Lockheed Martin Discloses 'Significant And Tenacious' Cyber Attack


Lockheed Martin publicly acknowledged Saturday that it had been the victim of a "significant and tenacious" cyber attack on its computer systems, most likely related to a security flaw in RSA SecureID tokens, used for two-factor authentication purposes by some of its employees.

Thus far, the Pentagon defense contractor has given few details on the breach, but said no customer or employee personal data had been compromised.

Lockheed Martin said in a statement that the company's information security team had "detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised."

Lockheed Martin said that the company continued to apprise the appropriate U.S. government agencies on the developments of the breach, while working "around the clock to restore employee access to the network."

News of the Lockheed breach, first reported by security expert Robert Cringely, publicly emerged after the global weapons manufacturer experienced a system disruption related to an external network intrusion . The Bethesda, Md.,-based company then required a password reset for its more than 120,000 employees on the network, and embarked on the process of re-issuing tokens for employees using RSA's Secure ID two-factor authentication tokens.

Subsequently, some security experts said the Lockheed Martin breach may have stemmed from a recent exploit of a security vulnerability in RSA's SecureID tokens, a two-factor authentication solution for remote VPN access to corporate networks.

"It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company [Lockheed Martin] . With those two pieces of information they were then able to get access to the internal network," Cringely said in a blog post.

Johannes Ullrich, SANS Institute researcher, echoed that RSA SecureID tokens could effectively allow hackers to emulate the exploited tokens' number. While an exploit might be easy to address by re-issuing new tokens, the recent breach might lead the security industry in general to re-evaluate the effectiveness of two-factor authentication, he said.

"All RSA (or its customers) have to do is to obtain new tokens. The basic idea of two factor authentication still stands. But the way the tokens have been used in the past may need to be adjusted," Ullrich said."Different forms of two factor authentication may have to be evaluated. One problem with RSA tokens is that as the breach shows, the technology doesn't actually prove that you 'have' the token in your possession. It rather proves that you are in the possession of the respective algorithm and secrets, which may be considered something 'you know,' less something 'you have.'"

RSA didn't immediately respond to requests for comment for CRN.

Next: Partners Weigh In On Two Factor Authentication