Defense contractor Lockheed Martin is dealing with problems in its internal network after a suspected intrusion reportedly using the RSA SecurID tokens.
Lockheed Martin has been battling a
"major disruption" to its computer systems after its IT security team detected
a network intrusion earlier this week, Reuters reported.
The disruption began May 22 when the
company detected an intrusion to the network, according to the May 26 Reuters
story, which cited technology blogger Robert Cringley
. Cringley claimed the breach
involved RSA SecurID tokens that Lockheed employees use to access the internal
Lockheed has notified the Pentagon
about the problem, and it is working closely with the company's IT team to
gather information about the situation. However, the company has not confirmed
that the issues with its network are related to a security breach. Lockheed
does not discuss specific threats or responses as a matter of principle, a
company spokesperson told Reuters.
The company has reset all passwords for
its employees and suspended remote access to email and other corporate
applications, according to The Register
. Unnamed sources told Reuters that
employees can still use their mobile devices to check company email.
Cringley said the incident may be tied
to or at least use the information stolen from RSA Security back in February.
All remote access to the Lockheed's internal network using the company's
virtual private network (VPN) software was disabled on May 22. Employees who
regularly telecommute were asked to come into nearby offices to work, according
Employees were told on May 25 they will
be getting new RSA SecurID tokens "over the next several weeks," Cringley said.
Cringley estimated that 100,000 personnel will have to be issued new tokens
before remote access is restored, a process that will take at least a week.
"You have no idea how many people
are freaked out right now," Steve Winterfeld, cyber technical lead at
TASC, an advanced systems company spun off from Northrop Grumman, told Reuters.
TASC and other companies are no longer treating the RSA SecurID token as
completely secure, according to Winterfeld.
Replacing those SecurID tokens can
potentially cost an estimated $1.30 per token, Avivah Litan, a distinguished
analyst at Gartner, told eWEEK. The costs include direct costs of the token as
well as indirect costs such as overhead, support and shipping.
Organizations should have multiple
layers of security and not be relying entirely on the tokens, Brian Berger, executive
vice president of Wave Systems, told eWEEK. Built-in hardware security could
help maintain remote access because only those authorized computers can access
the network and it's easy to identify when an intruder from an unknown machine
enters the network, Berger said.
RSA never publicly disclosed exactly
what the unknown attackers stole during its security breach, other than the
fact that it was "information relating to the SecurID technology." Sources have
told eWEEK that RSA has disclosed what was lost to certain organizations under
NDA. An attacker would need several pieces of information about the token
before mounting a successful attack, such as customer data, token seed values
and individual PIN codes. None of these pieces of data is held by RSA.
Lockheed Martin is the biggest provider
of information technology to the U.S, government and supplies the Department of
Defense with F-22 and F-35 fighter plans and other critical weapons systems. It
employs 126,000 people worldwide.