US military contractors hacked - possible link with RSA SecurID breach

Filed Under: Data loss, Privacy, Vulnerability

F-22 Raptor jet fighterHackers have broken into the network of Lockheed Martin and several other US military contractors, according to media reports.

Lockheed Martin, has described the attack as "significant and tenacious".

Blogger Robert Cringely claimed that Lockheed Martin first detected the security breach last weekend (a fact later confirmed by the weapons maker in a press statement). In response to the attack the firm is said to have promptly blocked all remote VPN access to their internal network, and informed over 100,000 users that they would have to change their passwords.

In addition, it's claimed that all Lockheed personnel with RSA SecurID tokens will be given new tokens.

From the sound of things, Lockheed Martin took swift and sensible action. It was wise of them to take the step of shutting down access to its internal networks as a precaution, once it believed that unauthorised users may have breached its systems.

SecurID tokenThe mention of RSA SecurID tokens, though, is interesting. They're the devices used by many companies and organisations to provide two factor authentication to allow provide workers with a more secure way of proving they are who they say they are than just providing a username and password.

You may have used something similar when accessing your online bank account - for instance, a keyfob that displays a sequence of numbers that changes every 30 seconds or so.

The reason why this raises eyebrows is that back in March, RSA admitted that it had been hacked, and some of the information stolen was specifically related to RSA's SecurID two-factor authentication products.

However, RSA has never made public details of precisely what kind of data was stolen - leading to speculation that the security of the widely-used SecurID tokens might have been compromised.

Is it possible that whatever information was stolen from RSA helped the hackers break into Lockheed Martin? If that's the case, that's worrying news for businesses around the world.

An unnamed source with direct knowledge of the attacks is said to have confirmed to Reuters that other military contractors have also been compromised.

It's important to realise that all of these companies are victims of a criminal act - the authorities will no doubt be keen to uncover who is behind these attacks, and where they might have originated from. Only time will tell if those questions are ever answered satisfactorily.

Update: Lockheed Martin has now confirmed the attack, claiming that its "systems remain secure; no customer, program or employee personal data has been compromised."

Press statement from Lockheed Martin

Here's the meat of the statement by Lockheed Martin about the hack:

On Saturday, May 21, Lockheed Martin (NYSE: LMT) detected a significant and tenacious attack on its information systems network. The company's information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.

Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate U.S. government agencies informed of our actions. The team continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.

To counter the constant threats we face from adversaries around the world, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. Our policies, procedures and vigilance mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security.

, , , ,

You might like

4 Responses to US military contractors hacked - possible link with RSA SecurID breach

  1. I will pay three beers for whoever says first the country which originated such attacks.

  2. Farid · 1058 days ago

    [i]"In addition, it's said that all Lockheed personnel with RSA SecurID tokens will be given new tokens."[/i]

    The change of RSA tokens raises some important questions:
    - After the breach, did RSA perform a thorough investigation to identify ALL the data that had been compromised?
    - If yes, did they notified ALL companies that may have been affected by the breach (including Lockheed)?
    - If yes, then why did Lockheed wait until their own systems to be compromised before replacing the old tokens?

    Something is not right here.

  3. NetOPS · 1058 days ago

    Writing was on the wall. New tokens wont fix it. New OTP solution with better controls than EMC is the only way forward. Cost of new OTP - K's. Cost of being owned - Priceless. Don't let your accountants dictate your response strategies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.