March RSA Hack Hits Lockheed, Remote Systems Breached

A on RSA's SecurID authentication service has possibly claimed its first big victim: Lockheed Martin.

According to a source speaking to Reuters, unknown hackers have broken into Lockheed Martin's security systems by using duplicate SecurID tokens to spoof legitimate authentications into the network. These SecurID tokens are analogous to Blizzard's World of Warcraft Authenticators: Tiny little keyfobs that display an ever-changing code one must enter to log into a protected service.

Lockheed hasn't issued comment on alleged breach itself, leading only to speculation as to what data, if any, those breaching the company's network were able to acquire. But the plunder could be vast: Lockheed is the nation's largest military contractor, and it undoubtedly has treasure troves of data about existing and future weapons systems as well as information related to the various cybersecurity services the company provides.

Classified information is likely out of hackers' hands: Due to the volume of attacks that these kinds of systems on a daily basis, it's highly doubtful that Lockheed—or any security contractor—would keep top-secret information within reach, should one ever breach the remote access gates.

"To counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data," said Lockheed spokesman Jeffery Adams in an interview with the Wall Street Journal. "We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security."

According to a source, once Lockheed was made aware of the attack, the company began instigating new security measures to prevent future breaches. These included shutting down some of the company's remote access capabilities on its systems, as well as a new order for 90,000 replacement SecurID tokens for the company's employees. Users were also asked to change their passwords company-wide.

So how did the hackers do it? It's been speculated that hackers obtained master key files during the March RSA attacks—as implied, a hacker then would be able to penetrate a SecurID-protected network by replicating an individual's exact keys generated by the particular device.

An anonymous source confirmed this fact to Reuters. But, for semi-obvious reasons, neither EMC–RSA's parent company–nor most other security contractors are commenting about anything related to RSA's breach, including any additional safeguards they might have put in place since news of the attacks broke.

According to officials, RSA and other companies have produced around 250 million security tokens in total. RSA has been briefing its customers on how to better secure their networks in the aftermath of the March attack.

For more from David, follow him on Twitter @TheDavidMurphy.