Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other US military contractors, a source with direct knowledge of the attacks said.
They breached security systems designed to keep out intruders by creating duplicates to “SecurID” electronic keys from EMC Corp’s RSA security division, said the person who was not authorized to publicly discuss the matter.
It was not immediately clear what kind of data, if any, was stolen by the hackers. However, the networks of Lockheed and other military contractors contain sensitive data on future weapons systems, as well as military technology currently used in Iraq and Afghanistan.
Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony Corp, Google Inc and EMC Corp. Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate.
The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of RSA electronic security keys, but declined to say how many for security reasons.
The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.
EMC declined to comment on the matter, as did executives at major defense contractors.
Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, US governmental and other organizations with critical intellectual property.
He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to endusers, which meant the current attacks may have been carried out by the same hackers.
“Given the military targets and that millions of compromised keys are in circulation, this is not over,” he said.
Defense contractors’ networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the US government, said a former senior defense official, who was not authorized to speak on the record.
SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.
The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret personal identification number before they can access the network. If the user fails to enter the string before it expires, then access is denied.
Taipei on Friday rejected Hanoi’s characterization of its recent live-fire drill near Itu Aba Island (Taiping Island, 太平島) as “illegal,” saying that Taiwan’s claim to the small island in the South China Sea was “unquestionable.” The Ministry of Foreign Affairs (MOFA) said in a statement that the comments made by its Vietnamese counterpart about the military’s routine live-fire drills near Itu Aba on Tuesday were “unacceptable.” Earlier on Friday, Vietnamese Ministry of Foreign Affairs spokeswoman Le Thi Thu Hang called Taiwan’s military activity “a serious violation of Vietnam’s territorial sovereignty,” saying it had caused tensions and complicated the situation in the region. Hang
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday said it is more than doubling its US investment to US$40 billion as it plans to make 3-nanometer chips in 2026 at a second Arizona fab, adding to the chipmaker’s original plan of building a US$12 billion fab to make 4-nanometer chips in 2024. The investment would mark the largest foreign direct investment in Arizona’s history and one of the largest foreign direct investments in the history of the US, the world’s largest contract chipmaker said in a statement yesterday. In addition to the more than 10,000 construction workers at the site, TSMC’s two fabs
ENHANCEMENT: The sale would update Taiwan’s Patriot missile system to improve its missile defensive capability and deter threats, the US Department of State said The US has proposed selling Taiwan as many as 100 of its most advanced Patriot air-defense missiles along with radar and support equipment in a deal valued at US$882 million, according to a US Department of State notice obtained by Bloomberg News. The proposal was made under the provisions of a 2010 sale and so technically is not new. It is classified as an enhancement to the earlier deal, with a potential total value of US$2.81 billion. The upgrade would not change the overall value of that deal, which infuriated Beijing at the time and led it to halt planned military exchanges
‘UNITED FRONT’ TOOL? There are already many accounts on Douyin impersonating government agencies, and even Premier Su Tseng-chang, DPP Legislator Mark Ho said Lawmakers and a number of experts yesterday called on the government to ban or heavily regulate Douyin (抖音) over concerns that the short-video platform could be used by China to spread disinformation. Owned by ByteDance Ltd (字節跳動), Douyin and its international version, TikTok, are a subject of concern in democracies worldwide because of potential manipulation by the Chinese government. FBI Director Chris Wray on Friday said that Beijing might have the ability to control TikTok’s recommendation algorithm, “which allows them to manipulate content, and if they want to, to use it for influence operations.” TikTok could also be used to collect personal data