If someone approaches you on the street and offers to sell you the blueprints to Lockheed Martin’s F-35 Lightning II fighter jet at a discount, you might want to think twice before laughing it off as a joke. In fact, you should woo them into thinking that you’re genuinely interested so that they set up another meeting and then call the authorities, because it is very possible that such information was recently obtained by hackers when they breached U.S. defense contractor Lockheed Martin’s security networks. In fact, Lockheed Martin wasn’t the only U.S. defense contractor hacked. General Dynamics, Boeing, Northrop Gurmman, Raytheon, and other such companies were affected by the hack, but it is unknown as to what kind of data was compromised in the attack. What is known is that the networks of these contractors contained information on weapons, aircraft, vehicles, and other military equipment that has been used by the U.S. in Iraq and Afghanistan, as well as unreleased technologies and future projects. This whole story sounds so surreal that it might as well have been part of the plot for a James Bond movie, but the severity of this issue is just another chapter in the long book being written on recent corporate security breaches.
Security experts believe that this whole shenanigans began when RSA, the security division of information infrastructure company EMC Corporation, was hacked in March 2011. With the data obtained from that breach, hackers were able to create duplicates of SecurID keys, some of which are used by privileged Pentagon officials. The fact that those same SecurID duplicates were used to breach the networks of top U.S. defense contractors suggests that the same hacker group was behind both attacks.
“Given the military targets, and that millions of compromised keys are in circulation, this is not over,” said Rick Moy, president of infosec firm NSS Labs. Millions you say? Considering how large that number is and the highly sensitive information those keys had access to, why weren’t measures taken to prevent their use after the initial hack on RSA was revealed? Surely if Sony can completely overhaul a security system that supports over 70 million users in a matter of weeks, a company like EMC can take necessary precautions in two months to prevent the breached data from being used maliciously? Luckily, super-classified information is kept on private closed-networks run by the government so although the hackers were able to gain access to some pretty sensitive information, Kim Jong-il won’t be brandishing a ray-gun any time soon. This whole incident is just another friendly reminder that your information on the internet, no matter how protected, is never safe and never out of reach from the fingers a savvy hacker.
Source : Reuters