As first reported by SC Magazine last week, the US defence contractor experienced the attack on its information systems network, which it said it detected almost immediately.
In a statement, Lockheed Martin said: “As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.
“Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate US government agencies informed of our actions. The team continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.”
Lockheed Martin supplies the Pentagon with fighter jets, missiles and other military and civilian hardware. According to sources and news reports, use of RSA's SecurID tokens were linked to the access and Lockheed Martin has now sent 90,000 replacement SecureIDs to employees. Employees have also been told to reset all of their passwords used throughout the entire company as a precaution.
The Department of Homeland Security said on Saturday that it and the Defense Department had offered to help determine the scope of the incident impacting Lockheed Martin. The US government has also offered to help analyse ‘available data in order to provide recommendations to mitigate further risk' according to Chris Ortman, a Homeland Security official, in an emailed reply to a query from Reuters.
Lieutenant Colonel April Cunningham said in an emailed reply to Reuters: “Impact to Defense Department is minimal and we don't expect any adverse effect. As a matter of standing Defense Department policy, we do not comment on operational matters.”
Ross Brewer, vice president and managing director of international markets at LogRhythm, said: “Lockheed Martin was quick to spot and disclose this breach and has offered reassurance that none of its critical systems were compromised, but now it faces the substantial task of tracing the source of the attack. When you consider the monetary and political value of the information held on its IT systems, there will be no shortage of candidates.”
Graham Cluley, senior technology consultant at Sophos, said: “From the sound of things, Lockheed Martin took swift and sensible action. It was wise of them to take the step of shutting down access to its internal networks as a precaution, once it believed that unauthorised users may have breached its systems.
“Is it possible that whatever information was stolen from RSA helped the hackers break into Lockheed Martin? If that's the case, that's worrying news for businesses around the world.”
Kevin Bocek, director of product marketing at IronKey, said: ‘To impersonate a real SecurID user, criminals must match user tokens to their stolen RSA SecurID data. This is most easily done by monitoring and attacking SecurID users and this may very well be going on right now on thousands of desktops and laptops around the world.
“Recent incidents may just be the beginning and instead of a corporate network, bank transactions could be next. In addition, criminals could attack an organisation's RSA Authentication manager or attack end users, as criminals can trick end users into entering details about their SecurID token such as a serial number or simply keylog multiple token code entries over time.”