Lockheed Martin said on May 27 that it detected a “significant and tenacious attack on its information systems network.” The firm stressed that “our systems remain secure; no customer, program or employee personal data has been compromised.” It added that “appropriate” US federal agencies had been notified of the incident.
Lockheed Martin and other defense firms use RSA SecureID tokens to enable employees to gain access to corporate networks from outside the office.
In March RSA admitted that an “advanced persistent threat” attack had extracted information related to its Secure ID two-factor authentication products. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack”, Art Coviello, RSA executive chairman, said in an open letter to RSA customers.
A number of security experts think that RSA’s confidence was misplaced. Researchers at NSS Labs said that “there have been malware and phishing campaigns in the wild seeking specific data linking RSA tokens to the end-user, leading us to believe that this attack was carried out by the original RSA attackers.”
In a March analysis of the RSA breach, NSS Labs said it was a “strategic move to grab the virtual keys to RSA’s customers – who are the most security conscious in the world. One or several RSA clients are likely the ultimate target of this attack. Military, financial, governmental, and other organizations with critical intellectual property, plans and finances are at risk.”
Commenting on the Lockheed Martin incident, James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, told The New York Times that the “issue is whether all of the security controls are compromised. That’s the assumption people are making.”
“We don’t know what they went after at Lockheed,” Lewis said. “One possibility is that it’s a state actor, but it could also be criminals who are trying to exploit the company’s customers.”
According to military sources the newspaper consulted, Lockheed Martin shut down its remote access and issued new SecureID tokens and passwords to many of its workers in response to the incident.
Comments
Bit9er says:
01 June 2011
Can you put a price on your Intellectual Property? Now that the "keys" have been stolen all the locks need to get changed. If a government contractor spends billions developing a strategic asset it will certainly be a target for a cyber attack. Phishing, an email leveraging a false sense of trust, is typically the 1st step in modern attacks. Application whitelisting can't stop phishing but it can stop the advanced malware that is deposited on the unsuspecting user's computer. A default-deny strategy is the only way to address advanced threats. No longer can we allow new software to run/install if it is not known to be bad.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.