Lockheed Martin SecurID hack: Who's responsible?
Hackers have infiltrated Lockheed Martin, the world's largest defense equipment supplier's defenses, which the company termed as significant and tenacious.
Reuters reported that hackers had breached the SecurID two-factor authentication system provided by EMC Corp.
In order to patch up the loophole the maker of F-35 Joint Strike Fighter and F-22 Raptor Lockheed Martin initiated actions which included resetting the resetting all user passwords, upgrading the company's remote access SecurID tokens, and adding a new level of security to its remote access network log-on procedure. Lockheed sent about 90,000 replacement SecureIDs to its employees.
Bethesda-based company Lockheed Martin confirmed that no personal data was siphoned. It stated: As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.
The key problem was rooted in an EMC hack reported in March. EMC alerted its SecurID users that hackers had stolen information about RSA SecurID two-factor authentication which could be later used by malicious hackers to breach company systems.
RSA is a subsidiary of EMC. According to RSA, its SecurID Two-Factor authenticator has a unique symmetric key that is combined with a proven algorithm to generate a new one-time password (OTP) every 60 seconds.
It further explains: The one-time password - something you have - is coupled with a secret personal identification number (PIN) - something you know - to create a combination that is nearly impossible for a hacker to guess.
The other SecurID components are RSA Authentication Manager Software, RSA Authentication Agents, and RSA SecurID authenticators.
Many RSA SecurID authenticators come in two shapes - like a keyfob and in the form of card.
Here is a diagram of how the SecurID functions:
© Copyright IBTimes 2024. All rights reserved.