High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures (REPORT)

My team and I have completed a report (High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures) on how much more vulnerable U.S. companies are to being hacked if they engage in joint ventures in Russia and China. Everyone's first response to that is probably - of course! However, our findings might surprise you.

Key Findings:

An aerospace company that has a joint venture in Russia and/or China is 2.4 times more likely to experience a cyber attack than a non-JV company.

Of the study’s control group of 12 aerospace companies that have joint ventures in China and Russia, 8 experienced a cyber attack (67%), including Alcoa, Boeing, General Electric, Honeywell, Pratt & Whitney, Rockwell Collins, Rolls Royce North America and Sikorsky. The other 4 aerospace companies, Eaton, Goodrich, Hamilton Sundstrand, and Parker Aerospace, have not publicly disclosed any cyber attacks.

Of the 21 aerospace companies in the study’s random group, only 6 reported or were claimed to have been the victim of a cyber attack (28%), including General Dynamics, Gulfstream, Lockheed Martin, Northrup Grumman, Orbital Sciences Corporation, and Raytheon.

U.S. companies engaged in joint ventures represent a profit
center for international hacker groups.

This study shows that it is highly likely that the intellectual property owned by U.S. companies with Russian and Chinese JVs also represent high value targets for a variety of state and non-state actors worldwide.

It's unlikely that the Chinese or Russian government will utilize spear phishing or other low-level attacks against a U.S. company with a joint venture in their respective states when other superior means are available to them. 

While official and non-official sources frequently assign attribution to a state military or foreign intelligence organization rather than a mercenary hacker group, the host governments of joint venture companies do not need to craft spear phishing attacks against U.S. companies who operate within their borders; who are required to employ their citizens who are technically PRC government employees; and whose communications networks are supervised and monitored by the State.

Download the full report here

Add to Cart View detail

Symantec Still Selling Huawei Equipment - to the Dept of Defense

A November 17, 2011 article in Channelnomics states that "Symantec may have ended its experiment as a hardware manufacturer by selling its stake in its joint venture with Huawei Technologies, but Big Yellow remains committed to developing appliance-based backup solutions and will continue to contract with Huawei and Huawei Symantec as a hardware supplier (emphasis added). In a letter to partners, North America channel chief Randy Cochran says the contract manufacturing relationship between Symantec and Huawei will remain unaffected, as will Symantec’s commitment to marketing and developing appliance-based solutions."

So one of the world's largest security companies continues to partner with the very Chinese company that most of Symantec's customers are buying their systems to protect against. That displays a level of hypocrisy that I have no tolerance for.

Even worse, as General James Cartwright and others in the U.S. government rail against China, the Department of Defense, Boeing, Lockheed Martin and CSC are all buying Huawei Symantec hardware according to one Huawei Symantec channel partner that I spoke with privately. If Rep. Rogers makes good on his promise to hold hearings on Huawei and ZTE, I hope that he investigates who in the U.S. government and the Defense Industrial Base are buying Huawei Symantec products, which are all made by Huawei in China.

Add to Cart View detail

Just How Vulnerable To Attack Are U.S. Drone Operations?

GAO Reports Ongoing U.S. Air Force Vulnerabilities 

The alleged downing of an RQ-170 by Iran has raised a lot of public attention to existing problems in how the Air Force is managing its Unmanned Aerial Systems. As I reported earlier, an unknown person with FOUO access uploaded an Air Force report to the Public Intelligence website that detailed some of those vulnerabilities one day after Iran announced its capture.  On Saturday another FOUO document appeared on PublicIntelligence.net regarding Afghan drone operations by the US Marine Corps. The Government Accountability Office (GAO) has produced quite a few reports that delineate numerous problems with Unmanned Aerial Systems over the past few years. Some as far back as 2008. Some of the problems identified back then have yet to be fixed, such as the lack of a redundant satellite relay site (GAO report 10-331).

The above graphic illustrates the command and control framework that's in place for Predator, Reaper and Global Hawk UAS missions that support contingency operations in Iraq and Afghanistan. A ground control station in the U.S. takes control of the aircraft. A satellite relay site at a fixed location outside of CONUS relays signals from the ground control station to the UAS. Any disruptions at the satellite relay site would impair the operation of the aircraft. While the Air Force has told that GAO that they're working on implementing a redundant system to solve this problem, as of March, 2010 they "had not conducted a detailed analysis of these options to determine the extent to which they would provide for the continuity of UAS operations, or established a specific milestone to formalize a plan that could be implemented quickly in the event of a disruption." Furthermore, the Air Force didn't anticipate bringing a redundant Satellite system online until fiscal year 2012 at the earliest.

