Reports: Hackers Use Stolen RSA Information to Hack Lockheed Martin
Jason Mick (Blog)
Company claims fighter project schematics and hosted government information were not leaked
Over a week has passed and Lockheed Martin Corp. (LMT), the U.S. government's top information technology services provider, was hacked. The attack has been characterized as a "fairly subtle", yet "significant and tenacious" attack on servers at its massive Gaithersburg, Maryland data center, located not far from the company headquarters in Bethesda.
As details emerge the attack is appearing more and more like it was lifted out of a spy movie or Tom Clancy novel. The hackers appeared to have gained entry using information stolen in a separate, even more audacious attack of one of the world's highest profile security firms.
I. RSA Sec. Breach -- Prelude to the Lockheed Martin Attack?
Back in March hackers gained access to RSA Security's servers. RSA Sec. takes its name from the last initials of founders Ron Rivest, Adi Shamir, and Leonard Adleman, three top cryptographers. The trio's popular public-key cryptography algorithm shares the same name -- RSA.
At the time of the RSA Sec. intrusion, the company commented that despite the fact that it believed information was stolen, the company did not believe customer information or the security of the company's software products were not comprised. Yet, they did advise clients to follow online advice to safeguard themselves against possible fallout from the data loss.
The attack on RSA was described as "extremely sophisticated".
Sources close to Lockheed point to compromised RSA SecurID tokens -- USB keychain dongles that generate strings of numbers for cryptography purposes -- as playing a pivotal role in the Lockheed Martin hack.
II. Damage Control
Hackers are believed to have entered Lockheed Martin's servers by gaining illegitimate access to the company's virtual private network (VPN). The VPN allowed employees to connect over virtually any public network to the company's primary servers, using information streams secured by cryptography.
With the RSA tokens hacked, though, those supposedly secure VPN connections were compromised.
Lockheed says that it detected the attack "almost immediately" and warded it off quickly. The company has since brought the VPN back online, but not before "upgrades" to the RSA tokens and adding new layers of security to the remote login procedure.
III. What Was Lost?
At this point the question on everyone's mind likely is "What was lost?"
Lockheed has cause for concern -- the company is not only safeguarding a wealth of U.S. government military information from external sources, it's also protecting its own valuable projects -- the F-16, F-22 and F-35 fighter aircraft; the Aegis naval combat system; and the THAAD missile defense.
A U.S. Defense Department spokeswoman, Air Force Lieutenant Colonel April Cunningham told Reuters Saturday night that the risk from the breach was "minimal and we [the USAF] don't expect any adverse effect."
Lockheed Martin claims that no compromise of customer, program or employees' personal data occurred. The company has made similar claims about past breaches.
Now that the Pentagon is involved, if anything was stolen, it should be identified shortly.
IV. Who Attacked Lockheed Martin?
After the pressing issue of what was lost, perhaps the second most compelling question is who was behind the breach. Military officials and security staff at Lockheed are looking for clues in local time stamped information stored on the server and IP logs, trying to find out who accessed the compromised systems from where and when.
The problem is not easy as hackers commonly reroute their malicious traffic through multiple proxies, disguising their location. That said, given the nature of attack -- take down one of the world's top security firms and then use that information to compromise a top defense contractor -- involvement by a foreign government is suspected.
Lockheed posted a job listing last week requesting the services of a "lead computer forensic examiner". Requirements included someone who could "attack signatures, tactics, techniques and procedures associated with advanced threats" and "reverse engineer attacker encoding protocols." The cyber forensics expert's first task will likely be to try to pinpoint the identity of the attacker.
The most likely suspect is obviously China, with whom the U.S. government has been waging a "cyberwar" with for a decade now. China hires freelance hackers and maintains a large military force of official hackers as well. It uses this force to infiltrate international utilities, businesses, government servers, and defense contractors, looking for valuable information.
China has recently been testing a stealth jet, the J-20, which contains features curiously similar to those found on past Lockheed Martin designs. China insists, though, that it did not use stolen information to build its new weapon.
V. One Million Threats
Lockheed Martin's IT staff say they encounter 1 million "incidents" a day. They have to filter through these, distinguishing "white noise" from serious threats.
The Maryland data center from which information was taken is a state of the art facility, built in 2008. It covers 25,000 square-feet and cost $17M USD to build. But even with relatively modern systems and protections, defenses were still not strong enough to hold off the sophisticated and savvy attacker.
The company has a separate back-up data center in Denver, Colorado, which shares some of the company's contract workload. That center is not believed to have been breached in the intrusion.
Going ahead, Lockheed Martin will invariably face pressure from the U.S. Military and Congress to do a better job in making its systems breach-proof. But given the company's budget versus China's virtually blank check given to cyber security efforts, one has to wonder how much the company will be able to do with so little.
Sondra Barbour, the company's chief information officer, reminded employees in an email, "The fact is, in this new reality, we are a frequent target of adversaries around the world."
http://www.dailytech.com/Reports+Hackers+Use+Stolen+RSA+Information+to+Hack+Lockheed+Martin/article21757.htm
Your feedback is always welcome.
Thank you!
http://www.winncad.com/
http://www.docstoc.com/profile/corona7
http://www.linkedin.com/pub/paul-corona/10/63a/200
http://www.scribd.com/crown%20007
http://www.facebook.com/people/WinnCad-Elements/100001525374479
http://www.youtube.com/user/Winncad
Lockheed Martin HULC Exoskeleton
Lockheed Martin - Second To None
Lockheed SR-71 Blackbird Must See Clips
Lockheed Martin RQ-3 DarkStar