(Repeats without change to headline or text)
* Hackers broke into Lockheed Martin networks -source
* Unclear what, if anything, was stolen
* Attack probably done by same hackers who broke into RSA
(Adds comment from Lockheed, former government official and
president of security firm)
By Jim Finkle and Andrea Shalal-Esa
BOSTON/WASHINGTON, May 27 Unknown hackers have
broken into the security networks of Lockheed Martin Corp
(LMT.N) and several other U.S. military contractors, a source
with direct knowledge of the attacks told Reuters.
They breached security systems designed to keep out
intruders by creating duplicates to "SecurID" electronic keys
from EMC Corp's EMC.N RSA security division, said the person
who was not authorized to publicly discuss the matter.
It was not immediately clear what kind of data, if any, was
stolen by the hackers. But the networks of Lockheed and other
military contractors contain sensitive data on future weapons
systems as well as military technology currently used in
battles in Iraq and Afghanistan.
Weapons makers are the latest companies to be breached
through sophisticated attacks that have pierced the defenses of
huge corporations including Sony (SNE.N), Google Inc (GOOG.O)
and EMC Corp EMC.N. Security experts say that it is virtually
impossible for any company or government agency to build a
security network that hackers will be unable to penetrate.
The Pentagon, which has about 85,000 military personnel and
civilians working on cybersecurity issues worldwide, said it
also uses a limited number of the RSA electronic security keys,
but declined to say how many for security reasons.
The hackers learned how to copy the security keys with data
stolen from RSA during a sophisticated attack that EMC
disclosed in March, according to the source.
EMC declined to comment on the matter, as did executives at
major defense contractors.
Rick Moy, president of NSS Labs, an information security
company, said the original attack on RSA was likely targeted at
its customers, including military, financial, governmental and
other organizations with critical intellectual property.
He said the initial RSA attack was followed by malware and
phishing campaigns seeking specific data that would link tokens
to end-users, which meant the current attacks may have been
carried out by the same hackers.
"Given the military targets, and that millions of
compromised keys are in circulation, this is not over," he
Lockheed, which employs 126,000 people worldwide and had
$45.8 billion in revenue last year, said it does not discuss
specific threats or responses as a matter of principle, but
regularly took actions to counter threats and ensure security.
"We have policies and procedures in place to mitigate the
cyber threats to our business, and we remain confident in the
integrity of our robust, multi-layered information systems
security," said Lockheed spokesman Jeffery Adams.
Executives at General Dynamics Corp (GD.N),, Boeing Co
(BA.N), Northrop Grumman Corp (NOC.N), Raytheon Co (RTN.N) and
other defense companies declined to comment on any security
breaches linked to the RSA products.
"We do not comment on whether or not Northrop Grumman is or
has been a target for cyber intrusions," said Northrop
spokesman Randy Belote.
ACTIONS PREVENTED WIDESPREAD DISRUPTION
Raytheon spokesman Jonathan Kasle said his company took
immediate companywide actions in March when incident
information was initially provided to RSA customers.
"As a result of these actions, we prevented a widespread
disruption of our network," he said.
Boeing spokesman Todd Kelley said his company had a "wide
range" of systems in place to detect and prevent intrusions of
its networks. "We have a robust computing security team that
constantly monitors our network," he said.
Defense contractors' networks contain sensitive data on
sophisticated weapons systems, but all classified information
is kept on separate, closed networks managed by the U.S.
government, said a former senior defense official, who was not
authorized to speak on the record.
SecurIDs are widely used electronic keys to computer
systems that work using a two-pronged approach to confirming
the identity of the person trying to access a computer system.
They are designed to thwart hackers who might use key-logging
viruses to capture passwords by constantly generating new
passwords to enter the system.
The SecurID generates new strings of digits on a
minute-by-minute basis that the user must enter along with a
secret PIN (personal identification number) before they can
access the network. If the user fails to enter the string
before it expires, then access is denied.
RSA and other companies have produced a total of about 250
million security tokens, although it is not clear how many are
in use worldwide at present, said the former defense official.
The devices provided additional security at a lower cost
than biometrics such as fingerprint readers or iris scanning
machines, said the official, noting that the RSA incident could
increase demand for greater use of biometric devices.
The RSA breach did raise concerns about any security tokens
that had been compromised, and EMC now faced tough questions
about whether "they can repair that product line or whether
they need to ditch it and start over again," he said.
EMC disclosed in March that hackers had broken into its
network and stolen some information related to its SecurIDs. It
said the information could potentially be used to reduce the
effectiveness of those devices in securing customer networks.
EMC said it worked with the Department of Homeland Security
to publish a note on the March attack, providing Web addresses
to help firms identify where the attack might have come from.
It briefed individual customers on how to secure their
systems. In a bid to ensure secrecy, the company required them
to sign nondisclosure agreements promising not to discuss the
advice that it provided in those sessions, according to two
people familiar with the briefings.
(Reporting by Jim Finkle and Andrea Shalal-Esa; editing by
Matthew Lewis, Bernard Orr)