Lockheed Martin Hack Could Have RSA Security Root

f-35

Defence contractor Lockheed Martin suspects a network intruder used stolen RSA SecurID information

Defence contractor Lockheed Martin has been battling a “major disruption” to its computer systems after its IT security team detected a network intrusion earlier this week, Reuters reported.

The disruption began May 22 when the company detected a network intrusion, according to the Reuters story, which cited technology blogger Robert Cringley. Cringley claimed the breach involved RSA SecurID tokens that Lockheed employees use to access the internal network remotely.

No Confirmation But Pentagon Alerted

Lockheed has notified the Pentagon about the problem and it is working closely with the company’s IT team to gather information about the situation. However, the company has not confirmed that the issues with its network are related to a security breach. Lockheed does not discuss specific threats or responses as a matter of principle, a company spokesperson told Reuters.

The company has reset all passwords for its employees and suspended remote access to email and other corporate applications, according to The Register. Unnamed sources told Reuters that employees can still use their mobile devices to check company email.

Cringley said the incident may be tied to or at least use the information stolen from RSA Security back in February. All remote access to the Lockheed’s internal network using the company’s virtual private network (VPN) software was disabled on May 22. Employees who regularly telecommute were asked to come into nearby offices to work, according to Cringley.

Employees were told on May 25 they will be getting new RSA SecurID tokens “over the next several weeks”, Cringley said. He estimated that 100,000 staff will have to be issued new tokens before remote access is restored, a process that will take at least a week.

RSA Tokens Treated With Suspicion

“You have no idea how many people are freaked out right now,” Steve Winterfeld, cyber technical lead at TASC, an advanced systems company spun off from Northrop Grumman, told Reuters. TASC and other companies are no longer treating the RSA SecurID token as completely secure, according to Winterfeld.

Replacing those SecurID tokens can potentially cost an estimated $1.30 (80p) per token, Avivah Litan, a distinguished analyst at Gartner, told eWEEK. The costs include direct costs of the token as well as indirect costs such as overhead, support and shipping.

Organisations should have multiple layers of security and not be relying entirely on the tokens, Brian Berger, executive vice president of Wave Systems, told eWEEK. Built-in hardware security could help maintain remote access because only those authorised computers can access the network and it is easy to identify when an intruder from an unknown machine enters the network, Berger said.

RSA never publicly disclosed exactly what the unknown attackers stole during its security breach, other than the fact that it was “information relating to the SecurID technology”. Sources have told eWEEK that RSA has disclosed what was lost to certain organisations under NDA. An attacker would need several pieces of information about the token before mounting a successful attack, such as customer data, token seed values and individual PIN codes. None of these pieces of data is held by RSA.

Lockheed Martin is the biggest provider of information technology to the US, government and supplies the Department of Defense with F-22 and F-35 fighter plans and other critical weapons systems. It employs 126,000 people worldwide.