Last week the threat of cyberwarfare and state-sponsored
hacking activities flared up to show itself as more than just an imaginary
boogeyman. The fleeting specter gained some tangibility with a number of
incidents coming to light, including the details of a sophisticated attack
against defense contractor Lockheed Martin, some of its subcontractors and potentially other
defense contractors as well, a hack against Google Gmail aimed at gaining White
House secrets and proclamations from Department of Defense (DoD) officials that
cyberwarfare will be treated as acts of
war. All of these events have been tied together with speculation that the
common denominator for all of them is the threat from China.
Lockheed and Defense Contractors
One of the biggest hacking events of the year and
potentially not a lick of information actually reported breached as a result,
the Lockheed Martin incident has kicked up a lot of dust over the few weeks due
to its big-picture implications. Security experts claim that recent attacks of
Lockheed and several other defense contractors have potentially leveraged
information gained through the attack earlier this spring that many speculate
compromised the authentication token seeds for RSA’s SecurID products.
The incident came to light on May 21 when news broke that
Lockheed had shut down remote access to its internal network following a major
attack on those resources. Journalist Robert Cringely reported early on that
the Lockheed reissued RSA tokens to all of its employees in the attack’s wake.
A week later the company confirmed that it had come under
attack, saying that " As a result of the swift and deliberate actions
taken to protect the network and increase IT security, our systems remain
secure; no customer, program or employee personal data has been
compromised."
Lockheed confirmed to the New York Times that the breach was linked to the RSA SecurID breach. It was just a matter of time, industry experts said. Experts
with security testing and analysis firm NSS Labs had predicted in March that
high-profile attacks against government-related targets utilizing SecurID would
be hackers’ next chess move following the RSA breach.
"Since then, there have been malware and phishing
campaigns in the wild seeking specific data linking RSA tokens to the end-user,
leading us to believe that this attack was carried out by the original RSA
attackers," wrote Rick Moy, president of NSS Labs, following the Lockheed
news. "Given the military targets, and that millions of compromised keys
are in circulation, this is not over."
And last week it was clear that Moy was right as news of
more government contractors potentially getting hit came uncovered.
One source with Northrup Grumman told FoxNews.com that the
firm "went through a domain name and password reset across the entire
organization," though that firm publicly said it would not comment on
cyberattacks against it. More concrete evidence showing a SecurID connection
also blew open last week when Wired released an internal memo that it came
across from defense contractor L3 Communications that “L-3 Communications has
been actively targeted with penetration attacks leveraging the compromised
information.”