Lockheed Martin Cyber Attack Linked To RSA Data Breach

Update (Jun 7): RSA chairman Art Coviello has now admitted that the attack was linked to the March 2011 SecurID breach, and offers to implement risk-based authentication or replace all tokens as a gesture to customers. Still no official confirmation of what was stolen, however.

U.S. aerospace giant Lockheed Martin reported on Saturday that it detected and thwarted a “significant and tenacious attack” on its network a week ago.

An unnamed source with direct knowledge of the attacks claimed that hackers broke in by creating duplicates of the SecurID tokens used by Lockheed Martin’s users. The company responded by shutting down remote access to its networks and replacing almost 100,000 of the SecurID tokens.

Although the link to the RSA data breach has not yet been confirmed, it is another possible clue to what many in the information security community have long suspected: The RSA breach involved the theft of the token seed records which, with some additional information, could be used to duplicate the functionality of the RSA tokens.

Interestingly, it appears that RSA has secretly briefed some of its customers on the details of the March 2011 data theft. Two people familiar with the briefings reported that the company required them to sign non-disclosure agreements promising not to discuss the advice that was provided.