Lockheed Martin Latest to Succumb to “Significant” Cyber Attack

Written by Malcolm James on June 1, 2011

In what is eerily beginning to look like a monthly ritual, another high-profile organization is targeted by Cyber Terrorism. This time it is the world’s largest military contractor. Is it World War III, or just another day at the office?

Lockheed Martin Corporation, the world’s largest defense contractor, announced this week that it staved off what it calls a “significant and tenacious attack” on its servers. The attack, which Lockheed Martin detected on May 21, still remains something of a mystery in terms of scope, but Reuters reports that, as of May 29, employee access was still down.

“No customer, program or employee personal data was compromised thanks to ‘almost immediate’ protective action taken after the attack was detected May 21,” company spokesperson Jennifer Whitlow stated in an email distributed by the company.

The Bethesda, Maryland company is the world’s biggest aerospace company and the largest supplier of military systems to the U.S. government. The maker of the F-16, F22 and F-35 Lightning fighter jets also sells military equipment across the globe.

In an effort, perhaps, to ensure that they themselves haven’t been compromised, the U.S. Government has offered its assistance in determining the scope and source of the attack. Bloomberg News reports that in a May 28 email from Homeland Security, spokesperson Chris Ortman states the Department of Homeland Security, along with the Department of Defense, is looking into the matter.

“[We are] aware of a cyber incident impacting [Lockheed]” and will be “determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk.”

Lockheed said in an email that the attack on May 21 was discovered “almost immediately” and no employee, program or customer data was lost. Lockheed uses RSAs mobile security platform. RSA, a division of EMC Corporation of Hopkinton, Massachussetts, recently increased security on their system after a security breach in March of this year. In that attack, amongst the stolen information were data directly related to RSA’s SecurID authentication products. MarketWatch reports that after this most recent attack, Lockheed Martin employees were required to change their passwords, and that the breach may have been a direct result of the SecurID information stolen from RSA.

Bloomberg helped clarify the possible nature of the attack, in statements from a source speaking under the condition of anonymity. “The remediation involves replacing the SecurID tokens issued by RSA that often expire in three years, said the person, who wasn’t authorized to discuss the matter publicly.” An eerie premonition of what might be coming next, EMCs clients include, “defense-contractor clients, which make missiles, aircraft and other weapons, [including] Northrop Grumman Corp. (NOC) and Raytheon Co. (RTN).” Bloomberg also stated that EMC declined comment on the matter.

Not surprisingly, the U.S. military remains tight-lipped on the matter. In an email, U.S. Air Force Lieutenant Colonel April Cunningham stated that the resulting fallout of the attack is, “minimal” and that the powers that be, “don’t expect any adverse effect.” Reuters also stated that Cunningham “declined to specify the nature of the impact, saying that as a matter of policy, the department does not not comment on operational matters,” and that DHS spokesperson Ortman said that the department will be working with Lockheed Martin to review the “available data in order to provide recommendations to mitigate further risk.”

2011: The Year of the Cyber Terrorist?

In the spirit of keeping score, the Lockheed Martin cyber attack is only the latest in a litany of high-profile targets, making 2011 seem more and more like the Year of the Cyber Terrorist:

  • In January, the Canadian government was the target of an “unprecedented cyber-attack” by Chinese hackers, which took down the systems of two government agencies.
  • In February, pro-Iranian hackers calling themselves the “Iranian Cyber Army” launched an attack against the Voice of America’s website. VOA’s Persian News Network also experienced satellite interruptions.
  • In early March, major agencies of the government of South Korea were bombarded in a Distributed Denial of Service (DDoS) attack.
  • Also in March, the European Commission revealed that it had been the victim of an “ongoing [and] widespread cyber attack” against its servers.
  • In early April, email marketing firm Epsilon reported that it had been breached, in a targeted attack which could cost the affected parties more than $600 million;
  • In mid April, Sony Corporation made news – over and over again – as its woes kept the company’s PlayStation Network and Qriocity servers dark for several weeks. The result of the attack saw the user account information of more than 70 million released into the wild.
  • In May, the U.K. Finance Minister stated that the U.K. Government’s servers are under a constant state of attack, averaging more than one attack per day just on the Ministry of Finance.

Cyber Horror or Cyber Hype?

While it may be premature to declare this the Year of the Cyber Terrorist, it certainly seems like these attacks are becoming more frequent and more severe. Perhaps it would be more accurate to dub this the ‘Era of the Cyber Terrorist.’ Bill Davidow at Forbes suggests that World War III, if it ever occurs, will be fought on the battlefield of cyber space. Tony Bradley of PCWorld takes an interesting perspective in his article, Lockheed-Martin Attack Signals New Era of Cyber Espionage, suggesting that the era of cyber espionage is in full bloom. The attack on Lockheed Martin, Bradley writes, “seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments.”

Food for thought, or all-out lunacy? As if the media frenzy isn’t enough, this week China announced that it has an elite “Cyber Warfare Unit” dubbed the ‘Cyber Blue Team.’ The jury’s still out as to the purpose of Cyber Blue, but add to the mix last year’s kafuffle over Stuxnet and its intended purpose and you have yourself one heck of a Cyber Thriller, Hollywood movie rights and all.

Hmm. Time to get writing.

Comments

Freddie James June 2, 2011

There is definitely a mobilizing of troops on all sides as far as cybercrimes and defenses are concerned, but the big difference is that there are an awful lot of fringe groups and agendas acting independently from their respective governments. While I don’t think this is espionage or war-related, the lack of unification on any front would make any fight on this “battlefield” a chaotic mess.

Tom Rooney June 6, 2011

Starting this year up to 2012, hackers and malware-makers will increase their attacks against private and public organizations – of course starting from big corporations and public institutions. And this has been a trend this year. Many consumer-based and government organizations fell prey to this type of attack.

However, it’s still premature to call it as cyber terrorism (per se). For it to be called as such, this attack should be more syndicated and focused on a particular area. The attacks should also come from an organized entity with a financial and / or ideological motive.

Jamie Campbell June 8, 2011

Thanks for your comments. Interestingly enough, the U.S. Government just confirmed it last week, declaring that a cyber attack on the U.S. would be treated as an act of war, with potential military action. I wonder where this is all leading…

  • (required)
  • (required)