Lockheed Martin breached by unknown digital assailants

RSA SecurIDIn an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth.

"They breached security systems designed to keep out intruders by creating duplicates to 'SecurID' electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter."

RSA's SecurID is a two-factor authentication system, this means the end user has two variables in the equation to gain authorized access:

  1. A password or PIN coupled with a username,
  2. The SecurID device, which generates a random number at a frequency of one per minute.

The network or service the end-user is authenticating into has the technology in place to identify a correct two-factor login.

Earlier this year there were reports of miscreants compromising the RSA SecurID infrastructure.  At the time it was unknown exactly what the compromise meant; however, worst case scenarios projected that the tokens could be duplicated by bad actors.

The Reuters article indicates that this may have happened in the attacks on Lockheed Martin and other US Defense Contractors.

We will monitor this story and follow-up with any developing news, as the impact of this SecurID compromise unfolds.

*Image courtesy of Harvard

Author ESET Research, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.