Saturday, May 28, 2011

Hackers breach security at several U.S. defense contractors

Hackers have managed to breach the networks of several U.S. defense contractors, Reuters reported on Friday. Reuters received the information from a source with direct knowledge of the attacks.

However, the source remained anonymous, as he was not authorized to discuss the security breaches.

The hackers breached network security by creating duplicates of "SecurID" electronic keys from EMC Corp's RSA security division. The hackers, in turn, learned how to create the duplicates using data stolen acquired during a successful attack on RSA that EMC publicly disclosed in March, the source added.

It is unclear what exactly the hackers accessed during their intrusions. It's also unclear what the full extent of contractors affected was, but Lockheed Martin was specifically mentioned in the report, although "several other" contractors were also hacked.

Speaking to Reuters, one contractor, Raytheon, said once the RSA attacks were disclosed in March, it took precautions to ensure its systems were secure. Boeing, too, addressed the report, saying the company had a wide-range of defensive systems in place to protect its network.

The RSA SecurID authentication mechanism consists of a "token," whether it be a piece of hardware or software (a "soft token") assigned to a user. The token generates an authentication code at fixed intervals. This code, along with the typical password or PIN must be entered to grant a user access to a system.

This is an example of two-factor authentication, wherein two different pieces of identification must be presented to access a system or network. In this case, the token gives the user a constantly changing code to use, and the PIN is the second factor in the authentication.

Rick Moy, president of NSS Labs, an information security company, said the current attacks were likely to have been carried out by the same hackers as in the original March RSA breach. "Given the military targets, and that millions of compromised keys are in circulation, this is not over," he said.



No comments: