Were RSA hackers behind Lockheed Martin breach?

RSA hackers might have been behind the recent information security incident at defense contractor Lockheed Martin, according to security experts.

Lockheed Martin said on May 27 that it detected a “significant and tenacious attack on its information systems network.” The firm stressed that “our systems remain secure; no customer, program or employee personal data has been compromised.” It added that “appropriate” US federal agencies had been notified of the incident. Lockheed Martin and other defense firms use RSA SecureID tokens to enable employees to gain access to corporate networks from outside the office.

In March RSA admitted that an “advanced persistent threat” attack had extracted information related to its Secure ID two-factor authentication products. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack”, Art Coviello, RSA executive chairman, said in an open letter to RSA customers.

A number of security experts think that RSA’s confidence was misplaced. Researchers at NSS Labs said that “there have been malware and phishing campaigns in the wild seeking specific data linking RSA tokens to the end-user, leading us to believe that this attack was carried out by the original RSA attackers.”