Two other detailed examinations of vulnerabilities present in the Air Force's UAS operations are in the following GAO reports (FOUO):

• GAO, Defense Critical Infrastructure: DOD’s Evolving Assurance Program Has Made Progress but Leaves Critical Space, Intelligence, and Global Communications Assets at Risk, GAO-08-828NI (Washington, D.C.: Aug. 22, 2008)
• GAO, Defense Critical Infrastructure: Additional Air Force Actions Needed at Creech Air Force Base to Ensure Protection and Continuity of UAS Operations, GAO-08-469RNI (Washington, D.C.: Apr. 23, 2008)

Cyber Attacks Against Unmanned Aerial System Producers and Developers

The above table of U.S. UAS Producers and Developers comes from the Department of Commerce' Flight Plan 2011 (.pdf). Of the 11 companies listed, the following have acknowledged that they have been the victim of cyber attacks: Boeing, Lockheed Martin, Northrup Grumman, and Raytheon. Most likely all 11 of these companies as members of the Defense Industrial Base would fall into that category, but the above four have gone publicly on record that they are constantly defending against malicious network attacks. However this reflects only a tiny portion of the attack surface for an adversary who's looking to acquire intelligence on operations or R&D. Globalization has extended an adversary's ability to compromise UAS company networks by attacking affiliates or sub-contractors. For example, Japan's UAV association membership includes Mistsubishi Heavy and Kawasaki Heavy, both of whom were hit with simultaneous cyber attacks last summer and both of whom regularly engage with U.S. defense contractors on various projects such as Boeing.

Europe has 153 UAS producers and developers, some of whom are giant companies like EADS and BAE. BAE was implicated in the massive theft of data from the F-35 Joint Strike Fighter program in 2009 when it was believed that access to the data was gained by breaching BAE's network. It's impossible to know how many of those 153 companies have suffered attacks against their network but considering the value of this technology and the rapidly growing demand for drone aircraft world-wide, it would be naive to believe that any of their networks could withstand a targeted attack.

The most important outcome from Iran's capture of the RQ-170 should be an indepth vulnerability assessment of both U.S. intellectual property and operational vulnerabilities of our Unmanned Aerial System aircraft. This must include an international analysis of partnering companies like Boeing - Mitsubishi, Lockheed Martin-BAE, Insitu-ADASI, and many others. The worst outcome is blind denial that Iran or other U.S. adversaries is capable of compromising U.S. drone operations. 

Add to Cart View detail

Open Source Analysis of the RQ-170 Stealth Sentinel Loss to Iran

Courtesy of Recorded Future: https://www.recordedfuture.com/rf/s/2z0Cm4

The loss of the RQ-170 Stealth Sentinel drone to Iran is potentially one of the most critical events that has occurred in 2011 because it implies an offensive electronic warfare or cyber capability that no one expected Iran to have. Now that Iran has released a video of the captured drone and the U.S. government has confirmed that it's authentic, it's clear that the original FARS report claiming that it was captured via electronic means may have been accurate in spite of unanimous Western media reports to the contrary; i.e., that it was shot down.

EMEA's strategic intelligence report on the RQ-170 says that the Stealth Sentinel is a high altitude and long endurance unmanned aerial vehicle (UAV) designed and manufactured by Skunk Works, a division of Lockheed Martin Corporation, for the United States Air Force (USAF). According to EMEA:

The UAV can capture real time imagery of the battlefield and transfer the data to the ground control station (GCS) through a line of sight (LOS) communication data link. The 27.43m wide and 1.82m high aerial vehicle was designed to execute intelligence, surveillance, reconnaissance and target acquisition (ISTAR) and electronic warfare missions over a target area.

According to Earl Lum, President of EJL Wireless Research LLC what is supposed to happen when an Unmanned Aerial Vehicle (UAV) like the RQ-170 loses its comms link is that it should autonomously follow a pre-programmed lost-link profile consisting of waypoints at various altitudes, forming a loop until it re-establishes contact or crashes. The communication link for the UAVs is typically today LOS (line of sight). If it falls below the mountains and loses LOS, it is supposed to then go through this process. However while this applies to UAVs in general it may not be the case with the RQ-170.

Navigation technology
According to the EMEA report, the RQ-170 can be controlled either manually from the GCS or through autonomous mode. An automatic launch and recovery (ALR) system facilitates the aircraft to land safely when communication with the control station fails.

