given to teenage hackers.

"This attack was a gradual theft of data over a long period," he said. "It looks very similar to what you tend to see with a government-sponsored attack."

A spokesman for EMC said the SecurID system remains an effective defence against attackers.

"Whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers," the spokesman said. "We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold."

The SecurID system is a "two-factor" solution as customers are provided with both a pin number as well as the randomly generated number from the token. "It's like having a password with two halves," said a Dubai-based expert on SecurID, who spoke on condition of anonymity. "Without one half you can't use the other half. The technology is as secure as it was before the hack."

mcroucher@thenational.ae

Back to the top

More articles


Editor's Picks

 An Egyptian Orthodox Christian priest give communion during the Palm Sunday service inCairo, Egypt. Mohamed El-Shahed / AFP

Region in focus - April 18, 2014

The best images of the last seven days from around the Gulf and across the Middle East.

 Above, the private pool of Ocean Heights' five-bedroom penthouse flat. Courtesy Christie’s International Real Estate

In pictures: Penthouse flat is height of Dubai luxury living

A five-bedroom penthouse in Ocean Heights in Dubai Marina is on sale for Dh25 million and comes with a private pool and an unparalleled view of Dubai.

Video: Local reactions to a national fishing ban

A federal fishing ban has been imposed by the UAE federal government, but local authorities are taking diiferent approaches to implementing the ban. Two fishermen tell two very different sides of the story. Produced by Paul O'Driscoll

 Hamburg players leave the field after the match against Borussia Moenchengladbach on March 30, 2014. AFP

Hamburg the dinosaur’s time may be up in Bundesliga

Ever-present for 51 years in the German top-flight, Hamburg face the prospect of relegation, writes Ian Hawkey.

 The new Bentley GT Speed convertible on display at a press event of the New York International Auto Show. Jason Szenes / EPA

In pictures: Hot cars at New York International Auto Show

With more than 1 million visitors annually, the New York International Auto Show is one of the most important shows for the US car industry. Here are some of the vehicles to be shown in this year’s edition.

 The cast of Fast & Furious 7, including Michelle Rodriguez and Vin Diesel, centre, on set at Emirates Palace in Abu Dhabi. Jeffrey E Biteng / The National

Fast & Furious 7 filming in full swing at Emirates Palace

Filming for Fast & Furious 7 has started and we have the first photos of the cast and crew on set at Emirates Palace hotel this morning. Visitors staying at Emirates Palace say they have been kept away from certain areas in the grounds.

Events

To add your event to The National listings, click here

Get the most from The National