Lockheed cyberattack exposes flaws
By Joseph Menn in San FranciscoPublished: May 31 2011 00:35 | Last updated: May 31 2011 00:35
A hacking attack disclosed at the weekend against the largest US defence contractor suggests that government and private efforts to protect military secrets are struggling with cybersecurity.
Lockheed Martin and US officials confirmed the attack after media reports linked it to a breach in March at RSA, the company that provides tokens authorising computer access by remote users at Lockheed and many other companies and agencies.
Lockheed did not confirm that the raid on its data built on the attack on RSA, but many analysts said that it was likely, because one of Lockheed’s first acts had been to disable the remote logins.
More disturbing, they said, was the fact like others in the defence industry, Lockheed had previously acted to make itself less dependent on the rapidly-changing numeric passwords the RSA tokens produced.
The RSA breach began with e-mails sent to its staff with an attachment that contained a hidden remote-access program that took advantage of a security flaw in Adobe’s Flash software for viewing content.
Without saying exactly what had been taken, RSA warned that the stolen information could be used in future attacks on its SecurID token customers.
Analysts said it appeared the hackers had obtained the “seed” numbers used to generate passwords. If they combined that with administration information kept by customers associating tokens with specific employees, the passwords could be duplicated.
The National Security Agency went further, declaring not long after the RSA attack that the tokens should no longer be deemed sufficient to grant access to “critical infrastructure”. Defence contractors including Lockheed began requiring employees to put in extra personal passwords.
Although Lockheed said its programs and customer data had not been compromised in the attack, the breach suggests that the extra passwords were not sufficient to repel hackers, an ominous sign for remote-access systems in defence and other industries.
Richard Stiennon, a former Gartner security analyst and author of a recent book on cyberwar, said: “If there is a direct connection between the RSA breach and the subsequent attacks on Lockheed Martin and other defence contractors, this will be one of the most sophisticated sequences of attack events ever”.
Neither the RSA nor the Lockheed breaches have been blamed on any hacking group or country.
However, senior US intelligence officials have repeatedly accused China of orchestrating a campaign of cyber espionage aimed at stealing defence secrets, and the trails from many of the most recent sophisticated intrusions in recent years at leading US concerns have led back to the mainland.
Lockheed Martin and US officials confirmed the attack after media reports linked it to a breach in March at RSA, the company that provides tokens authorising computer access by remote users at Lockheed and many other companies and agencies.
Lockheed did not confirm that the raid on its data built on the attack on RSA, but many analysts said that it was likely, because one of Lockheed’s first acts had been to disable the remote logins.
More disturbing, they said, was the fact like others in the defence industry, Lockheed had previously acted to make itself less dependent on the rapidly-changing numeric passwords the RSA tokens produced.
The RSA breach began with e-mails sent to its staff with an attachment that contained a hidden remote-access program that took advantage of a security flaw in Adobe’s Flash software for viewing content.
Without saying exactly what had been taken, RSA warned that the stolen information could be used in future attacks on its SecurID token customers.
Analysts said it appeared the hackers had obtained the “seed” numbers used to generate passwords. If they combined that with administration information kept by customers associating tokens with specific employees, the passwords could be duplicated.
The National Security Agency went further, declaring not long after the RSA attack that the tokens should no longer be deemed sufficient to grant access to “critical infrastructure”. Defence contractors including Lockheed began requiring employees to put in extra personal passwords.
Although Lockheed said its programs and customer data had not been compromised in the attack, the breach suggests that the extra passwords were not sufficient to repel hackers, an ominous sign for remote-access systems in defence and other industries.
Richard Stiennon, a former Gartner security analyst and author of a recent book on cyberwar, said: “If there is a direct connection between the RSA breach and the subsequent attacks on Lockheed Martin and other defence contractors, this will be one of the most sophisticated sequences of attack events ever”.
Neither the RSA nor the Lockheed breaches have been blamed on any hacking group or country.
However, senior US intelligence officials have repeatedly accused China of orchestrating a campaign of cyber espionage aimed at stealing defence secrets, and the trails from many of the most recent sophisticated intrusions in recent years at leading US concerns have led back to the mainland.
No comments:
Post a Comment