With the alleged Northrop Grumman Cyber-attack, we have experienced three attempts, unleashed in few days, to leverage the compromised RSA seeds in order to steal data from U.S. Contractors.
Albeit the above mentioned events are characterized by two evident points in common: all the targeted companies are U.S. Defense Contractors, and all of them use RSA tokens; there is a point that seems confusing, and it is the timeline with which the attacks were carried out and subsequently unleashed (we will see that the two are very different and somehow confusing).
Hard Times to come for U.S. Defense Contractors: it looks like each new day reveals information of a new cyber-attack to military technology companies using (alleged) compromised SecureID seeds.
This time Fox News reports that Northrop Grumman, another Defense Contractor has been the victims of a Cyber Attack, on On May 26, when the company shut down remote access to its network without warning, catching even senior managers by surprise and leading to speculation that a similar breach had occurred.
I just finished reading this interesting article that seems to offer a different view for the attack at Lockheed Martin (actually, a lone voice which does not consider the attack related to compromised seeds), that here it is another bolt from the Blue. As a matter of fact Wired reports that a second Defense Contractor, L-3, has been targeted with penetration attacks leveraging information stolen from the infamous RSA Breach. This information was contained into an E-mail, dated April 6, sent to the 5000 group’s employees. t’s not clear from the e-mail whether the hackers were successful in their attack, or how L-3 determined SecurID was involved.
Probably it was a quite easy prediction, however it looks like what I suggested on my random thoughts on the RSA Breach has definitively come true: RSA was not the target, probably its customers were.
On this front, the last two days were quite turbulent, and what seemed initially a simple speculation of an attack using compromised SecureID seeds targeted to “a very large U. S. defense contractor”, is revealing to be one of several attacks towards military contractors of U.S. Defense, using the data stolen during the famous breach of March.
The month of March will go into the annals of Information security. First the breach of RSA, then the issue of fake Comodo Certificates (with the subsequent claim by the Iranian Comodo Hacker) have gradually brought down the (few) certainties the Strong Authentication technologies relied on.
June 7 Update: RSA admits some stolen seeds were used to attack Lockeed Martin and will replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
May 31 Update: Wired reports that L-3, a Second Defense Contractor, has been targeted by an attack using information stolen during the RSA Breach