Lockheed Martin Confirms Hack, Says No Critical Data at Risk

By Beecher Tuttle May 31, 2011

U.S. defense contractor Lockheed Martin has acknowledged that its network experienced a "significant and tenacious attack" late last week, although it said that its systems remain secure and no critical data has been compromised.

The confirmation comes one day after Reuters reported that Lockheed and several other U.S. military contractors had been hacked using data that was stolen from EMC Corp's RSA security division, which was attacked in March. The hackers reportedly created duplicates of RSA's "SecurID" electronic keys, which they then attempted to use to exploit Lockheed's VPN access system, according to Information Week. SecurIDs are often used to confirm the identity of an employee who is attempting to access the system remotely.

RSA said in March that it was confident that the stolen information would not result in the direct attacks on RSA SecureID customers, but the data "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

Rick Moy, president and CEO of NSS Labs, an information security company, said that it looks like the March RSA attack was meant to exploit its customers, like Lockheed.

"Since then, there have been malware and phishing campaigns in the wild seeking specific data linking RSA tokens to the end user, leading us to believe that this attack was carried out by the original RSA attackers," Moy noted in a blog post.

Lockheed said that its security team detected the attempted breach almost immediately and took appropriate action to protect its systems. The defense contractor also disabled remote access for all employees and instructed telecommuters to work from company offices for at least a week, according to security blogger Robert Cringely, who helped break the news of the attack.

As a result, "our systems remain secure; no customer, program, or employee personal data has been compromised," Lockheed Martin said in a statement.

An unnamed official close to the matter told Reuters that the attack raises concerns over whether RSA can repair its SecurID product line, or if it needs to "ditch it and start over again."

EMC said on Sunday that it was "premature to speculate" on the cause of the attack.

Beecher Tuttle is a TechZone360 contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves

TechZone360 Contributor

Related Articles

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More

Satellite Imaging - Petabytes of Developer, Business Opportunities

By: Doug Mohney    4/11/2018

Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…

Read More