back to article Lockheed Martin suspends remote access after network 'intrusion'

Lockheed Martin has reportedly suspended remote access to email and corporate apps following the discover of a network intrusion that may be linked to the high-profile breach against RSA earlier this year. The manufacturer of F-22 and F-35 fighter planes has reset passwords in response to a "major internal computer network …

COMMENTS

This topic is closed for new posts.
  1. JeffUK
    FAIL

    There goes the census data,

    For security purposes, will everyone please reset their password, change their name, birthdate,religion and gender,

    1. Fred Flintstone Gold badge
      Coat

      Maybe so..

      .. but you're not going to change my Jedi religion..

      The one with the lightsaber battery pack, thanks. Yes, looks like an iPhone..

  2. James Woods

    gotta love it

    Once again small businesses may fail trying to pick-up the pieces of incidents like this but big business plays as the victim.

    There are a million ways to secure networks in this age and these companies simply don't do it because it would be a bother since they employ contractors and outsource various business functions that require network access from all over the place to the extent they have no idea who will be accessing their networks.

    We have too big to fail and too big to be held accountable for problems. Maybe they will get a small fine or perhaps they can fine the rest of us for keeping secure networks.

    1. This post has been deleted by its author

      1. viz
        FAIL

        actually...

        as soon as RSA got hacked, a straight up strong password became more secure, so lockheed being in possession of a great deal of classified info, should have immediately discarded their system and either implemented a new one, or turned off remote access. It's not like it's been several months since this was reported.

        Security is far more important than convenience. The sooner everyone realizes this the better off we'll be.

        RSA is circling the drain. As soon as everyone comes to terms with this and stops living in denial they'll realize that RSA = FAIL and had better do something, now, today, immediately.

        If you don't you are a fool and you'd better expect your system to go down in flames just like Lockheed's.

        New fobs won't help, RSA is hopelessly broken. Get something else. At least with passwords if one of them gets hacked, that's just one account, not all of them.

    2. fatchap
      Holmes

      A million is about right

      You are correct there are millions of ways to secure networks and even more ways of getting in. If you don't use all of them then someone will be able to get in if they really want to.

  3. Anonymous Coward
    Facepalm

    My bet...

    ...is that the system was compromised and they got access to the back-end RAS server (possibly and internal hack), rather than this being a systematic crack of every RAS token using a complex RSA exploit described.

  4. Anonymous Coward
    Anonymous Coward

    Check your C: Drive

    There should be a file there containing the text "We are legion. Expect us."

    Oh wait. This isn't Sony.

    1. amanfromMars 1 Silver badge

      *Just what does £650m seed in SMART Cyber Security Fields .. Live Operational Virtual Environments?

      "There should be a file there containing the text "We are legion. Expect us."

      Oh wait. This isn't Sony." ... Anonymous Coward Posted Friday 27th May 2011 15:37 GMT

      Hi, AC, there are certainly a lot of you hiding behind that convenient moniker, but no matter, the comfort of crowds in a strange space place is perfectly understandable and it does assist one in remaining remarkably cowed and even paranoid, although one supposes ultra careful is a common excuse used to justify a virtual charade of a mind game.

      However, in other Cyber Parallel Universes keep your peepers peeled for the advisory text ...... "Prepare yourselves for a New Virtual Narrative with Real SMART AIDMinistration." ...... which is a similar message but from sources more open to positive constructive engagement with primitive and/or primeval and/or primary forces ..... and Movers and Shakers that Create the Reality and Infrastructure of Future Existence.

      * And who decides on who gets a whack of that pie, or is one expected to hack into the system and crack open the shell that then spills the beans on how everything works and how you can guarantee yourself and everyone else exactly what they need. Does an Anonymous Coward and computer generated name head up that money spinning operation for government wonks/works in order to guarantee it stays within a private circle of inadequate friends?

    2. Highlander

      No, it's not Sony, It's Lockheed "Skunk works" Martin...

