In the wake of high profile cyber attacks, data storage firm EMC Ltd will replace millions of compromised “SecurID” electronic keys after hackers used data stolen from its RSA security division to break into other companies.
Lockheed Martin, the Pentagon’s No. 1 arms supplier and the U.S. government’s top information technology provider, suffered an attack last month by hackers.
RSA, which makes the SecurID keys, said in a letter on its website it confirmed information taken in March was part of the attack on Lockheed Martin.
EMC had previously warned that information stolen from RSA related to its SecurIDs and has now offered to replace the SecurID keys of any customers who ask, a spokesman said.
“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related (intellectual property),” RSA said in its letter.
Lockheed’s networks house sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan. Lockheed was not the only victim as other U.S. military contractors, such as L-3 Communications, have also suffered an attack.
The widely used electronic keys work using a two-pronged approach to confirming the identity of the person trying to access a computer system.
They should stop hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.
The SecurID generates new strings of digits on a minute-by-minute basis the user must enter along with a secret PIN before they can access the network.
If the user fails to enter the string before it expires, then access is denied.