China linked to cy­ber-at­tack

The Washington Times Weekly - - Geopolitics -

A U.S. in­tel­li­gence of­fi­cial tells In­side the Ring that China is the main suspect in the so­phis­ti­cated com­puter at­tack on the de­fense gi­ant Lock­heed Martin an­nounced May 29.

The Bethesda, Md-based com­pany said in a state­ment that its com­puter net­work was tar­geted May 21 with a “a sig­nif­i­cant and tena­cious at­tack on its in­for­ma­tion sys­tems net­work.” The at­tack was thwarted and no data was com­pro­mised, the com­pany said.

“The fact is, in this new re­al­ity, we are a fre­quent tar­get of ad­ver­saries around the world,” Son­dra Bar­bour, Lock­heed’s chief in­for­ma­tion of­fi­cer, said in a letter to em­ploy­ees. She said one new mea­sure was for the com­pany to up­grade “our re­mote ac­cess Se­curID to­kens” used by em­ploy­ees to ac­cess the net­work.

The in­tel­li­gence of­fi­cial said the link be­tween the at­tack and China is based on ini­tial anal­y­sis of the meth­ods used. Uniden­ti­fied hack­ers used coun­ter­feit Se­curID to­kens to break through se­cu­rity bar­ri­ers and breach the Lock­heed Martin net­work. The to­kens gen­er­ate codes that, when mated to a se­cure com­puter, pro­vide the first step in pro­vid­ing se­cure off­site ac­cess to net­works.

The to­kens used to gain unau­tho­rized ac­cess to Lock­heed Martin were re­pro­duced from pub­lic key cryp­tol­ogy tech­nol­ogy used by the se­cu­rity com­pany RSA that was tar­geted in an at­tack orig­i­nat­ing from China sev­eral months ago, the of­fi­cial said.

An­a­lysts be­lieve the Chinese were able to ob­tain crit­i­cal data that al­lowed them to re­pro­duce keys for RSA’s Se­curID keys that help au­then­ti­cate com­puter users who ac­cess se­cure net­works re­motely.

A sec­ond U.S. cy­ber se­cu­rity of­fi­cial said: “It cer­tainly wouldn’t be a sur­prise if the Chinese were some­how in­volved.”

Art Coviello, RSA ex­ec­u­tive chair­man, stated in a May 17 open letter to cus­tomers posted on the com­pany’s web­site that “re­cently our se­cu­rity sys­tems iden­ti­fied an ex­tremely so­phis­ti­cated cy­ber-at­tack in progress be­ing mounted against RSA.”

“Our in­ves­ti­ga­tion has led us to be­lieve that the at­tack is in the cat­e­gory of an Ad­vanced Per­sis­tent Threat,” he stated. “Our in­ves­ti­ga­tion also re­vealed that the at­tack re­sulted in cer­tain in­for­ma­tion be­ing ex­tracted from RSA’s sys­tems. Some of that in­for­ma­tion is specif­i­cally re­lated to RSA’s Se­curID two-fac­tor au­then­ti­ca­tion prod­ucts.”

Mr. Coviello said the com­pany is con­fi­dent that the stolen data would not per­mit di­rect at­tacks on any cus­tomers, but he noted “this in­for­ma­tion could po­ten­tially be used to re­duce the ef­fec­tive­ness of a cur­rent two-fac­tor au­then­ti­ca­tion im­ple­men­ta­tion as part of a broader at­tack.” Nei­ther Lock­heed nor RSA said their cy­ber-at­tacks came from China. Both, how­ever, said U.S. authorities were in­ves­ti­gat­ing.

Chinese Em­bassy spokesman Wang Baodong said China has been a re­spon­si­ble player in cy­berspace, and as a vic­tim of cy­ber-at­tacks, op­poses such ac­tiv­i­ties. “It’s ir­re­spon­si­ble to make un­war­ranted al­le­ga­tions against China and ha­bit­u­ally and wil­fully link it to cy­ber hack­ing events,” Mr. Wang said in an email.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.