Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other US military contractors, a source with direct knowledge of the attacks said.
They breached security systems designed to keep out intruders by creating duplicates to “SecurID” electronic keys from EMC Corp’s RSA security division, said the person who was not authorized to publicly discuss the matter.
It was not immediately clear what kind of data, if any, was stolen by the hackers. However, the networks of Lockheed and other military contractors contain sensitive data on future weapons systems, as well as military technology currently used in Iraq and Afghanistan.
Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony Corp, Google Inc and EMC Corp. Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate.
The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of RSA electronic security keys, but declined to say how many for security reasons.
The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.
EMC declined to comment on the matter, as did executives at major defense contractors.
Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, US governmental and other organizations with critical intellectual property.
He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to endusers, which meant the current attacks may have been carried out by the same hackers.
“Given the military targets and that millions of compromised keys are in circulation, this is not over,” he said.
Defense contractors’ networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the US government, said a former senior defense official, who was not authorized to speak on the record.
SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.
The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret personal identification number before they can access the network. If the user fails to enter the string before it expires, then access is denied.
CAUTION: Taiwanese should be alert, even if they have just liked or shared posts that would breach Beijing’s national security legislation for Hong Kong, the council said Due to the newly implemented Hong Kong national security legislation, the Mainland Affairs Council (MAC) has drawn up a list of what it described as “high-risk groups,” cautioning them not to travel to Hong Kong. People who support independence for Taiwan, Hong Kong, Tibet and Xinjiang; those who are critical of the Chinese Communist Party (CCP), the Hong Kong government and the “one country, two systems” concept; and those who donated to or voiced support for the Hong Kong anti-extradition bill movement are urged to refrain from visiting Hong Kong, the council said on its Web site. It released two posts on
HONG KONG SECURITY: The president blasted regulations requiring Taiwanese agents or political organizations to provide information on their Hong Kong-related activities President Tsai Ing-wen (蔡英文) yesterday warned of countermeasures should controversial Chinese national security legislation imposed on Hong Kong undermine or harm Taiwanese interests. Article 43 of the legislation empowers the Hong Kong Special Administrative Region to serve written notices to Taiwanese political organizations or individual agents to furnish information on their Hong Kong-related activities, including their personal particulars, finances, assets, expenditure and capital in the territory. Failure to comply or providing false or incomplete information can result in a fine of HK$100,000 (US$12,903) or imprisonment of six months or two years respectively. Tsai said that Taiwan would keep a close watch on how
NEW HONG KONG LAW: A visit to Beijing-friendly nations or those with weak judicial systems could leave people at risk of deportation to China, a former MAC official said Beijing could request countries with which it has extradition agreements to deport Taiwanese to China to face criminal charges following the implementation of national security legislation for Hong Kong, a former Mainland Affairs Council (MAC) official warned yesterday. Some developing countries, and those close to China because of the Belt and Road Initiative, are likely to accommodate Beijing’s requests to extradite Taiwanese to China, said former deputy MAC minister Chen Ming-chi (陳明祺), who served from July 2, 2018, until May 20, and then returned to his former post as an assistant professor of sociology at National Tsing Hua University. While Taiwanese
MORAL COURAGE: The Ministry of Foreign Affairs urged the global community to face China’s intention to subdue Taiwan and reject such irrational requests The Ministry of Foreign Affairs yesterday strongly condemned the Chinese government for meddling with US officials’ interactions with Taiwan after FBI Director Christopher Wray revealed China’s efforts to discourage US officials from visiting Taiwan. The greatest long-term threat to the US’ information security and intellectual property, as well as its economic vitality, is China’s counterintelligence and economic espionage operations, Wray told a video event at the Hudson Institute in Washington. Beijing is engaged in a highly sophisticated and maligning foreign influence campaign, with methods that include bribery, blackmail and covert deals, he said. Giving an example, Wray said that when a US official
RSS