Ground control station
The GCS of the RQ-170 displays the real time imagery or videos captured by the vehicle's payload cameras onboard. The data supplied by the vehicle is retrieved, processed, stored and monitored at the control station which was designed and built by Skunk Works. The GCS tracks, controls and monitors the RQ-170 by transferring commands to the vehicle via LOS SATCOM data link. The sentinel is being operated by 432nd wing of air combat command (ACC) at Creech Air Force Base, Nevada, and 30th reconnaissance squadron at Tonopah Test Range, Nevada.

Related cyber incidents that may have compromised the RQ-170:
- A South Korean newspaper, JoongAng Daily, reported in December 2009 that the RQ-170 was flight tested in South Korea to supersede the U-2 aircraft at Osan Air Base for carrying out missions over North Korea. North Korea is an ally of Iran and has conducted offensive CNE (Computer Network Exploitation) and CNA (Computer Network Attack) missions against South Korea repeatedly for several years. It's unknown what information has been stolen however this type of intelligence is highly sought after and its reasonable to assume that the DPRK would include it on a CNE acquisitions list.
- Lockheed Martin reported a cyber attack in June, 2011 that lasted about one week. LM didn't report what was taken however as with the DPRK example, UAV research has been targeted at U.S. defense firms as late as this past summer according to my own confidential sources.
- Creech Air Force Base experienced a malware infection that impacted its UAV Ground Control Stations in October 2011. It's public report on the incident was confusedly written and lacked details regarding the malware involved, its propagation and its remediation.

Summary
The objective of this article is to assess possibilities. Based on EMEA's report on the RQ-170, it appears that the drone had the ability to land itself without operator control. I'd appreciate hearing from any experts who can confirm whether that's the case or not. If it is, then Iran may have lucked out. If it isn't, then Iran's claim that it used its electronic warfare capacity to assume operational control of this substantial U.S. military asset appears to be true. Considering how easy it is for an adversary to conduct CNE against targeted U.S. networks, this is probably a capability that they obtained from one of many mercenary hacker crews who engage in that type of activity. While the scope of this article is hypothetical, the CNE targeting of UAV R&D is a fact born out by my own company's work in this area. Iran may or may not have that capability now but eventually it will. The RQ-170 event should be a massive wake-up call on the part of the U.S. Air Force to reinstall a self-destruct capability, harden the RQ-170's operating system, and examine potential vulnerabilities in its UAV fleet supply chain.

UPDATE (1528 PST 09DEC11): From an article in today's SF Gate:

The most frightening prospect raised by what appears to be a largely intact Sentinel is that the Iranians' second claim about how they brought it down -- by hacking into its controls and landing it themselves -- might be true, said a U.S. intelligence official, who spoke only on the basis of anonymity because the RQ-170 is part of a Secret Compartmented Intelligence (SCI) program, a classification higher than Top Secret.
The official said the possibility that the Iranians or someone else hacked into the drone's satellite communications is doubly alarming because it would mean that Iranian or other cyber-warfare officers were able to disable the Sentinel's automatic self-destruct, holding pattern and return-to-base mechanisms. Those are intended to prevent the plane's secret flight control, optical, radar, surveillance and communications technology from falling into the wrong hands if its controllers at Creech Lake Air Force Base or the Tonopah Test Range, both in Nevada, lose contact with it.

UPDATE (1708 PST 22DEC11): Cryptome has an interesting thread on the use of the RSA cyber to protect the GPS Red band used on military systems like the RQ-170. This suggests that data from the RSA breach last March may have been shared with the Iranians.

UPDATE (0715 PST 05JAN12): AviationWeek has an excellent technical article on the F-22 technology used on the RQ-170.

Related:
Was Iran's Downing of RQ-170 Related to the Malware Infection at Creech AFB?
How Iran May Have Captured An RQ-170 Stealth Drone
U.S. Air Force Demonstrates How Not To Report A Malware Attack 

Add to Cart View detail

Was The RSA-Lockheed-L-3 Breach Over A $2.6B DHS Contract?

Site Plan New DHS Building

Since my original post on the Lockheed Martin / Prime contractors breach which I and other security researchers connected to the EMC RSA breach (a fact that EMC has now conceded to), I've been investigating possible motives for this multi-faceted attack. Its always been my belief that RSA's technology was not the primary target but a means to an end. And that "end" apparently involved breaching the networks of multiple Department of Defense contractors: Lockheed Martin, L-3 Communications, and allegedly Northrop Grumman. Other primes mentioned as possibilities by Reuters included General Dynamics, Boeing, and Raytheon.

