Wednesday, June 1, 2011

Defense contractor: "aggressive action" kept cyberattackers at bay

Defense contractor Lockheed Martin issued a statement over the weekend saying that it was the target of a "significant and tenacious" attack against its computer systems on May 21. The company claims that the attack was detected "almost immediately" and that thanks to "aggressive action" by its information security team, no customer, program, or employee data was compromised.

The company's statement followed an earlier Reuters report that two defense contractors had been hacked. The report claimed that the hacks were enabled by the creation of duplicate RSA SecurID tokens.

SecurID tokens produce a sequence of unpredictable numbers, with the exact sequence determined by a seed value. Both the seeds and the algorithms used to generate the numbers are supposed to be secret—however, RSA was hacked earlier this year leading to speculation that the seeds may have been compromised.

RSA, a subsidiary of information management firm EMC, has never publicly disclosed what information was actually taken in the attack; the company claims only that systems using the tokens used in tandem with passwords will remain secure.

Lockheed Martin's statement did not provide any specific information about the attack, nor did it confirm that the RSA attack may have been a factor. If the Lockheed Martin attack was indeed a result of the RSA attack, this would be a strong indication that the RSA hack was very damaging indeed, to the extent of nullifying the additional security protection that the tokens are supposed to provide.

The Department of Defense issued a statement saying that the impact of the attack was "minimal" and that it did not expect "any adverse effect" as a result.

Read the comments on this post


Thora Birch Jennifer Garner Poppy Montgomery Evangeline Lilly Lisa Marie

No comments:

Post a Comment