      I can't help wondering why some want to hold Sony to a higher degree of scrutiny than a leading defense contractor. I note that even the article takes a conciliatory tone over the attack.

      Good grief, this is a major defense contractor that works on highly classified projects, and yet their network was penetrated and will be down for a period of at least two weeks for remote access users all of whom now have to get new tokens. Should we not expect that if anyone can secure a network against attack it would be a leading defense contractor that is a clear target for foreign sponsored cyber attacks?

    3. Horridbloke

      @AC 15:37

      What's a "C Drive"?

  5. easyk
    Unhappy

    LM employee services external webpage down too...

    https://www.lmpeople.com/ has been down since Sunday last.

  6. Yet Another Anonymous coward Silver badge

    Secrets stolen

    When we see a story about how the Chinese govt announce a new billion $/aircraft stealth fighter that can't take off with weapons, can't fly in the rain and is 10years late we will know that vital secret documents were stolen.

  7. Highlander

    Did anyone check to see whether Sony was a large customer of RSA SecureID?

    I can't help but wonder whether that Amazon cloud computing service was used to brute force some SecureID tokens in order to do an end run around all the usual PSN security and access things from the 'inside'

    That's pretty much what was being attempted at LM. Interesting. I'm thinking that anyone using SecureID wants to re issue tokens, or try something else.

  8. toolburn
    Mushroom

    us-warns-of-military-response-to-severe-cyberattacks

    http://arstechnica.com/tech-policy/news/2011/05/us-warns-of-military-response-to-severe-cyberattacks.ars

    1. amanfromMars 1 Silver badge
      Mushroom

      There is though one insurmountable hurdle to overcome .....

      Planning a campaign of action with fabulous goals is wholly dependent upon one having the all fields intelligence to achieve them, and that invariably requires the best of intelligence available. And whereas the following Information Operations revision may be intentional, it is hopelessly quarantined by that aforementioned caveat ...... http://cryptome.org/dodi/dodd-3600-01.pdf

      Have you any idea just how good are such services, as are provided by leading lights in those virtual environments? And can you imagine who warrants and flies the Royal Standard for Blighty in such as are Real Intellectual Property Endeavours? Or is that a provision which has been right royally abdicated and would now be pathetically reliant upon a foreign agenda ...... which is a novel trojan program which has just feigned abdication for stealthy access to foreign agenda source codes for a catalogue of available systemic zeroday vulnerabilities.

      Methinks they are a national treasure and will, until such times as may be appropriate, remain totally secret and perfectly unknown to all but a SMART few with a legitimate need to know, lest they suffer grave misfortune at knowing even just a little bit too much of what they do not need to know.

      Knowledge is Power, but without ITs Control, can IT be Deadly Dangerous and Catastrophically Self Destructive .

  9. Sklar
    Megaphone

    letters and/or digits

    Is this the same Lockheed Martin that won the contract to gather this years UK Census Data?

    Names, addresses and birth dates of 60 odd million people in the UK. Sweet.

  10. Mark 65
    Childcatcher

    Unrelated

    Just saw the new icons and thought that the "won't someone think of the children" one could have been a Gary Glitter icon.

  11. Anonymous Coward
    FAIL

    RSA Does not have enough Tokens

    Good luck with replacing 100,000 tokens. RSA does not have that many on hand. And with all their customers now clammering for new tokens. You can bet there will be a major shortage and backlash coming.

    1. Jake Rialto 1
      Holmes

      Does it always have to be hard......

      http://www.rsa.com/node.aspx?id=1313

      Yes...how could they make more of these. They don't keep that many on hand and there's just no time.....

      They may possibly want to change one of the tag lines about what it will do for you....you decide which one.....

      * Strong two-factor authentication in a highly secure software implementation

      * Convenience with merging of RSA SecurID technology onto a user’s personal device and eliminating the need to carry another item

      * Support for a wide range of computing platforms and devices

      * Flexibility for authentication models and policies, with support for up to ten software tokens on one device

This topic is closed for new posts.

Other stories you might like