RSA offers to replace SecurIDs after Lockheed hacking

SAN FRANCISCO Tue Jun 7, 2011 9:37am EDT

A view shows the cockpit of the Lockheed Martin F-35 Lightning II at the Australian International Airshow in Melbourne March 2, 2011. REUTERS/Mick Tsikas

A view shows the cockpit of the Lockheed Martin F-35 Lightning II at the Australian International Airshow in Melbourne March 2, 2011.

Credit: Reuters/Mick Tsikas

Related Topics

SAN FRANCISCO (Reuters) - Data storage firm EMC Ltd has offered to replace millions of potentially compromised "SecurID" electronic keys after hackers used data stolen from its RSA security division to break into Lockheed Martin's network.

Lockheed Martin, the Pentagon's No. 1 arms supplier and the government's top information technology provider, was attacked last month by hackers, underscoring a growing threat to U.S. national security.

RSA, which makes the SecurID keys, said in a letter published on its website that it had confirmed information taken from it in March was used in the attack on Lockheed Martin.

EMC had previously warned that information stolen from RSA related to its SecurIDs and has now offered to replace the SecurID keys of any customers who ask, a spokesman told Reuters.

"Certain characteristics of the attack on RSA indicated that the perpetrator's most likely motive was to obtain an element of security information that could be used to target defense secrets and related (intellectual property)," RSA said in Monday's letter.

Lockheed's networks house sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan. A source told Reuters last week that several other U.S. military contractors have also been attacked.

Lockheed is the maker of the F-16, F-22 and F-35 fighter jets as well as warships and other multibillion-dollar arms systems sold worldwide.

Other big corporations have suffered from major hacking attacks recently, including Sony Corp and Google.

The widely used electronic keys work using a two-pronged approach to confirming the identity of the person trying to access a computer system.

They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.

The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN before they can access the network.

If the user fails to enter the string before it expires, then access is denied.

(Reporting by Noel Randewich; editing by Carol Bishopric and Vinu Pilakkott)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
bberger wrote:
This break in a security platform represents the ongoing challenges we as security professionals face. Security is an ever changing and adjusting technology for whereby organizations, standards and technology need to change as the threat model increases. As we see with many breaks of a security model, our enemies are mounted in force with the sole intention of capturing information, data and records for financial gain, political strength or espionage. It’s almost sounds like a Hollywood movie, but, the real world is seeing the battles moving to the network vs. the battlefield.
Standards have emerged to allow international peers to do a security review of a solution that can be more resilient and have a broad interest in preventing the most damaging threats. In the case in point, such organizations as the Trusted Computing Group (TCG), have developed security standards that have now been enabled in devices such as Trusted Platform Modules (TPM’s), Secure Encrypted Drives (SED’s) products. The distribution and availability is broad and deep, and these products have the security algorithms imbedded in hardware which creates a 1 to 1 attack profile vs. a broad secret model as we see in this report. Meaning, I as a hacker need the machine in my possession and then I need to crack the silicon chip and steal its secrets which if successful, highly unlikely, will only allow me the hacker to learn information on that single machine.
As a previously wise decision, layering security has always been a good idea, and now it’s a “Best Practice”. Using the TPM as the root of trust with appropriate software as a solution is what is needed this allows management of a user’s machine, their credentials and data access as rooted in hardware vs. software. The result is; only known users and machines can access the network, data and user privacy. Yes, we should look for new way and use the 500 million TPM’s, several million SED’s and move away from old security paradigms.

Jun 07, 2011 10:49am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.