Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

May 31st, 2011, 18:18 GMT · By

Experts Doubt Lockheed Martin Blocked Attack Without Losses

SHARE:

Adjust text size:


Lockheed Martin claims nothing was stolen during attack
Enlarge picture
Government contractor Lockheed Martin has admitted that its network came under attack recently, but claims it successfully repelled it without any loss of sensitive data.

The attack is said to have involved cloned SecurID tokens that were used to access the contractor's network and resulted in the VPN being suspended for at least a week while employees are being issued new devices and passwords.

The SecurID tokens are being produced by RSA Security, a division of EMC, which suffered a security breach earlier this year.

Attackers are believed to have stolen undisclosed information about the product as a result of the compromise.

"On Saturday, May 21, Lockheed Martin detected a significant and tenacious attack on its information systems network," the government contractor said in a public statement.

"The company’s information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data.

"As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised," it added.

However, Jeffrey Carr, a security expert who specializes in cyber conflicts, doubts that everything is as good as Lockheed claims.

For one, he takes issue with the wording in the public statement, noting that tenacious means "not easily dispelled" and "persisting in existence" and that such an attack cannot be "swiftly" dealt with.

He then points out that, according to public data, attackers had access to the contractor's network for up to 24 hours and that the incident was severe enough for President Obama to be personally briefed about it.

Furthermore, the expert notes that part of the fault lies with Lockheed senior executives who failed to take appropriate measures following the RSA SecurID breach. Other contractors replaced their tokens with ones from others vendors.

"Clearly, the extent of the RSA SecurID breach was worse than EMC reported to the public, to the Security and Exchange Commission, and to its customers; at least the ones that I've spoken to," Mr. Carr concludes.

TELL US WHAT YOU THINK:

1,157 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Lockheed Martin Shuts Down VPN Following Security Incident
RIM Claims All Countries Treated Equally but Expert Disagrees
RSA Hackers Exploited Zero-Day Flash Vulnerability

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use