A targeted attack on a defence contractor in March of this year resulted in the theft of 24,000 files.
According to the New York Times, officials declined to identify the military contractor whose data system was compromised and also refused to name the nation they suspected was the culprit, saying that any accusation was a matter of official, and perhaps confidential, diplomatic dialogue.
William J. Lynn III, US deputy defence secretary, said that over the years ‘crucial' files stolen from defence industry data networks have included plans for missile tracking systems, satellite navigation devices, unmanned surveillance drones and top-of-the-line jet fighters.
He said: “A great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols.”
According to The Register, the UK has been impacted in the same way with ‘an entire jet engine' design stolen in recent times from its UK manufacturer before security measures were stepped up.
Guy Bunker, Jericho Forum board member, said: “I am not surprised that they are not naming what they ‘lost' as they probably don't know. Very few companies or governments have any idea as to exactly where there data is and who is accessing it.
“Given the circumstances, it could well have been a legitimate account that was used, in which case it becomes even more difficult to tell what was legitimate usage and what wasn't. From a cyber espionage perspective, the acquisition of usernames and passwords is of far greater value than bank details.”
Asked about the attack going through a third-party contractor, Bunker said that this proves once again that organisations need to impose the same security rigour for all their third party data handlers as they do for themselves.
“All aspects of both physical and logical security need to be checked to ensure that they are not the weakest link in the chain,” he said.
“All organisations need to better understand where all their sensitive/confidential data is, whether it is on laptops, sitting in the data centre or with a third party (either as a copy, or a third party has legitimate access to the data on the organisation network), it then needs to classify that information and put the appropriate controls in place around it.
“This can include technology such as data loss prevention solutions, encryption and access anomaly detection. Technology needs to be backed up by rigorous processes and training/education of all employees and third parties.”
In May, Lockheed Martin was hit by an attack to its network that it claimed failed to impact customer, program or employee personal data. RSA executive chairman Art Coviello confirmed that ‘information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin'.