On Saturday 28 May 11, Fox News reported that the US government announced that, a major defense supplier Lockheed Martin suffered a cyber breach which prompted a move to shutdown remote access to its employees and reissue RSA two factor tokens. The breach was speculated to be linked to information obtained from an earlier compromise of RSA which according to an open letter by RSA states “Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” The RSA attack, which was specifically targeted to obtain sensitive information around its security products was sophisticated, time consuming, costly and highly motivated.
Typically to undertake such attacks one needs to have means and motive. If these two attacks were related, and so it seems, then the motive was clearly to obtain military secrets and not money from a bank. The motive narrows down possible suspects to companies or countries interested in military secrets. Secondly, the money and expertise needed to comprise these two companies would have been in the order of several million dollars utilizing highly skilled hackers and sophisticated target reconnaissance.
If Lockheed Martin’s detected the breach through a security process such as audit or monitoring as opposed to accidental discovery it would speak volumes on their security preparedness and ability.