Late last week, Lockheed Martin, a global security company who’s major customer is the US government admitted that they had been the victim of a “significant and tenacious attack”. The company said in a statement that it detected the attack on 21 May “almost immediately” and took counter-measures.
Back in mid March RSA ported that they had been been hacked by a “extremely sophisticated cyber attack”. It was not clear at the time what information was taken but If the RSA secret keys were stolen then some companies were left at risk at that point as one of the two-part authentication required was compromised. Trying to downplay the seriousness of it, RSA chairman Art Coviello said at the time:
While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
If the “master key” was stolen, and it looks like it was, the intruder can now duplicate cards like the ones supplied by RSA, making it possible to access corporate networks and computer systems.
Last year, RSA said its technology was used to secure the identities and assets of more than 250 million people.
Since the attack on Lockheed Martin, two more defense contractors apparently have also been affected: L-3 Communications Holdings and Northrop Gruman. All of the attacks are believed to have involved RSA’s SecurID technology.
It is believed that attackers were able to spoof L-3 Communications’ pass codes from a cloned RSA SecurID token. An L-3 executive memo on April 6 states:
L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information.
It’s not clear whether the attackers were able to break into L-3’s networks.
Northrop Gruman, has been tight lipped about any attempted attack but the company shut down remote access to its network without warning on May 26. The rapid disconnection caused many to speculate that a breach had occurred.
What I can’t believe about all of this is that these companies knew about the RSA breach and took the bad advice that the hackers only had one half of the two-part access. In my opinion, it’s half too much and these companies should have taken the steps to totally renew the SECURID tokens, whatever the cost… Maybe they thought it wouldn’t happen to them…
Don’t we all, until it happens.
As a result of these attacks, the UK Ministry of Defence announced that it was putting cyber warfare as high a priority as other forms of attack and committed to employ hundreds of cyber experts to shore up UK defences.
Likewise the US Pentagon announced it’s intent to treat cyber attacks as an act of war. In future, a US president could consider economic sanctions, cyber-retaliation or a military strike if key US computer systems were attacked, officials have said recently.