Home News Commentary Video Slideshows Tech Centers IW Mobile RSS Subscribe Newsletters Events White Papers

Software Security Cloud Mobility Social Business Big Data Hardware Windows Global CIO Government Healthcare Financial SMB More

Cloud Computing Government Slideshows Leadership Policy & Regulation State & Local Enterprise Architecture Information Management Mobile & Wireless Security Video

Tweet Like 0 Permalink Get InformationWeek Daily

Don't miss each day's hottest technology news, sent Lockheed Martin Suffers Massive directly to your inbox, including occasional breaking news alerts. Cyberattack "Significant and tenacious" attack targeted multiple U.S. defense contractors and may have involved hack of RSA SecurID system.

By Mathew J. Schwartz InformationWeek May 31, 2011 08:00 AM A major online attack was launched earlier this month against the networks of Lockheed Martin, the country's largest defense contractor. FEATURED WEBCASTS On Saturday, Lockheed Martin released a statement confirming the attack,

which it described as "significant and tenacious." But it said its information (click image for larger view) What's this? security team "detected the attack almost immediately and took Slideshow: 10 Massive l Single Source of Truth for Managing Critical Assets aggressive actions to protect all systems and data." Application Consolidation across Public Sector Security Breaches Organizations

As a result, the company said, l What Enterprise Modernization Means to Your Agency More Government "our systems remain secure; no customer, program, or employee l Reliable Information for Actionable Insights Insights personal data has been compromised." l The view is better up here: breaking through barriers to Cloud Webcasts reportedly exploited Lockheed's VPN access system, l Supporting an Enterprise-wide Data Archive and Retention Strategy l Single Source of Truth for Managing which allows employees to log in remotely by using their RSA Critical Assets Application SecurID hardware tokens. Attackers apparently possessed the Consolidation across Public Sector More » Organizations seeds--factory-encoded random keys--used by at least some of Lockheed's SecurID hardware fobs, as well as serial numbers and l Reliable Information for Actionable the underlying algorithm used to secure the devices. Insights

More >> That suggests that whoever attacked Lockheed Martin may also THIS WEEK'S ISSUE White Papers have been behind the successful breach in March of EMC's RSA

l 5 Things You Need to Know About division, which manufactures SecurID. "Since then, there have l Subscribe to BYOD been and campaigns in the wild seeking InformationWeek

l Leveraging 20th century technology specific data linking RSA tokens to the end user, leading us to l Subscribe to Digital in 21stcentury government believe that this attack was carried out by the original RSA l Read the Cover Story attackers," Rick Moy, president and CEO of NSS Labs, said in a More >> l Download This Issue Reports blog post.

l Research: Federal Government Back Issues According to security blogger Robert Cringely, aka Mark Cybersecurity Survey Stephens, who broke news of the attack against Lockheed l 2011 Federal Government IT Martin, "It seems likely that whoever hacked the RSA network got Priorities the algorithm for the current tokens and then managed to get a

More >> keylogger installed on one or more computers used to access the intranet" at Lockheed Martin. From there, attackers reportedly SUPPLEMENTAL ISSUE gained access to the company's internal network.

l Subscribe to What types of information might attackers have been targeting? Lockheed Martin, which earned revenue of InformationWeek $45.8 billion in 2010, makes everything from Trident missiles and F-22 fighter jets to a network of satellites l Subscribe to Digital for the Department of Defense that are designed to support high-priority wartime communications. l Read the Cover Story By all accounts, Lockheed Martin's swift detection of the attack helped avert potential disaster. "The good l Download This Issue news here is that the contractor was able to detect an intrusion then did the right things to deal with it," Cringely said. "A breach like this is very subtle and not easy to spot." Furthermore, he said, the same day Back Issues that Lockheed Martin detected the attack, all remote access for employees was disabled, and the company told all telecommuters to work from company offices for at least a week. Then on Wednesday, the company informed all remote workers that they'd receive new RSA SecurID tokens and told all 133,000 employees to reset their network passwords.

http://www.informationweek.com/government/security/lockheed-martin-suffers-massive-cyberatt/229700151 Page 1 / 3 In a statement released Sunday, EMC said it was "premature to speculate" on the details of the attack. But CURRENT HEALTHCARE ISSUE if attackers did use information stolen from RSA to hack into the SecurID system used by Lockheed Martin, then EMC could be forced to finally reveal, publicly, any risks that the use of its system might now pose to In this issue: the 40 million users of SecurID hardware token customers and 250 million users of its SecurID software. l CIO Roundtable: We brought together eight top IT Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and execs to discuss BYOD, discuss the latest in cutting-edge research. It happens Aug. 3-4 in Las Vegas. Find out more and register. Meaningful Use, accountable care, and other contentious issues.

