Stuxnet focused on a very specific target in the industrial control sector, but that was not only area suffering attacks labeled “significant and tenacious.”
A major online attack occurred earlier this month against the networks of Lockheed Martin, the country’s largest defense contractor.
Lockheed Martin released a statement this past Saturday confirming the attack, which it described as “significant and tenacious.” But it said its information security team “detected the attack almost immediately and took aggressive actions to protect all systems and data.”
As a result, the company said, “our systems remain secure; no customer, program, or employee personal data has been compromised.”
Hackers reportedly exploited Lockheed’s VPN access system, which allows employees to log in remotely by using their RSA SecurID hardware tokens. Attackers possessed the seeds — factory-encoded random keys — used by at least some of Lockheed’s SecurID hardware fobs, as well as serial numbers and the underlying algorithm used to secure the devices.
“It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a keylogger installed on one or more computers used to access the intranet” at Lockheed Martin, said security blogger Robert Cringely, aka Mark Stephens, who broke news of the attack against Lockheed Martin,. From there, attackers gained access to the company’s internal network.
Lockheed Martin, which had revenues of $45.8 billion in 2010, makes everything from Trident missiles and F-22 fighter jets to a network of satellites for the Department of Defense designed to support high-priority wartime communications.
By all accounts, Lockheed Martin’s swift detection of the attack helped avert potential disaster. “The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it,” Cringely said. “A breach like this is very subtle and not easy to spot.”
The same day that Lockheed Martin detected the attack, all remote access for employees was disabled, and the company told all telecommuters to work from company offices for at least a week, he said. Then on Wednesday, the company informed all remote workers would get new RSA SecurID tokens and had all 133,000 employees reset their network passwords.