If RSA was stage one of a multi-stage operation, that would suggest that Lockheed, L-3, and Northrup Grumman as the targets would have something else in common besides just being DOD contractors. Since it's my belief that the EMC RSA attack started earlier than March, 2011 and took some planning prior to its launch, I began looking for contract awards in mid to late 2010 that involved the three victim companies. I found a couple of possibilities that warranted further consideration but then I came across this news item from November 8, 2010: 4 competitors protest award of $2.6 billion IT contract to Northrop Grumman

The award, which is now up for re-bidding (GSA solicitation GST0011AJ0021) is for the crown jewels of the new Department of Homeland Security headquarters - building the infrastructure which will support information technology, telecommunications, security, and building management systems. The contractors who filed protests with GAO are Lockheed Martin, General Dynamics, Serco and L-3 Communications. Of the five companies involved, Lockheed and L-3 are confirmed attack targets, Northrop is an alleged target and General Dynamics is a possible target. Serco hasn't been named by any sources familiar with this attack but they also don't use RSA SecurID tokens; opting instead for Signify, one of RSA's competitors for two factor authentication. 

In order to compete for an award, companies must submit detailed technical proposals in written and oral form with an accompanying slide deck. DHS' acquisition schedule for the competing vendors corresponds with the known dates of the attacks:

DHS TIP Industry Day Deck: (Slide 39)

According to the schedule on slide #39, vendor written proposals were due in April and Orals were due in May. L-3 Communications announced active targeting with penetration attacks on April 6, 2011 while Lockheed reported that its breach commenced on May 21.  Late May was also the time of the alleged attack against Northrop Grumman. 

The information and communications infrastructure of the new DHS headquarters would certainly be a target of interest for foreign intelligence services like the FSB. Even the technical proposals from competing DOD contractors would contain valuable information. The level of detail asked for by DHS is fairly intensive as evidenced by the following slide which breaks out one of the eight required tasks: 

Task 2: Requirements Analysis and Design (slide 26)

If the November, 2010 article in the Washington Post triggered the planning stage of the operation, it offered sufficient time for an adversary to discover that the vendors shared the same two factor authentication technology; perform social engineering research on the target companies' employees, probe company websites for vulnerabilities, and craft customized attacks if needed. This doesn't require the resources of a nation state. Any experienced Eastern European hacker crew could pull it off with a relatively low budget. The upside however is huge. The information contained in those DHS technical proposals could be sold to multiple foreign governments and net the crew a seven figure or eight figure payday. And considering the scope of the DHS HQ project (the largest federal construction job since the Pentagon was built in the 1940's according to the Washington Post), this probably isn't the end of it. Whichever prime contractor wins the TIP contract, along with its sub-contractors, will almost certainly become the next targets to be compromised.

Add to Cart View detail

18 Days From 0day to 8K - An RSA Attack Timeline Analysis

There was a lot that bothered me about the official statements surrounding the RSA SecurID breach. For example, they claimed to be victims of an Advanced Persistant Threat that was neither advanced nor persistant.  Then there was news of a related attack against L3 Communications prior to 6 April, less than three weeks after the Coviello letter was made public on 17 Mar 2011. I decided to construct a timeline out of the available facts and see if it supports or conflicts with RSA President Art Coviello [3] and Mr. Uri Rivner's [10] versions of what happened. Either the attack was short-lived, as Mr. Rivner claims, or it was of much longer duration which would put RSA Security division products at greater risk for compromise along with EMC's customers who use them, such as Lockheed Martin [6], L3 Communications [5], and possibly Northrup Grumman [11], among others.


According to Rivner's "Anatomy of an Attack" blog post of 1 April 2011 [10], the attacker used a zero day Flash exploit (CVE-2011-0609) [4]. Neither Rivner nor Coviello provided information about the duration of the attack, however it was easy to calculate.  The 0day that was used in the attack was created on 28 Feb 2011 by a Chinese hacker whose Twitter alias is yuange1975 [2].

yuange1975's Twitter page

If you do the math, 28 Feb to 17 March is 18 days. Think about that for a minute. 18 days from 0day to EMC's 8-K filing with the SEC.  If your head isn't already spinning in disbelief, here's a list of what Uri Rivner claims happened interspersed with other key dates.

