November 23, 2024

Data Breach at Security Firm Linked to Attack on Lockheed

The SecurID electronic tokens, which are used to gain access to computer networks by corporate employees and government officials from outside their offices, are supplied by the RSA Security division of the EMC Corporation.

RSA acknowledged in March that it had sustained a data breach that could have compromised some of its security products. Executives in the military industry said Friday that Lockheed’s problems appeared to stem from that data breach and could be the first public signs of damage from it.

The March intrusion reverberated through the computer security community. The RSA technology is used by most Fortune 500 companies and federal agencies to provide an extra layer of security when employees use their networks from customer offices, hotels or their homes.

Many of RSA’s customers have taken extra measures since the intrusion was discovered, either by adding security measures, finding alternative solutions or simply shutting off remote access. Security experts said it was possible that companies other than Lockheed had faced attacks, whether they realized it or not.

“The issue is whether all of the security controls are compromised,” said James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, a policy group in Washington. “That’s the assumption people are making.”

Neither RSA, which is based in Bedford, Mass., nor Lockheed would discuss the problems on Friday.

Officials in the military industry, who spoke only on the condition of anonymity given the sensitivity of the matter, said Lockheed had detected an intruder trying to break into its networks last Sunday. It shut down much of its remote access and has been providing new tokens and passwords to many workers, company employees said.

Lockheed makes fighter planes, spy satellites and other confidential equipment. It also sells cybersecurity services to military and intelligence agencies, and some experts said its failure to take greater precautions with its own systems could be embarrassing.

“We don’t know what they went after at Lockheed,” Mr. Lewis said, referring to the hackers behind the intrusion attempt. “One possibility is that it’s a state actor, but it could also be criminals who are trying to exploit the company’s customers.”

Industry officials said military contractors, who are bombarded daily by hacking attempts, typically do not keep classified data on computers that can be entered remotely. Federal authorities have said that China, Russia and other countries sponsor hackers trying to ferret out American military and corporate secrets.

Raytheon, another large military contractor, issued a statement on Friday saying that it took “immediate companywide actions” when the RSA breach was disclosed in March. “As a result of these actions,” the company said, “we prevented a widespread disruption of our network.”

General Dynamics said it had not had any problems related to the breach. Other giant military contractors, like Northrop Grumman and Boeing, declined to comment.

Jeffery Adams, a spokesman for Lockheed, said the company would not publicly discuss specific threats or its responses.

“However, to counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data,” he said in a statement. “We have policies and procedures in place to mitigate the cyberthreats to our business, and we remain confident in the integrity of our robust, multilayered information systems security.”

Security experts said companies in many industries had increased network monitoring or changed passwords and PINs for the tokens since the RSA breach.

But some of the specialists said that until more details were known, it remained possible that the attempted intrusion at Lockheed was not tied to the RSA breach.

The RSA tokens provide security beyond a user name or password by requiring users to append a unique number generated by the token each time they connect to their corporate or government networks.

Soon after the breach in March, RSA’s chairman, Art Coviello, said the company’s investigation had revealed that the intruder successfully stole digital information from the company that was related to RSA’s SecurID products.

He did not give precise details about the nature of the information but said it could potentially reduce the effectiveness of the system in the face of a “broader attack.” The company said then that there was no indication that the information had been used to attack its customers.

Some computer security specialists said at the time that the compromised information was a file of master keys — long numbers — that are a part of the RSA encryption system. If the intruder did gain those numbers, it would make it possible to fashion an attack based on independently generating the keys used by individual customers.

RSA officials have said that the intrusion was only partly successful.

Mr. Lewis, the security specialist at the Center for Strategic and International Studies, said the intruders had been detected as they were trying to transfer data by security software provided by the NetWitness Corporation, a company that provides network monitoring software. In April, NetWitness was acquired by RSA’s parent company, EMC.

Article source: http://feeds.nytimes.com/click.phdo?i=2d5e25882f0987b2f62104f5f58d798c