Lockheed Martin Corp., the U.S. government's top information technology provider, said on Saturday that it detected and thwarted "a significant and tenacious attack" on its information systems network one week ago.
"As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure," Jennifer Whitlow, a Lockheed spokeswoman, said in an e-mailed statement. "No customer, program or employee personal data has been compromised."
Lockheed's information security personnel are working around the clock to restore employee access to the "information systems network" targeted in the May 21 attack, the statement said.
Bethesda, Maryland-based Lockheed, the Pentagon's No. 1 supplier by sales and the world's largest aerospace company, has kept the "appropriate U.S. government agencies" informed of its actions, it added.
The Department of Homeland Security on Saturday said it and the Defense Department had offered to help determine the scope of the "cyber incident impacting LMCO," as the maker of fighter jets, ships and other major weapons systems is known.
The U.S. government also has offered to help analyze "available data in order to provide recommendations to mitigate further risk," Chris Ortman, a Homeland Security official, said in an e-mailed reply to a query from Reuters.
The Defense Department said the impact on the Pentagon of a cyber attack on Lockheed Martin had been "minimal" and it expected no harm to result.
"Impact to DoD is minimal and we don't expect any adverse effect," Lieutenant Colonel April Cunningham said in an emailed reply to Reuters. "As a matter of standing DoD policy, we do not comment on operational matters."
The confirmations followed a Friday report by a source with direct knowledge of the attacks who told Reuters the unknown hackers broke into the security networks of Lockheed Martin and several other U.S. military contractors.
They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter.
The networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.
Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony, Google and EMC Corp. Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate.
The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of the RSA electronic security keys, but declined to say how many for security reasons.
The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.
EMC declined to comment on the matter, as initially did executives at major defense contractors.
Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, governmental and other organizations with critical intellectual property.
He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users, which meant the current attacks may have been carried out by the same hackers.
"Given the military targets, and that millions of compromised keys are in circulation, this is not over," he said.
Earlier, Lockheed, which employs 126,000 people worldwide and had $45.8 billion in revenue last year, said it does not discuss specific threats or responses as a matter of principle, but regularly took actions to counter threats and ensure security.
"We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security," said Lockheed spokesman Jeffery Adams.
Executives at General Dynamics Corp., Boeing Co., Northrop Grumman Corp., Raytheon Co. and other defense companies declined to comment on any security breaches linked to the RSA products.
"We do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions," said Northrop spokesman Randy Belote.
Actions prevented widespread disruption
Raytheon spokesman Jonathan Kasle said his company took immediate companywide actions in March when incident information was initially provided to RSA customers.
"As a result of these actions, we prevented a widespread disruption of our network," he said.
Boeing spokesman Todd Kelley said his company had a "wide range" of systems in place to detect and prevent intrusions of its networks. "We have a robust computing security team that constantly monitors our network," he said.
Defense contractors' networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the U.S. government, said a former senior defense official, who was not authorized to speak on the record.
SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of a person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system.
The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN (personal identification number) before he or she can access the network. If the user fails to enter the string before it expires, then access is denied.
RSA and other companies have produced a total of about 250 million security tokens, although it is not clear how many are in use worldwide at present, said the former defense official.
The devices provided additional security at a lower cost than biometrics such as fingerprint readers or iris scanning machines, said the official, noting that the RSA incident could increase demand for greater use of biometric devices.
The RSA breach did raise concerns about any security tokens that had been compromised, and EMC now faced tough questions about whether "they can repair that product line or whether they need to ditch it and start over again," he said.
EMC disclosed in March that hackers had broken into its network and stolen some information related to its SecurIDs. It said the information could potentially be used to reduce the effectiveness of those devices in securing customer networks.
EMC said it worked with the Department of Homeland Security to publish a note on the March attack, providing Web addresses to help firms identify where the attack might have come from.
It briefed individual customers on how to secure their systems. In a bid to ensure secrecy, the company required them to sign nondisclosure agreements promising not to discuss the advice that it provided in those sessions, according to two people familiar with the briefings.