Security Threat Intensifies: Lockheed, Google, DoD

By Ericka Chickowski  |  Print this article Print

The days of worms, viruses and identity theft may have seemed serious at the time, but recently the IT security threat level has ratcheted up significantly. Now U.S. defense contractors are under attack, White House email accounts are hacked, and the U.S. Department of Defense classifies cyberwarefare as an act of war. It's a whole new level of threat.

Last week the threat of cyberwarfare and state-sponsored hacking activities flared up to show itself as more than just an imaginary boogeyman. The fleeting specter gained some tangibility with a number of incidents coming to light, including the details of a sophisticated attack against defense contractor Lockheed Martin, some of  its subcontractors and potentially other defense contractors as well, a hack against Google Gmail aimed at gaining White House secrets and proclamations from Department of Defense (DoD) officials that cyberwarfare  will be treated as acts of war. All of these events have been tied together with speculation that the common denominator for all of them is the threat from China.

Lockheed and Defense Contractors

One of the biggest hacking events of the year and potentially not a lick of information actually reported breached as a result, the Lockheed Martin incident has kicked up a lot of dust over the few weeks due to its big-picture implications. Security experts claim that recent attacks of Lockheed and several other defense contractors have potentially leveraged information gained through the attack earlier this spring that many speculate compromised the authentication token seeds for RSA's SecurID products.

The incident came to light on May 21 when news broke that Lockheed had shut down remote access to its internal network following a major attack on those resources. Journalist Robert Cringely reported early on that the Lockheed reissued RSA tokens to all of its employees in the attack's wake.

A week later the company confirmed that it had come under attack, saying that " As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised."

Lockheed confirmed to the New York Times that the breach was linked to the RSA SecurID breach. It was just a matter of time, industry experts said. Experts with security testing and analysis firm NSS Labs had predicted in March that high-profile attacks against government-related targets utilizing SecurID would be hackers’ next chess move following the RSA breach.

"Since then, there have been malware and phishing campaigns in the wild seeking specific data linking RSA tokens to the end-user, leading us to believe that this attack was carried out by the original RSA attackers," wrote Rick Moy, president of NSS Labs, following the Lockheed news. "Given the military targets, and that millions of compromised keys are in circulation, this is not over."

And last week it was clear that Moy was right as news of more government contractors potentially getting hit came uncovered.

One source with Northrup Grumman told FoxNews.com that the firm "went through a domain name and password reset across the entire organization," though that firm publicly said it would not comment on cyberattacks against it. More concrete evidence showing a SecurID connection also blew open last week when Wired released an internal memo that it came across from defense contractor L3 Communications that "L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information."