China Linked to RSA and Defense Contractor Breaches

Tuesday, June 07, 2011



Security experts are openly speculating that China may be behind the recent unauthorized network access events at several U.S. defense contractors, and that they may also be responsible for the RSA SecurID breach as well.

RSA, the security division of EMC, announced in mid-March they had suffered a breach stemming from an attack on their network systems that targeted proprietary information about the company's SecurID product.

SecurID is a product designed to prevent unauthorized access to enterprise network systems, and exposure of proprietary information about the product could in turn make RSA's clients more vulnerable to hacks themselves.

RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.

Few details have ever been released about the scope of the breach, but analysts expected the unauthorized access to sensitive SecurID information would have a widespread impact.

In late May defense contractor Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers, as well as requiring all employees with network access to change their passwords, after detecting unauthorized access attempts.

Shortly thereafter, defense contractor Northrop Grumman has also reportedly disabled remote access to company networks, and L-3 Communications reported the company has suffered a network breach stemming from cloned RSA SecurID tokens.

Compromised tokens alone are not enough to get an attacker in the door of a company using SecurID. Targeted spear-phishing operations need to be conducted against employees to elicit the corresponding passcodes needed to gain access to the company's networks.

"Having the key, or token, isn't enough to break into a system. Attackers also need to have the passcode that token holders use when they are logging in to a network. Phishing e-mails that trick recipients into revealing their log-ins and e-mails bearing malware that infects the recipient's computer are commonly used to get that information," wrote Cnet's Elinor Mills.

"Having done their homework, the attackers know to craft an official-looking e-mail coming from a person or organization the recipient would trust. Such sophisticated attacks on a specific target that are designed to steal credentials in order to get into the network to access critical data are known as Advanced Persistent Threats, or APT," Mills continued.

Such a sophisticated APT operation leads many security experts to believe that China is ultimately behind the attacks on U.S.defense contractors.

"APT is a euphemism for China. There is a massive espionage campaign being waged by a country. It's been going on for years, and it's going to continue," said Rich Mogull, chief executive of Securosis.

Other security experts agree. According to an article by Joshua Philipp and Matthew Robertson, the Chinese have long seen a tactical cyber offensive capability as being a potentially powerful equalizer in their quest to attain superpower status and undermine the effectiveness of international political rivals.

"China has made no secret that they see cyberspace as the domain that allows them to compete with the U.S. The reality is, part of the basis of U.S. hegemony... has been the ability to leverage command of signals intelligence to have perspective on the motivations and activities of others. Cyberspace has equalized that, so all of a sudden we're in a competitive intelligence environment," Rohozinski said.

While numerous nations are involved in varying levels of cyber aggression, what makes the Chinese threat so much more palpable is the systemic nature and comparatively large scale of the state-sponsored cyber-offensive operations, as evidenced by attacks like Operation Aurora, Ghostnet, and most recently Night Dragon.

"If it's any kind of military espionage, military adversaries are going to be high on the list. The question then is who in China--is it government agents or independent contractors selling to the Chinese government?" asked Veracode's Chris Wysopal.

Possibly Related Articles:
RSA Authentication China Headlines Espionage hackers breach Cyber Warfare SecurID Lockheed Northrop Grumman
Post Rating I Like this!
Doron Levin The False Claims Act provides a legal tool to counteract fraudulent billings turned in to the Federal Government. Claims under the law have been filed by people with insider knowledge of false claims which have typically involved health care, military, or other government spending programs.
Doron Levin defense contractor fraud
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.