Last week the largest defense contractor in the world and the United States government’s top technology information provider battled off a “significant and tenacious” cyber attack, Lockheed Martin Corp announced Saturday. And, the Huffington Post Reports, the Department of Homeland Security has now confirmed it:
Hackers launched a “significant and tenacious” cyber attack on Lockheed Martin, a major defense contractor holding highly sensitive information, but its secrets remained safe, the company said Saturday.
Lockheed Martin, the Department of Homeland Security and the Pentagon confirmed that the contractor’s information systems had come under attack. Lt. Col. April Cunningham, speaking for the Defense Department, said the impact on the Pentagon “is minimal and we don’t expect any adverse effect.”
Still, the concerted attempt to breach the contractor’s systems underscored the risk to the nation’s critical defense data.
This is the latest twist on a story that has just started to gather steam on the Internet. The operative question is: how bad was the security breach? Reuters:
Lockheed Martin Corp., the U.S. government’s top information technology provider, said on Saturday it had thwarted “a significant and tenacious attack” on its information systems network a week ago but was still working to restore employee access.
No customer, program or employee personal data was compromised thanks to “almost immediate” protective action taken after the attack was detected May 21, Jennifer Whitlow, a company spokeswoman, said in an emailed statement.
She said the company, the world’s biggest aerospace company and the Pentagon’s No. 1 supplier by sales, was working around the clock to restore employee access to the targeted network while maintaining the highest security level.
The U.S. Defense Department said in statement late Saturday night that it was working with Lockheed to determine the scope of the attack.
The incident’s impact on the department is “minimal and we don’t expect any adverse effect,” Air Force Lieutenant Colonel April Cunningham said by email.
She declined to specify the nature of the impact, saying that as a matter of policy, the department does not not comment on operational matters.
Recent reports that hackers have breached the network security of US defense contractors including Lockheed Martin is a salutory reminder of the risks to enterprise information. The source of the breaches appear to have been the electronic fobs used in two-factor authentication when users log in from outside the enterprise network.
Even in such a security-conscious enterprise as Lockheed Martin, remote access from outside the firewall is a regular part of the day-to-day working routine. There’s a telling quote in the Reuters report from Loren Thompson, COO of Lexington Institute and a consultant to Lockheed: “the incident underscored massive challenges faced by corporate and government computer networks in ‘an age where everybody has access to ubiquitous digital communications’.”
No modern enterprise can function, it seems, without allowing employees and contractors to bring the cloud to its gates. In response to the breach, Robert X Cringely, the blogger who first broke news of the breach, reports that Lockheed Martin had to:
*Immediately disable all remote access
*Ask those who telecommute from home “to come into nearby offices to work”
*Ask over 100,000 network users to reset their passwords — including Pentagon staff who collaborate on projects, some sources added.
The world’s largest defense contractor said Saturday it fought off a “tenacious” cyber attack last week.
Lockheed Martin Corp, the Pentagon’s No. 1 supplier, said in a statement it detected a “significant” assault on its computer networks on May 21. It was found “almost immediately” and no employee, program or customer data was lost, the company said in a statement.
The Department of Homeland Security said it knew about the “cyber incident,” and was investigating alongside the Department of Defense.
The agencies are “determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk,” said Chris Ortman, a spokesman for the agency.
Lockheed uses a mobile security system produced by EMC Corp.’s RSA unit. RSA bolstered security for clients, including Lockheed, after a network breach in March resulted in the theft of RSA data, a person familiar with the process said.
Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony and Google.
Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, governmental and other organizations with critical intellectual property.
Lockheed Martin Defense Hacked – United States defense contractor Lockheed Martin has been hacked. This news could have major implications on the global security of the world and the United States, according to the New York Times.
Lockheed Martin Corporation is the largest defense contractor for the United States. On May 22nd, the first suspicion of an intruder in their computer network was detected.
In response to the security breech, the company shut down remote access to the network and issued new SecureID electronic tokens and passwords into the system. All employee information was changed as a precaution.
Since this lock down of the network, it has been learned that someone was able to breech security. The thieves have not been identified nor has the information they stole
The Christian Science Monitor:
Although it appears the attack had limited impact on the Department of Defense, it may indicate that cyber espionage is evolving and could become more of a serious threat to governments and companies in the near future.
“It certainly seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments,” writes Tony Bradley, a PC World columnist. “Malware has evolved from a trivial, script-kiddie nuisance, to a professional crime syndicate, and now into a tool for precision corporate and government espionage.”
….Hackers managed to break into Lockheed Martin’s system in 2009. They reportedly accessed computers with information about the F-35 fighter jet program, reports Haaretz. The program is projected to cost more than $380 billion and is the most expensive Pentagon arms purchase.
Cyber security issues have been becoming increasingly high profile, since hackers broke into the Sony PlayStation network in April, compromising the information of more than 100 million users and costing Sony and credit card companies an estimated $1 to $2 billion.
Aerospace giant Lockheed Martin, which provides equipment for the American and British armies, described the cyber attack as “significant and tenacious”.
However, it claimed no sensitive information was stolen during the virtual raid on its systems.
A spokesman said: “Lockheed Martin detected a significant and tenacious attack on its information systems network.
“As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure.
“No customer, program or employee personal data has been compromised.”
The incident is under investigation, and Lockheed Martin said it was keeping US government agencies informed of the situation.
It did not mention any suspected source of the attack.
Joe Gandelman is a former fulltime journalist who freelanced in India, Spain, Bangladesh and Cypress writing for publications such as the Christian Science Monitor and Newsweek. He also did radio reports from Madrid for NPR’s All Things Considered. He has worked on two U.S. newspapers and quit the news biz in 1990 to go into entertainment. He also has written for The Week and several online publications, did a column for Cagle Cartoons Syndicate and has appeared on CNN.