Lockheed Martin, the US defense contractor and manufacturer of a variety of military products including the Trident missile and F-16, has acknowledged that its IT systems came under “a significant and tenacious attack” last week, but that due to the fast work of its security team it was able to protect all systems and data.
According to the press release, “as a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.”
However what the Lockheed Martin press release fails to mention is that the company uses SecureID tokens from RSA to provide two-factor authentication for remote VPN access to their corporate networks.
Two months ago RSA revealed in an open letter to its customers that its servers where compromised by an extremely sophisticated cyber attack and as a result “certain” information was extracted from RSA’s systems.
That “certain” information turns out to be information about RSA’s SecurID two-factor authentication products, which has now been used to reduce the effectiveness of a SecurID.
Lockheed Martin are to be congratulated on their speed and efficiency in dealing with this attack. However this attack marks a significant turning point in the nature and makeup of cyber attacks. First, RSA need to be more public about how they are dealing with the theft of the information relating to SecureID. If this attack is a direct result of that theft, then no user of SecurID is safe. Have RSA been replacing the SecurID tokens and changing the keys and seeds? Second, the nature of this attack, in that is was planned and premeditated, starting with an attack on RSA and then an attack on Lockheed Martin is a significant and disturbing event.