1. At some point on or after 28 Feb 2011, an Attacker acquired yuange1975's Flash 0day, embedded it into an .xls spreadsheet entitled "2011 Recruitment Plan" along with a Poison Ivy RAT payload, and wrote a spear phishing letter to deliver it (est. #days = ?) [2], [4]
2. Attacker sent two different phishing emails over a 2 day period before one employee opened the attachment. (est. #days = 2) [10]
3. Attacker gained access to RSA network, learned who the privileged users were who had access to sensitive material and stole their credentials, navigated their way across protected levels of access with multiple authentications, intrusion detection systems, and other layers of defense in depth (est. #/days = ?) [10]
4. Attacker "established access to staging servers at key aggregation points; then went into the servers of interest, removed data (some related to SecurID) and moved it to internal staging servers where the data was aggregated, compressed and encrypted for extraction" (est. #/days = ?) [10], [3]
5. Attacker "used FTP to transfer password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack." (est. #/days = ?) [10]
6. EMC/RSA Security discovered the attack (date unknown), conducted a forensics investigation, and reported their findings to EMC executives
7. RSA notified SecurID customers individually under NDA (est. #/days to contact 25,000 customers = ?) [8], [9]
8. EMC lawyers edited and/or approved Art Coviello's statement which served as both its customer letter and SEC 8-K notification, which was finally published on 17 Mar 2011. (est. #/days = ?) [3], [7]

I invite readers to make their own estimates on the number of days that it might take to accomplish any of these 8 steps; particularly those involving forensic investigators and attorneys. The 18 day figure is impossibly brief, which means that the likely first stage of the Prime defense contractor attacks in April and May were deliberately down-played to save EMC's stock price and reputation. EMC's customers, particularly its Dept of Defense customers, should be demanding answers from Art Coviello and the EMC Board of Directors right about now.

UPDATE: An excellent analysis of the Flash 0day that was used can be read at Villys777's security blog [12]. 

References:

[2] @yuange1975 Twitter post; 28 Feb 2011: https://twitter.com/#!/yuange1975/status/42357318628802560

[3] RSA.com website, Art Coviello's "Open Letter To RSA Customers" (17 Mar 2011) http://www.rsa.com/node.aspx?id=3872

[4] Adobe Security Advisory 14 Mar 2011 "Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat": http://www.adobe.com/support/security/advisories/apsa11-01.html

[5] Wired.com ThreatLevel blog by Kevin Poulsen "Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks": http://www.wired.com/threatlevel/2011/05/l-3/

[6] NYTimes 29 May 2011: "Lockheed Strengthens Network Security After Hacker Attack"

[7] Securities and Exchange Commission website "Form 8-K filing from EMC Corporation": http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/d8k.htm

[8] Confidential source provided this information to the author via email correspondence

[9] 25,000 RSA SecurID customers source: 18 Mar 2011 Intrepidus Group blog post: http://intrepidusgroup.com/insight/2011/03/risk-posed-by-securid-hack/

[10] The RSA Blog 1 Apr 2011 "Anatomy of an Attack" by Uri Rivner: http://blogs.rsa.com/rivner/anatomy-of-an-attack/

[11] Fox News.com, 1 June 2011 "EXCLUSIVE: Northrop Grumman May Have Been Hit by Cyberattack, Source Says":
http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/#ixzz1O6jjeiyE
[12] Blog IX Security Research: http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html

Add to Cart View detail

An Open Source Analysis Of The Lockheed Martin Network Breach

From RSA website

On Saturday 21 May 2011, multiple U.S. defense contractors [2] had their networks attacked by hackers who, in the case of Lockheed Martin, used duplicates of RSA's SecurID tokens to gain access to Lockheed's internal network. Of the possible defense contractors mentioned by Reuters (Boeing, Raytheon, General Dynamics, Northrup Grumman, Lockheed Martin) only Lockheed Martin has made public statements about the attack once LM employees began leaking information about the breach to tech blogger Robert X. Cringely on Wednesday May 25th [3].

Here's what is known about the attack so far:

1. On Saturday night, May 21, 2011 [2], Lockheed Martin's  (NYSE:LMT) network was breached by attackers who created duplicates to EMC Corp's (NYSE:EMC) RSA SecurID tokens [1]
2. Late Sunday night, May 22, Lockheed shut down all remote access to its intranet for at least one week, possibly longer [3], [4].
3. On Wednesday, May 25, Lockheed announced that all employees would have to reset their passwords; that all SecurID tokens would be replaced with new ones; and added an additional password requirement for remote logins [3], [4].

Lockheed's official press release [6] about the attack contains contradictory language that calls into question how accurate its own assessments are:

BETHESDA, Md, May 28th, 2011 -- On Saturday, May 21, Lockheed Martin detected a significant and tenacious attack on its information systems network. The company’s information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.

