Exclusive: Hackers breached U.S. defense contractors

Source: Reuters

Unknown hackers have broken into the security networks of Lockheed Martin Corp (LMT.N) and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters.

They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's (EMC.N) RSA security division, said the person who was not authorized to publicly discuss the matter.

It was not immediately clear what kind of data, if any, was stolen by the hackers. But Lockheed's and other military contractor networks house sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.

Read more: http://www.reuters.com/article/2011/05/27/us-usa-defense-hackers-idUSTRE74Q6VY20110527

And too often blinded by Pentagon/MIC $$$ --

The only systems more secure are air-gap (not connected to other computers, which makes networks hard to implement) and live-body real-time biometrics.... which are incredibly expensive.

if detectable by hackers, would be something that our best would notice first.

Air-gap is the flaw, disconnecting everybody is the problem.

As Manning showed, any allowable system-shifting is a hole.

But more to the point: secure networks ought not be connected to the web.

that (supposedly) can't be accessed by outsiders. The hacker discovered the password to access their private network.

The attack was figuring out how to duplicate the systems generating that change, so they could find the new passwords, as they were changing, minute by minute.

Using the fact that the computation is in fact determinate.

That idea's been around for a while, I think, but yeah, that would be a non-trivial hack, to do it outright, but various strategies to simplify the problem have been discussed, and there is always social engineering, like I said. In fact, since you have to have both the "seed" and the algorithm, one almost has to have some "inside" knowledge. This sort of thing was discussed in terms of setting up "man in the middle" attacks in IP traffic too IIRC.

http://en.wikipedia.org/wiki/RSA_Security

This surfaced in March:
http://www.computerweekly.com/Articles/2011/03/18/245974/RSA-hit-by-advanced-persistent-threat-attacks.htm

The OP is a cascade effect from that hack.

This sort of thing leads one to think about "state actors", because of the resources required. Most of it seem fairly esoteric, and I can't say I am worried much about my bank account.

probably went right for the prize(s) and disappeared with billions of research

for a song

if I remember right.

:shrug:

It might cost a lot, but it could be done. It would be worth it.