China linked to cyber-attack
A U.S. intelligence official tells Inside the Ring that China is the main suspect in the sophisticated computer attack on the defense giant Lockheed Martin announced May 29.
The Bethesda, Md-based company said in a statement that its computer network was targeted May 21 with a “a significant and tenacious attack on its information systems network.” The attack was thwarted and no data was compromised, the company said.
“The fact is, in this new reality, we are a frequent target of adversaries around the world,” Sondra Barbour, Lockheed’s chief information officer, said in a letter to employees. She said one new measure was for the company to upgrade “our remote access SecurID tokens” used by employees to access the network.
The intelligence official said the link between the attack and China is based on initial analysis of the methods used. Unidentified hackers used counterfeit SecurID tokens to break through security barriers and breach the Lockheed Martin network. The tokens generate codes that, when mated to a secure computer, provide the first step in providing secure offsite access to networks.
The tokens used to gain unauthorized access to Lockheed Martin were reproduced from public key cryptology technology used by the security company RSA that was targeted in an attack originating from China several months ago, the official said.
Analysts believe the Chinese were able to obtain critical data that allowed them to reproduce keys for RSA’s SecurID keys that help authenticate computer users who access secure networks remotely.
A second U.S. cyber security official said: “It certainly wouldn’t be a surprise if the Chinese were somehow involved.”
Art Coviello, RSA executive chairman, stated in a May 17 open letter to customers posted on the company’s website that “recently our security systems identified an extremely sophisticated cyber-attack in progress being mounted against RSA.”
“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat,” he stated. “Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products.”
Mr. Coviello said the company is confident that the stolen data would not permit direct attacks on any customers, but he noted “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Neither Lockheed nor RSA said their cyber-attacks came from China. Both, however, said U.S. authorities were investigating.
Chinese Embassy spokesman Wang Baodong said China has been a responsible player in cyberspace, and as a victim of cyber-attacks, opposes such activities. “It’s irresponsible to make unwarranted allegations against China and habitually and wilfully link it to cyber hacking events,” Mr. Wang said in an email.