Cesar Ortiz, May 29, 2011 at 9:17 am
Multiple sources are slowly expanding information about the network hacking attack on this major player in the United States Department of Defense industry and possibly others contractors not identified at this time. According to a Reuters exclusive news item, the Lockheed Martin Corporation network was hacked using what it is believed information the hackers obtained during a previous March 2011 sophisticated hacking attack that EMC the RSA provider and manufacturer of the RSA security key system, disclosed at that time. As a result of the attack hackers possibly learned how to copy the security keys with data stolen from RSA during that March attack.
Lockheed Martin Corp is the number one supplier in sales of military weapons systems to the USA. When EMC Corp.’s RSA unit said it was hit by a cyber attack in March they said that the cyber attack resulted in some information being taken from its systems, including data related to RSA’s SecurID authentication products. These SecurID tokens are similar to Blizzard’s World of Warcraft authenticators, those tiny little key fobs that display an always-changing code that one must enter to log into their server. The key fob is sold for $6.95 by Blizzard. Please notice that this is inexpensive, but effective security.
RSA uses a two-step verification process that requires a personal identification number and a series of numbers that change on a regular basis. The so-called “SecurID” electronic keys are very popular and are less expensive than more complex options like biometrics based logins such as eye retina and fingerprints. The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN (personal identification number) before they can access the network. If the user fails to enter the string before it expires, access is denied. If it fails a number of consecutive times, most access providers will block the user
Classified information is likely out of hackers’ hands and not compromised because due to the volume of attacks that these kinds of systems receive on a daily basis, it’s highly doubtful that Lockheed Martin, or any security contractor, would keep classified information within reach, should one ever breach the remote access servers. In the original Reuters news article, it is mentioned that “Defense contractors’ networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the U.S. government, said a former senior defense official, who was not authorized to speak on the record.” Lets us hope that this Reuters source is correct.
In March, when it was hacked, RSA must have alerted its customers, including Lockheed Martin. The question arises as to why the cyber criminals attacked Lockheed Martin, knowing that all sources of detection and prevention devices where in place? If the attack was to prove that they are bright and capable of hacking the number one player in the US Defense Industry, they have proved their point to a certain degree. Since we are not talking about the World of Warcraft key fobs or the “Who removed you on Twitter” hack, but talking about the big leagues in cyber crime and in national defense.
Lockheed Martin said in a statement Saturday May 28, that the attack was detected May 21 “almost immediately” and that they implemented countermeasures. The statement says that “As a result, our systems remain secure; no customer, program or employee personal data has been compromised.” Even if you had had a duplicate SecurID number generator, you would still need the username and securid password associated with the account to get into the network, that information is kept by each individual contractor. Hopefully, the thieves where stopped at this point and did not go further.