Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other US military contractors, a source with direct knowledge of the attacks said.
They breached security systems designed to keep out intruders by creating duplicates to “SecurID” electronic keys from EMC Corp’s RSA security division, said the person who was not authorized to publicly discuss the matter.
It was not immediately clear what kind of data, if any, was stolen by the hackers. However, the networks of Lockheed and other military contractors contain sensitive data on future weapons systems, as well as military technology currently used in Iraq and Afghanistan.
Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony Corp, Google Inc and EMC Corp. Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate.
The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of RSA electronic security keys, but declined to say how many for security reasons.
The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.
EMC declined to comment on the matter, as did executives at major defense contractors.
Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, US governmental and other organizations with critical intellectual property.
He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to endusers, which meant the current attacks may have been carried out by the same hackers.
“Given the military targets and that millions of compromised keys are in circulation, this is not over,” he said.
Defense contractors’ networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the US government, said a former senior defense official, who was not authorized to speak on the record.
SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.
The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret personal identification number before they can access the network. If the user fails to enter the string before it expires, then access is denied.
EXTENSION: The route chosen by the transport ministry was the longest of three options, and the most expensive, but it would ensure clean water for greater Taipei The Ministry of Transportation and Communications yesterday finalized route for a Taiwan High Speed Rail line to Yilan County, which avoids the Feitsui Water Reservoir’s (翡翠水庫) watershed, a source within the ministry said. The ministry originally had three proposals for the Taipei-Yilan section of the railway, two of which were shorter, but crossed the watershed, while the ministry-proposed route, although longer, completely avoids it. Premier Su Tseng-chang (蘇貞昌) approved the ministry’s decision yesterday after being briefed on the issue at a meeting and is expected to announce the plan in Yilan in the coming days. While the chosen route is the most expensive
ATTACK UNLIKELY: China would become ‘pariahs internationally for just the wanton destruction of Taiwan’ and would have little to gain from it, Trump’s security adviser said A top White House official on Friday urged Taiwan to build up its military capabilities to protect against a possible invasion by China, saying that Beijing would have that ability in 10 to 15 years. US President Donald Trump’s National Security Adviser Robert O’Brien told the Aspen Security Forum that a missile attack by China against Taiwan would be much too destructive. An amphibious attack is a possibility, although at the moment it is beyond China’s capability, he said. However, China could combine that threat with “gray zone” operations, embargoes, harassment and other actions to intimidate the nation if Taipei does not build
REGISTRATION ROW: The online marketplace stopped taking new orders before noon yesterday and said that it would help sellers complete their deals before going offline E-commerce site Taobao Taiwan (淘寶台灣) yesterday announced that it would leave the Taiwanese market at the end of this year, after being told by the Investment Commission to register as a Chinese entity. It made the “tough decision” to leave Taiwan, effective Jan. 1 next year, due to “market uncertainties” and was in talks with its employees over a redundancy scheme, the company said in a statement. It would also help sellers on its site complete their outstanding deals to protect their rights and those of the buyers, it said. The company said that it had decided to stop taking new orders before
UNFOUNDED CLAIMS: Hong Kong air traffic controllers told a Taiwanese aircraft to leave due to ‘dangerous activities,’ but the military said it found no reason for the claim Minister of National Defense Yen De-fa (嚴德發) yesterday called on Beijing to respect international aviation rules and refrain from undermining air travel after Hong Kong air traffic controllers on Thursday morning warned off a Taiwanese flight. A military chartered supply flight operated by Uni Air (立榮航空) from Kaohsiung to the Taipei-controlled Pratas Islands (Dongsha Islands, 東沙群島) in the South China Sea was forced to turn back on its way to the disputed islands, where 250 Taiwanese coast guard personnel are deployed, the Civil Aeronautics Administration (CAA) said. Hong Kong air traffic controllers denied the Uni Air ATR2-600 aircraft authorization to enter the
RSS