Skip to main content
  1. Home
  2. Computing
  3. News

US defense contractors’ networks breached by hackers

By
hackers-lockheed-martin
Image used with permission by copyright holder

Hackers have allegedly broken into the systems of some of the most prominent defense contractors, including Lockheed Martin Corp and other companies that develop weapon systems for the US Department of Defense, reports Reuters, who spoke with a person familiar with the matter.

To breach the systems, hackers reportedly duplicated electronic login keys known as “SecurID,” which are made by the EMC corporation’s RSA security division. It is not yet known if any data was stolen by the hackers. But because of the highly sensitive nature of the information stored on Lockheed’s and other’s systems — data about classified future weapon systems being built for the US military, as well as weapons currently in us in Iraq and Afghanistan — it’s not difficult to assume what kind of info the hackers were after.

Widely used to protect sensitive data, SecurIDs are far more robust than a standard username/password combo that one would use to login to, say, Facebook. Instead, SecurID generates a new series of digits every couple of minutes that the user must enter into the system, along with a unique user pin. Failure to login before the next set of numbers is generated results in denied access to the system.

Related

The breach, said to have been carried out in March, actually involved more than one attack. First came the initial breach on the RSA division, during which hackers stole data the taught them how to copy the security keys. Then came a wave of malware and phishing attacks launched to gain additional user and network data that would allow for greater access to the systems. This type of attack is known as an “Advanced Persistent Threat” or APT.

In addition to an internal investigation into the matter, EMC says it took immediate steps to protect its customers, which included “hardening our IT infrastructure.”

Rich Moy, president of information security firm NSS Labs, tells Reuters that the nature of the attack means a threat remains.

“Given the military targets, and that millions of compromised keys are in circulation, this is not over.”

Editors’ Recommendations

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more