RSA SecurID breach linked to hacker attack on Lockheed Martin; other US military contractors may be affected

[F-35 Lightning II, also known as the Joint Strike Fighter (JSF), planes built by Lockheed Martin arrive at Edwards Air Force Base in California in this May 2010 photo. REUTERS/Tom Reynolds/Lockheed Martin]

This week, Lockheed Martin—the largest U.S. military contractor—and several other defense contractors have reportedly experienced intrusions in their computer networks. Those intrusions may be connected to a hacking attack on RSA's SecurID security token division, disclosed back in March.

Hackers penetrating Sony's Playstation network or Google, affecting the data privacy of millions of users? Bad. Hackers penetrating the networks of the US military's largest weapons makers? Really, really, really bad.

Reuters was first tonight with the news of the intrusion at Lockheed, which the company is said to have first detected on Sunday.

They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter.

It was not immediately clear what kind of data, if any, was stolen by the hackers. But the networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.

A Lockheed press statement, reprinted in part in the Wall Street Journal,

[T]o counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security.


John Markoff and Christopher Drew in the New York Times link the Lockheed hack to the March RSA breach. While Lockheed's problems may be the first publicly known damage from that attack, other firms may also be affected.

"The issue is whether all of the security controls are compromised," said James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, a policy group in Washington. "That's the assumption people are making."

Neither RSA, which is based in Bedford, Mass., nor Lockheed would discuss the problems on Friday.

Officials in the military industry, who spoke only on the condition of anonymity given the sensitivity of the matter, said Lockheed had detected an intruder trying to break into its networks last Sunday. It shut down much of its remote access and has been providing new tokens and passwords to many workers, company employees said.

Raytheon published a statement today saying it took "immediate companywide actions" when the RSA breach became known back in March. General Dynamics denied experiencing problems related to the RSA breach; Northrop Grumman and Boeing declined to comment to the Times.

Related reading:

SecurID Company Suffers a Breach of Data Security
(NYT, March 17, 2011, John Markoff)
Columbia University computer science professor Steve Bellovin's take on the RSA breach (March, 2011).
• And Ars Technica's counterpoint to RSA's characterization of the breach as "extremely sophisticated."