Security expert Robert Cringely has posted a troubling article asserting that the recent network disruption at defense contractor Lockheed is the result of compromised security tokens issued by the recently breached security vendor RSA.
Word is that Lockheed disabled their employees remote access privileges while the company reissued new RSA SecurID tokens to all telecommuting workers, as well as requiring all employees with network access to change their passwords.
In mid-March RSA, the security division of EMC, announced they had suffered a breach stemming from an attack on their network systems.
What little information is available indicates that the hackers targeted proprietary information related to RSA's SecurID two-factor authentication systems.
"It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network," Cringely writes.
RSA's SecurID is a product designed to prevent unauthorized access to enterprise network systems, and exposure of proprietary information about the product could in turn make RSA's clients more vulnerable to hacks themselves.
"The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it. A breach like this is very subtle and not easy to spot. There will be many aftershocks in the IT world from this incident," said Cringely.
While few details have ever been released that could give analysts an understanding of the scope and impact of the RSA breach, the unauthorized access to sensitive material regarding SecurID could still have wide spread impact.
RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.
"But is this the only such instance of a major corporate network break-in? The very fact that we haven’t heard anything about this (I hadn’t, had you?) makes me think this probably ISN’T the first such network penetration from the recent RSA hack… or the last," Cringely postulates.