Defense Contractors’ Networks Compromised

  • Hackers penetrating gaming networks and affecting the data privacy of many millions of customers?  That’s bad.
  • Hackers penetrating the US military’s largest weapons makers’ networks?   Really, really bad.

This week, the largest U.S. military defense contractor, Lockheed Martin, and several others have reported intrusions into their computer networks that may be connected to the compromise of RSA’s SecurID security token division, disclosed back in March.

The New York Times links the Lockheed hack to the March RSA breach.  This may be the first publicly known damage from that March compromise, and other firms may also be affected.  Lockheed first detected an intrusion on Sunday.  Attackers breached security systems by creating duplicate “SecurID” electronic keys.  In response, Lockheed shut down much of its remote access services to confine the issue, and has been providing new tokens and passwords to many workers.  It was not immediately clear what kind of data, if any, was compromised, but the networks of Lockheed and other contractors contain sensitive information regarding current weapons systems, as well as military technology being developed.

A Lockheed press statement, reprinted in part in the Wall Street Journal stated, “to counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security.”  Raytheon has published a statement saying it took “immediate companywide actions” when the RSA breach became known back in March.  Northrop Grumman and Boeing declined to comment to the Times.