Enterprise IT Watch Blog

May 31 2011   8:27AM GMT

RSA Breach claims its first major victim in Lockheed Martin

Michael Morisy Michael Morisy Profile: Michael Morisy

After the RSA breach, there was a fair amount of debate over how much security fallout there would be, if any. As one security analyst told SearchSecurity at the time, “Good crypto works even if an attacker knows how it works.”

Now, however, it looks like the breach has claimed its first major victim: Lockheed Martin, one of the largest defense contractors in America. As Reuters reported, the company “is grappling with ‘major internal computer network problems,’ said one of the sources who was not authorized to publicly discuss the matter.” While not explicitly stated, it sounds like normal e-mail access is restricted among other disruptions.

Robert X. Cringely reported on the attack early on, without naming the specific company, and wrote that countermeasures were taken, namely in requiring another level of authentication:

It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network.

The contractor’s data security folks saw this coming, though not well enough to stop it. Shortly after the RSA breach they began requiring a second password for remote logins. But that wouldn’t help against a key-logger attack.

The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it.  A breach like this is very subtle and not easy to spot.  There will be many aftershocks in the IT world from this incident.

A month ago, as SearchSecurity’s Rob Westervelt reported, that added layer of security was already of renewed interest, despite being a traditionally hard sell to security-stingy executives. Now with Lockheed’s surprisingly public example, it might just be a much easier upgrade to get approved.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • From Google to SecurID to iCloud: Top Tech Stories - Enterprise IT Watch Blog
    [...] remember the RSA breach and the more recent side effects of it, right? Tony Bradley is finally sighing a sigh of relief as RSA offers to replace the SecurID [...]
    0 pointsBadges:
  • Don’t pass the buck: Security policies straight from the community - Enterprise IT Watch Blog
    [...] a rocky landscape lately, what with Sony taking over headlines and Lockheed Martin’s recent breach. We wanted to know how our members were setting up a strong offense against hacks and breaches at [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: