Lockheed Martin Requires Password Reset After Possible Network Intrusion

Following the incident, Lockheed informed the Pentagon about the possibility of a network intrusion, and initiated the process of re-issuing new two-factor authentication tokens , as well as resetting passwords for all employees on the network. Thus far, the Pentagon is working with officials to gather data and determine the source of the network problems, Reuters said.

The slowdown occurred on Sunday after company security experts detected the network intrusion, according to technology blogger Robert Cringely. Cringely said that the disruption was linked to a security vulnerability in RSA's SecureID tokens, which were used by Lockheed employees in order to access the data on the company's internal network from remote locations.

Cringely reported that Lockheed security personnel had disabled all remote access to the internal corporate network and told all workers that it would be down for at least a week.

The company told employees on Wednesday that they planned to reissue RSA SecureID tokens over the next several weeks, and said it would require its more than 120,000 employees on the network to reset their passwords, "which means admin files have probably been compromised," Cringely said.

id
unit-1659132512259
type
Sponsored post

Lockheed Martin did not immediately respond to requests for confirmation from CRN.

"The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it," Cringely said in the blog post. "A breach like this is very subtle and not easy to spot. There will be many aftershocks in the IT world from this incident."

RSA, the security division of EMC, came under fire in March when its SecureID tokens, which provide two-factor authentication for remote VPN access to corporate networks, fell victim to a sophisticated and targeted form of cyber threat known as an Advanced Persistent Threat .

Art Coviello, RSA executive chairman, told customers that RSA had detected the cyber attack in progress, carried out by cyber criminals in an attempt to extract intellectual property and other sensitive information belonging to the company.

The hack occurred when miscreants got ahold of the algorithm for the current SecureID tokens and installed a key-logger on system computers in order to access the company's intranet, which ultimately enabled them to infiltrate RSA's internal corporate network.

While it didn't immediately appear that any RSA customers were attacked, the data stolen by the hackers could be used to circumvent the security measures of the SecurID products.