China is responsible for last year's cyberattacks against RSA, according to the U.S. National Security Agency's (NSA) director, Keith Alexander, confirming earlier speculation that the breach has links to the Asian economic giant.
The attacks on RSA last year, in which hackers conducted a spear-phishing campaign that sent e-mail containing malware and also installed backdoor Trojans through a zero-day Adobe Flash exploit, indicated a "high level of sophistication by Chinese hackers", said Alexander who was quoted in a wgi report by InformationWeek. The government official revealed the findings to the Senate Armed Services Committee on Tuesday.
"The ability to do it against a company like RSA is such a high-order capability that, if they can do it against RSA, that makes other companies vulnerable," he said.
When contacted, RSA told ZDNet Asia it had no comment on the latest relevation.
China is stealing "a great deal" of military-related intellectual property from the U.S., Alexander said, but maintained he was unable to "go into the specifics". He added that the agency had seen data thefts from defense industrial base companies and some were public attacks, the most recent being the RSA exploits.
Alexander also stated that the U.S. government needed to do a better job protecting itself against these attacks. "We need to make it more difficult for the Chinese to do what they're doing," he said.
Security researchers in June 2011 had highlighted similarities between the RSA attacks and cyberespionage campaigns, noting that the former was accomplished using APT (advanced persistent threats)--similar to that used in the 2010 attack against Google which originated in China. Chinese officials, however, denied any involvement in the Google breach.
Last October, RSA announced that forensics intelligence indicated the security breach on its SecurID tokens had been executed by two groups acting on behalf of a single nation. However, Art Coviello, RSA 's vice president and executive vice president of EMC, told ZDNet Asia in an interview that the company would not name the country involved as there were no forensic evidence to trace the source of attack or destination of infiltrated information.