RSA SecurID Breach Spreads to L3 and Northrop

Thursday, June 02, 2011



While few details have ever been released that could give analysts an better understanding of the scope and impact of the recent RSA breach, the unauthorized access to sensitive material regarding the company's SecurID product appears to be having widespread impact.

Last week defense contractor Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers, as well as requiring all employees with network access to change their passwords, after detecting access attempts.

Defense contractor Northrop Grumman has also reportedly disabled remote access to company networks, and L-3 Communications is now reporting the company has suffered a network breach stemming from cloned RSA SecurID tokens.

"L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information," an L-3 executive wrote in an internal memo.

"We do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions,.As a leader in cybersecurity, Northrop Grumman continuously monitors and proactively strengthens the security of our networks," said Northrop's Margaret Mitchell-Jones.

In mid-March RSA, the security division of EMC, announced they had suffered a breach stemming from an attack on their network systems that targeted proprietary information about the company's SecurID product.

SecurID is a product designed to prevent unauthorized access to enterprise network systems, and exposure of proprietary information about the product could in turn make RSA's clients more vulnerable to hacks themselves.

"It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network," security expert Robert Cringely recently wrote.

RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.

"What we're seeing are targeted attacks against the defense industry. The RSA attack was very sophisticated, probably executed by people who had plans for what to do with the keys," said Anup Ghosh, a former scientist with the Defense Advanced Research Projects Agency (DARPA).

The SecurID compromise is a threat on multiple fronts, as more than a handful of companies now need to decide whether to reissue tokens on a company-wide basis, or to abandon their security investment altogether, while simultaneously working to defend their networks with the systems currently in place.

As has already been evidenced, some of the companies at risk are responsible for protecting extremely sensitive nation defense information.

"Think about the data and information that those companies have. They have our nation's military technology secrets. If adversaries get that technology, we may not be the one that controls those weapons," Ghosh said.

Possibly Related Articles:
RSA Defense Headlines Network Security National Security hackers breach SecurID Lockheed Northrop Grumman L-3 Communications
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.