Network Security, Vulnerability Management

Report: Lockheed Martin fighting off network attack

The major defense contractor Lockheed Martin is experiencing a massive network disruption that may be related to an attack on RSA earlier this year in which information about the security company's two-factor authentication offerings was compromised.

According to a Reuters report, citing two unnamed sources, the network problems are impacting many people.

The incident was first brought to light Wednesday by technology blogger Robert Cringely, who noted that a "very large U.S. defense contractor" was forced to cut off remote access to its internal network following a compromise. As a result, the company is being forced to replace RSA SecurID tokens and mandate password resets for more than 100,000 users.

"It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a keylogger installed on one or more computers used to access the intranet at this company," Cringely wrote. "With those two pieces of information, they were then able to get access to the internal network."

Jeff Adams, a Lockheed spokesman, would not confirm a breach.

"As a matter of policy, we don't discuss specific threats or responses," he told on Friday in a statement. "However, to counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data."

"We have policies and procedures in place to mitigate the cyberthreats to our business, and we remain confident in the integrity of our robust, multilayered information systems security," Adams added.

Mike Rothman, president of consultant firm Securosis, said incidents like this may force RSA to reissue millions of tokens. But the focus should be on the sophistication of the attackers, not the particular style of attack.

"Let's just say a company tossed all their RSA tokens and brought in someone else," he wrote in a blog post Friday. "Guess what? Then the attackers would compromise a device already on the network, taking the [two-factor authentication] out of play. And that's really the point...So panic all you want. They are still going to get in."


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.