US Defense Supplier Cyber Attack 'Significant, Tenacious'
The United States government has offered help after defense contractor Lockheed-Martin suffered a "tenacious" cyber-attack. It appears to be linked to problems with a system used for authorizing access from external locations.
Lockheed-Martin, which is the leading supplier of IT services to the government, says the attack was the latest in a line of frequent attempts to breach its security, which certainly makes sense given the confidential nature of some of the material it handles. But it has described the latest attack as "significant."
As a result, the company has reset all user passwords, upgraded the security system it uses for authorizing access from outside its network, and added an extra layer of security to its log-in process. (Source: reuters.com)
SecurID System Under Scrutiny
The problem may be related to a breach in March at security firm RSA. It operates a system known as SecurID, used by companies and agencies that want employees to have access to their networks from remote locations rather than at their usual office.
The system involves the user carrying a portable device, similar to a USB memory stick, that generates an electronic "token" when they log-in remotely. In theory this means that simply having a user name and password won't be enough for an imposter to gain remote access: they would also have to physically steal the device. (Source: bloomberg.com)
Earlier this year some RSA data was stolen in a breach. It's believed this included some of the details of the system used to generate the keys.
There has already been speculation that hackers using these details were able to fraudulently access accounts at a domain registry company, allowing them to more easily create credible-looking bogus webpages with the intent of tricking customers into handing over personal data.
No Harm, But Definitely Foul
Fortunately, the recent attack on Lockheed-Martin appears to have been relatively unsuccessful in terms of damage done.
The company says it was able to detect the breach almost immediately and that it believes no sensitive data fell into the wrong hands. The army has also confirmed it believes any impact was minimal, and there will be no harm done to the military.
Both the Department of Defense and the Department of Homeland Security have offered to help Lockheed-Martin in analyzing the breach and coming up with ways to prevent it from happening again.