Lockheed Martin said they have proof that hackers breached its network by using data stolen from a vendor that supplies coded security tokens to tens of millions of computer users. These findings confirm the fears of security experts about the safety of the SecurID tokens and growing concerns that other companies or government agencies that could be vulnerable to similar attacks.
SecurID Tokens are used to allow remote access to computer networks and are sold by the RSA Security Division of the EMC Corporation. RSA disclosed in March that hackers had stolen data that could compromise a company’s SecurID system in a broader attack. The breach of Lockheed, the nation’s largest defense contractor is a first for such an intentional damaging attack.
Higher frequencies of security breaches bring increasing tensions over the sophistication of computer hacking. Google said this week that it believed an effort to steal hundreds of Gmail passwords for accounts of prominent people, including senior American government officials, had originated in China. These findings confirm the fears of security experts about the safety of the SecurID tokens and growing concerns that other companies or government agencies could be vulnerable to similar attacks.
US charged Chinese Hackers for Stealing Sensitive Defense Information From the Largest United States Defense Contractor Lockheed Martin.
The US government continues to put pressure on Chinese cyber-espionage activities that stress international informational relationships. The US Justice Department has filed charges against a Chinese national named Su Bin. The business owner is charged with working with two unknown hackers to illegally obtain information on military aircraft produced by US defense contractors. Bin was reportedly arrested in Canada on June 28th and is facing extradition.
The three conspirators worked from 2009 to 2013 on obtaining the information, and they were apparently successful in stealing some sensitive documents related to the Lockheed Martin-built F-22 and F-35 fighter jets, as well as Boeing's C-17 military transport aircraft. The complaint additionally alleges that the conspirators provided Bin with a 1,467-page document of potential hacking targets. Bin could then select attractive files that he could then potentially sell to state-owned aerospace companies in China. While it seems that he was working for monetary gains the information gathered ended up directly in the hands of companies owned by the Chinese government.
Earlier this year the US charged Chinese army hackers for economic espionage for the first time it formally accused another country of hacking for economic gain. That was merely a high water mark in what has long been a heated exchange of words as the US has repeatedly cautioned the Chinese over the dangers of its cyber-espionage programs. According to a national intelligence report, the country's efforts to steal US trade secrets are the most aggressive in the world.
Estimates say that these cyber-espionage activities cost the US anywhere from $24 billion to $120 billion per year. Lockheed Martin said they have proof that hackers breached its network by using data stolen from a vendor that supplies coded security tokens to tens of millions of computer users. These findings confirm the fears of security experts about the safety of the SecurID tokens and growing concerns that other companies or government agencies could be vulnerable to similar attacks.
Tokens that are used to allow remote access to computer networks are sold by the RSA Security Division of the EMC Corporation. RSA disclosed in March that hackers had stolen data that could compromise a company’s SecurID system in a broader attack. The breach of Lockheed, the nation’s largest defense contractor is a first for such a poorly intended and damaging attack.
Higher frequencies of security breaches bring increasing tensions over the sophistication and poor intent of computer hacking. Google said this week that it believed an effort to steal hundreds of Gmail passwords for accounts of prominent people, including senior American government officials, had originated in China. These findings confirm the fears of security experts about the safety of the SecurID tokens and growing concerns that other companies or government agencies could be vulnerable to similar attacks.
The Pentagon, which has long been concerned about efforts by China and Russia to obtain military secrets, announced separately that it would soon view serious computer attacks from foreign nations as acts of war that could result in a military response.
RSA officials noted that Lockheed said it planned to continue using the SecurID tokens, and they said they believed other customers would as well.
But security experts said RSA’s reputation had most likely been seriously damaged, and many of its 25,000 customers, including Fortune 500 companies and government agencies around the world face hard decisions about what to do next. RSA’s prospects for holding on to some of those customers certainly seems bleak said the chief technology officer at Bit9, a firm that provides other types of security products and does not compete with RSA. He and other experts said RSA might need to reprogram many of its security tokens or create an upgraded version to rebuild confidence in its systems. In response to questions on Friday,
Lockheed said in an e-mail that its computer experts had concluded that the breach at RSA in March was a direct contributing factor in the attack on its network. Government and industry officials said the hackers had used some of the RSA data and other techniques to piece together the coded password of a Lockheed contractor who had access to Lockheed’s system. Lockheed, which makes fighter planes, spy satellites and other confidential equipment, said it had detected the attack quickly and blocked it before any important data was compromised.
Lockheed said it was replacing 45,000 SecurID tokens held by workers who need to log into its system from customer offices hotels or their homes. They also required its employees to change their passwords and it added a step to its sign-on process. He said the company would discuss reprogramming tokens with companies. In some cases that may require more work than other measures they could take to beef up different parts of their security systems. RSA based in Bedford Mass has declined to specify what data was stolen in March. It has also said that it detected the attack as the hackers were removing the data and that the attack was only partly successful.
But independent security experts have speculated that the hackers obtained at least part of the databases holding serial numbers and other critical data for the tens of millions of tokens, and Lockheed’s confirmation that the stolen data played a role in its attack supported that theory.
The RSA tokens provide security beyond a user name or password by requiring users to enter a unique number generated by the token each time they connect to their networks. To make use of the data stolen from RSA security experts said, the hackers would also have needed the passwords of one or more users on Lockheed’s network. RSA has said that in its own breach the hackers accomplished this by sending phishing e-mails to small groups of employees including one worker who opened an attached spreadsheet that contained a previously unknown bug. This let the hacker monitor the worker’s passwords. Security specialists suspect that something similar happened in the Lockheed attack, with the hackers using the data stolen from RSA to predict the security codes that the token would generate.
Mr.Sverdlove said that while mounting attacks many hackers now study Facebook and other social media for information to personalize their phishing e-mails and increase the odds they will be opened. He said that over the last two years there have been dramatic increases of attacks. Security experts said that the alternatives to the tokens include computerized smart cards and biometric tools tended to be more expensive. They said Northrop another giant military contractor was shifting from SecurID tokens to smart cards which will potentially offer enhanced security features.