The word tenacious means "not easily dispelled" and "persisting in existence". An attack cannot be "swiftly" dealt with and "persistent" at the same time. Further "almost immediately" doesn't reconcile with the timeline provided by the above publicly available data, which implies that the attackers had up to 24 hrs of access to Lockheed's network before VPN access was shut off. Finally, while Lockheed claimed that no customer, program, or employee data had been compromised, it was significant enough for President Obama to receive a personal briefing on it, and for DHS and DOD (and presumably NSA) to offer their assistance on Lockheed's investigation [2], [4], [5].

Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach. At that time, at least one prime defense contractor (not Lockheed Martin) made the decision to stop using RSA SecurIDs for its senior staff and found a completely different vendor to supply their security tokens (7). Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack . Of particular note is the warning issued by ICANN's Whitfield Diffie, a crytographic expert who told John Markoff of the New York Times that "a worst case scenario would be that the intruder could produce cards that duplicate the ones supplied by RSA, making it possible to gain access to corporate networks and computer systems"[8]. Apparently that's precisely what happened [1].

Lockheed Martin has a history of significant cybersecurity breaches dating back to Titan Rain in 2003 [9], and the F-35 Joint Strike Fighter program in 2009 [10]. It has never publicly acknowledged the F-35 breach and it landed on the wrong side of the Sandia National Labs lawsuit (LM manages the lab) when a jury awarded a multi-million verdict to Shawn Carpenter for wrongful termination. By some ironic twist of fate, Shawn's employer NetWitness was just acquired by EMC corporation shortly after its SecurID breach and a month or so before Lockheed's.

Clearly, the extent of the RSA SecurID breach was worse than EMC reported to the public, to the Securities and Exchange Commission, and to its customers; at least the ones that I've spoken to. EMC is still refusing to acknowledge its role in this attack [11]. It'll be interesting to see if EMC is sued by Lockheed Martin or any of the other defense contractors for not providing accurate information on the extent of their SecurID compromise and/or fined by the SEC for same, even if Lockheed management couldn't read the tea leaves for themselves.

REFERENCES:
[1] Reuters 27 May 2011: "Exclusive: Hackers breached US Defense Contractors": http://www.reuters.com/article/2011/05/27/us-usa-defense-hackers-idUSTRE74Q6VY20110527
[2] NYTimes 29 May 2011: "Lockheed Strengthens Network Security After Hacker Attack"
http://www.nytimes.com/2011/05/30/business/30hack.html?_r=1&partner=rss&emc=rss
[3] I, Cringely blog 25 May 2011: "InsecurID: No More Secrets?" http://www.cringely.com/2011/05/insecureid-no-more-secrets/
[4] Reuters 29 May 2011: "Lockheed says frequent cyber target from around the world" http://www.reuters.com/article/2011/05/29/us-usa-defense-hackers-idUSTRE74Q6VY20110529
[5] MSNBC (Reuters) 28 May 2011: "Lockheed Thwarts Cyber Attack": http://www.msnbc.msn.com/id/43199200/ns/technology_and_science-security/t/lockheed-martin-says-it-thwarted-tenacious-cyber-attack/
[6] Lockheed.com 28 May 2011: "Lockheed Martin Customer, Program And Employee Data Secure": http://www.lockheedmartin.com/news/press_releases/2011/0528hq-secuirty.html
[7] SANS Newsbites, Vol. XIII, issue 24 (editorial comment by Alan Paller): http://www.sans.org/newsletters/newsbites/newsbites.php?vol=13&issue=24&rss=Y
[8] NY Times, 17 March 2011: "SecureID Company Suffers A Breach Of Data Security": http://www.nytimes.com/2011/03/18/technology/18secure.html?_r=1
[9] Time.com, 29 August 2005: "The invasion of the Chinese cyberspies": http://www.time.com/time/magazine/article/0,9171,1098961,00.html
[10] WSJ.com, 21 April 2009: "Computer Spies Breach Fighter Jet Project":
http://online.wsj.com/article/SB124027491029837401.html
[11] NY Times, 29 May 2011: "Lockheed Strengthens Network Security After Hacker Attack": http://www.nytimes.com/2011/05/30/business/30hack.html?_r=2&partner=rss&emc=rss

RELATED POSTS:
EMC and Google Lawyers Walked Into A Bar ...
What The RSA and NASDAQ Directors Desk Attacks Have In Common

Add to Cart View detail