There was a report yesterday at Wired magazine's Threat Level blog that US defense contractor L-3 Communications was targeted by hackers using SecurID tokens in early April, weeks before the same type of cyber attack was launched against Lockheed Martin.
According to the Wired blog post, L-3 sent a memo to its employees on the 6th of April stating that the company had been "actively targeted with penetration attacks leveraging the compromised [SecurID] information."
The Threat Level blog post says that L-3 is refusing to elaborate further on the attack.
This newly discovered cyber attack now raises the distinct possibility that there is a concerted effort to penetrate US (and probably other countries') defense contractor IT systems using the information gleaned from the SecurID hack in March. I wouldn't be surprised that other US contractors have also been cyber smacked, but are not saying anything publicly about it. Expect the US Congress to start raising questions about this issue momentarily.
[Update 02 June 2011:
According to a Fox News report, US defense contractor Northrop Grumman was also attacked in the same way as Lockheed and L-3 Communications. Quoting from the report:
"On May 26, Northrop Grumman shut down remote access to its network without warning -- catching even senior managers by surprise and leading to speculation that a similar breach had occurred."
" 'We went through a domain name and password reset across the entire organization,' the source told FoxNews.com. 'This caught even my executive management off guard and caused chaos.' "
Northrop is neither confirming nor denying the story.
With cyber attacks reportedly against three of the top ten US defense contractors, the question is now becoming who hasn't been attacked rather than who has been.]
In related news, I noted yesterday that the US government has taken the position that a major cyber attack launched by a foreign power on critical US assets like its power grid may be considered an act of war. Retaliation in the form of a traditional military response as well as a cyber response is possible.
The Post story discusses in some detail the problems that arise when trying to determine whether or not to employ a cyber weapon and the need to coordinating with allies on the subject. For instance, not long ago, several US government agencies like the CIA and DoD were debating whether or not to launch a cyber attack against an on-line jihadist magazine written in English called Inspire which was being developed by the al-Qaeda affiliate al-Qaeda in the Arabian Peninsula.
Ultimately, the Post story reports, the US decided not to do so in order to protect "sources and methods and [not] disrupt an important source of intelligence." However, the UK government apparently independently decided to launch just such a cyber attack of its own against Inspire, which made large parts of the magazine unreadable for two weeks.
Speaking of the UK, the Minister of State for the Armed Forces Nick Harvey disclosed yesterday in an interview with the London Guardian that the UK also is developing a range of cyber-weapons, and considers them to be "an integral part of the country's armoury."
Minister Harvey is quoted in the Guardian as saying:
"We need a toolbox of capabilities and that's what we are currently developing... The circumstances and manner in which we would use them are broadly analogous to what we would do in any other domain."
The announcements by the US and UK about cyber weapons development follow the confirmation by the Chinese government last week that it has a 30-strong commando unit of cyber warriors. The Australian reports that the Chinese government insists that the cyber war commando unit is for defensive purposes only.
The US and UK announcements may have been purely coincidental, but one has to wonder a little about their timing.
One reason is that Google posted at its blog today that it had disrupted a phishing campaign to take users' passwords and monitor their emails. The users apparently targeted, Google says, included the:
"... personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."
Google also said that:
"This campaign ... appears to originate from Jinan, China."
If that location sounds familiar, a related Washington Post story this evening reports:
"That’s the home city of a military vocational school whose computers were linked to the assault more than a year ago on Google’s computer systems, along with those of more than 20 other U.S. companies."
No doubt this is just a coincidence, too.
In addition, the Post stated that:
"Mila Parkour, a security researcher who helped alert Google to the Gmail breach, said the attacks had been occurring for at least a year before they were finally uncovered."
Google also stated in its blog post that:
"We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
The political fallout from this latest Google hack - along with those on US defense contractors - will certainly be interesting to watch.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.