Lockheed Martin Confirms Hack, Says No Critical Data at Risk


U.S. defense contractor Lockheed Martin has acknowledged that its network experienced a "significant and tenacious attack" late last week, although it said that its systems remain secure and no critical data has been compromised.

The confirmation comes one day after Reuters reported that Lockheed and several other U.S. military contractors had been hacked using data that was stolen from EMC Corp's RSA security division, which was attacked in March. The hackers reportedly created duplicates of RSA's "SecurID" electronic keys, which they then attempted to use to exploit Lockheed's VPN access system, according to Information Week. SecurIDs are often used to confirm the identity of an employee who is attempting to access the system remotely.

RSA said in March that it was confident that the stolen information would not result in the direct attacks on RSA SecureID customers, but the data "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

Rick Moy, president and CEO of NSS Labs, an information security company, said that it looks like the March RSA attack was meant to exploit its customers, like Lockheed.

"Since then, there have been malware and phishing campaigns in the wild seeking specific data linking RSA tokens to the end user, leading us to believe that this attack was carried out by the original RSA attackers," Moy noted in a blog post.

Lockheed said that its security team detected the attempted breach almost immediately and took appropriate action to protect its systems. The defense contractor also disabled remote access for all employees and instructed telecommuters to work from company offices for at least a week, according to security blogger Robert Cringely, who helped break the news of the attack.

As a result, "our systems remain secure; no customer, program, or employee personal data has been compromised," Lockheed Martin said in a statement.

An unnamed official close to the matter told Reuters that the attack raises concerns over whether RSA can repair its SecurID product line, or if it needs to "ditch it and start over again."

EMC said on Sunday that it was "premature to speculate" on the cause of the attack.

Beecher Tuttle is a TechZone360 contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves

TechZone360 Contributor

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More