Two groups acting on behalf of a single nation state were behind a March attack on RSA, the maker of SecurID keys used by tens of millions of employees worldwide to access their corporate computer networks, Chief Executive Art Coviello said on Tuesday.

The hackers stole information later used in an attack on U.S. defense contractor Lockheed Martin, forcing RSA, the security division of data storage firm EMC, to offer replacement SecurID keys to all its customers.

The breach was one of many high-profile hacking attacks in the past year on organizations ranging from Sony to the Australian government to the International Monetary Fund -- carried out by criminals, governments and hacktivists.

We do know that it was one nation state because these groups were well coordinated. That much the forensic intelligence told us, Coviello told Reuters in an interview at an RSA conference in London.

One group was more surreptitious in their approach than the other, he said. Is it possible that one was deliberately a little bit more visible than the other to mask the other? It's possible. We don't know.

Coviello and other RSA executives said they did not know for sure which nation state was behind the attack.

China has been blamed by many U.S. organizations for state-sponsored cyberattacks.

In June, Google blamed China for an attempt to steal the passwords of hundreds of Gmail account holders, provoking an angry response from China, which already has frosty relations with the U.S. Internet search company.

Hackers working in China also broke into the computer systems of five multinational oil and gas companies to steal bidding plans and other critical proprietary information, computer security firm McAfee said in February.

China has said repeatedly it does not condone hacking.


For the attack on RSA, EMC said in July it had taken a $66 million charge for the cost of responding to the breach, and said RSA's growth would likely remain a bit slower in its wake.

But Coviello said demand for replacement tokens had slowed to a trickle and the company now had a large inventory. He said little more than 10 percent of clients -- it wouldn't have been much more than single digits -- had asked for replacements.

SecurIDs are widely used electronic keys to computer systems designed to thwart hackers by requiring two passcodes: one fixed PIN and another six-digit number that is automatically generated, typically every 60 seconds.

EMC took a charge. The flow has not been as high as we thought, Coviello said.

Asked whether the charge may have been too high, he said: We'll leave the reserve there until we're satisfied and then we'll make a final judgment on the charge that we took.

To help combat the speed at which security threats are evolving -- challenging traditional, static methods of protection like anti-virus signatures -- RSA bought network security analysis firm Netwitness in April.

Netwitness software helps organizations to quickly detect security problems including zero day attacks, so called because they exploit vulnerabilities that the targeted software does not yet know exist.

Organizations are defending themselves with the information security equivalent of the Maginot Line as their adversaries go around them, Coviello said.

The Maginot line was a fixed line of military fortifications built between the two world wars that failed to stop Germany from invading Belgium and France.

RSA last year accounted for $730 million, or just 4 percent, of EMC's $17 billion in sales, but it is a high-profile asset whose technology EMC has used to secure the company's other products, including its software and data storage equipment.