Following recent attacks against Lockheed-Martin and other defense contractors, which used counterfeit SecurID keys to attempt to gain unauthorized access to the network, RSA Security has had to admit the scope of the problem and offer to replace the compromised SecurID tokens, and offer some additional perks as well to try and earn back some customer trust.

There are roughly 40 million SecurID tokens in circulation. Replacing them will not be cheap, but rebuilding customer confidence is much more important than the short term financial impact.

Attackers–apparently using counterfeit SecurID tokens thanks to information compromised in an earlier breach of RSA Security–have attacked the networks of defense contractors, including Lockheed-Martin and L-3 Communications. Now, there are also reports that hackers have gained access to hundreds of Gmail accounts, including personal email accounts of senior US officials.

International espionage is nothing new. Nations–even allies–are constantly trying to access classified information and learn the secrets of rival nations. All that has changed is that the Internet has made it much easier and faster in many cases to get that information–anonymously, and remotely from around the world with much less risk of personal harm on the part of the “spy”.

We don’t know for sure who our Cold War enemy is, or if its a single nation or multiple nations. But, Google reports that the Gmail account hacks originated from China. I wonder how all of this fits in with the Pentagon doctrine that a cyber attack can be considered an act of war worthy of an armed response?

The attack on Lockheed-Martin has been linked to the attack earlier this year on RSA Security. That attack compromised the encryption keys of RSA’s SecurID tokens, and fake authentication tokens were apparently used in the attack on the defense contractor.

You would think that attackers armed with the keys to the vault would be able to clean house and walk out with all kinds of top secret plans for next generation military aircraft and weapons systems, but Lockheed-Martin says no. It claims the attack was detected, identified, and thwarted before any data was compromised, and that its network is locked down and secure.

Then you have Sony. We don’t know much about the details of the Sony attacks, but I have not seen any speculation related to RSA SecurID tokens. The attacks against Sony have yielded sensitive information on 100 million customers or so, and it seems like every other day there is a breach of some new Sony network that continues to lead to a data breach.

Following news of the Lockheed-Martin attack, the United States government apparently offered its assistance to handle the matter. It seems, though, that Lockheed-Martin has things under control, and that perhaps the United States should see if it can stop the hemorraging at Sony.