Back Issues l Financial Side Of "Do No Harm": Why use IT systems to help cut medical costs if , join the conversation physicians ignore the cost of the care they provide?

l And much more! Related Reading l Read the Current Issue

News Commentary Video Most Popular On the Web Slideshow FEATURED WHITEPAPERS News Commentary Video

Black Hat: 6 Lessons To Tighten FBI's Sentinel Project: 5 Lessons Good, Bad And Ugly Of Enterprise Security Learned Fingerprint Scanning What's this? l 5 Things You Need to Know About BYOD Amazon.com DDoS Attacker 10 Developments Show How the SF Giants Perfected l Leveraging 20th century technology in 21stcentury Busted In Cyprus Government Cloud Maturing BYOD and Their Game government Court Slams Bank For Ignoring 10 Lessons From Leading Duo Security Advances Two- l SCADA Product Sheet Zeus Attack Government CIOs Factor Authentication l Optimizing data storage in federal government data Facebook Joins California U.S. Intelligence Connects The Piston Cloud Founder Demos centers Mobile App Privacy Program Dots On Bin Laden Enterprise OpenStack l DoDAF architectures in UML and IBM Rational More News» More Commentary» Distribution Rhapsody software Most Popular On the Web More Videos» Slideshow More » NYC, Microsoft Team On Huge Save 50% on 5 Star Rated Surveillance System Ebooks Secret Spy Satellite Takes Off: Stunning Images Espionage Malware How insurance firms can master Seeks Middle East Data social media U.S. Military Robots Of The Future: Visual Tour FAA's New Flight Control System Is Cloud Computing Really FEATURED WHITEPAPER Has Security Holes: Researcher Cheaper? 15 Government IT Innovators: InformationWeek 500 Cyberwar Threats: New Security Strategies for Google Issues Warnings For ‘SRP’ Won’t Protect Blizzard’s Governments State-Sponsored Attacks Stolen Passwords Inside DHS' Classified Cyber In this white paper, Tripwire discusses strategies for More Popular» Coordination Headquarters How To Gain Free Feedback defending cyber threats that include monitoring More Slideshows» From Your Classmates | security status of systems throughout the enterprise, YoungEntrepreneur.com detecting threats to sensitive data, and responding to

More On the Web» threats in real-time.

Learn More

To upload an avatar photo, first complete your profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Subscribe to RSS FEATURED REPORTS

What's this?

l Research: Federal Government Cybersecurity Survey RESOURCE LINKS Cybercriminals, insiders and foreign states are the most serious threats to government systems, according to our 2012 Federal Government Cybersecurity Survey. Agencies say they're prepared, but huge challenges remain.

l Strategy: FISMA Lifts All Compliance Boats FISMA may not be on your radar now, but it likely will

be at some point. Geared specifically toward the federal government and its affiliate agencies and third parties, FISMA is a very specific set of requirements aimed at establishing ...

l 2011 Federal Government IT Priorities Cybersecurity ranks as the top priority among federal IT professionals, according to our third annual survey.

Data center consolidation rose in importance, while

the Open Government Initiative fell. Our survey also reveals gaps between key White House initiatives and their ...

More »

http://www.informationweek.com/government/security/lockheed-martin-suffers-massive-cyberatt/229700151 Page 2 / 3

VIDEO

WATCH: Jelly Bean Demo On The Samsung Galaxy Ne ...

WATCH: First Look At Windows 8, Microsoft's Off ...

WATCH: The Most Interesting IT Guy In The World ...

View All Videos

Enabling People and Organizations to Harness the Transformative Power of Technology

CIOs & IT Professionals Software Developers Vertical Markets Global Communications Most Popular Black Hat Dr. Dobb's Advanced Trading Service Providers Cable Catchup BYTE Dr. Dobb's M-Dev Bank Systems & Technology 4G World Cloud Connect Blog Cloud Connect Dr. Dobb's Journal CreateYourNextCustomer Heavy Reading Digital Life Dark Reading Dr. Dobb's Update InformationWeek Government Heavy Reading Insiders Evil Bytes Enterprise 2.0 TechWeb.com InformationWeek Healthcare Pyramid Research InformationWeek Reports Enterprise Connect Insurance & Technology Light Reading Interop Blog Enterprise Efficiency Web & Digital Professionals Light Reading / Telecom Light Reading India Monkey Bidness HDI Internet Evolution The CMO Site Light Reading Mobile Over the Air InformationWeek Online Marketing Summit Wall Street & Technology Light Reading Cable Personal Tech InformationWeek 500 TechWeb.com Light Reading Europe The Philter InformationWeek 500 Conference Game Industry Professionals Light Reading Asia Valley Wonk InformationWeek Events Government Officials Gamasutra.com Ethernet Expo InformationWeek Global CIO GTEC Ottawa Game Developers Conference (GDC) TelcoTV InformationWeek Healthcare InformationWeek Government Independent Games Festival Tower Summit InformationWeek India TechWeb.com Game Developer Magazine Light Reading Live & Virtual Events InformationWeek Reports GDC Europe Webinars InformationWeek SMB GDC China Interop Game Career Guide Mobile Connect Game Advertising Online Network Computing No Jitter TechWeb.com The BrainYard

UBM TechWeb Reader Services About UBM TechWeb Advertising Contacts Technology Marketing Solutions Contact Us Feedback

Reprints TechWeb Digital Library / White Papers TechWeb Events Calendar TechWeb.com

Terms of Service | Privacy Statement | Copyright © 2012 UBM TechWeb, All rights reserved.

InformationWeek Home News Commentary Video Slideshows Software Security Cloud Mobility Social Business Personal Tech Hardware Windows Global CIO Government Healthcare Financial SMB

About Us Contact Us Customer Support Current Issue Back Issues Site Map Reprints Editorial Calendar

http://www.informationweek.com/government/security/lockheed-martin-suffers-massive-cyberatt/229700151 Page 3 / 3