The December 2022 issue of IEEE Spectrum is here!

Close bar

L-3 Communications Cyber Attacked Like Lockheed Martin; Chinese Hackers Get the Best of Google Again

SecurID-type of attack but it appears to have occurred earlier than Lockheed Martin's

3 min read
L-3 Communications Cyber Attacked Like Lockheed Martin; Chinese Hackers Get the Best of Google Again

There was a report yesterday at Wired magazine's Threat Level blog that US defense contractor L-3 Communications was targeted by hackers using SecurID tokens in early April, weeks before the same type of cyber attack was launched against Lockheed Martin.

According to the Wired blog post, L-3 sent a memo to its employees on the 6th of April stating that the company had been "actively targeted with penetration attacks leveraging the compromised [SecurID] information."

The Threat Level blog post says that L-3 is refusing to elaborate further on the attack.

This newly discovered cyber attack now raises the distinct possibility that there is a concerted effort to penetrate US (and probably other countries') defense contractor IT systems using the information gleaned from the SecurID hack in March. I wouldn't be surprised that other US contractors have also been cyber smacked, but are not saying anything publicly about it. Expect the US Congress to start raising questions about this issue momentarily.

[Update 02 June 2011:

According to a Fox News report, US defense contractor Northrop Grumman was also attacked in the same way as Lockheed and L-3 Communications. Quoting from the report:

"On May 26, Northrop Grumman shut down remote access to its network without warning -- catching even senior managers by surprise and leading to speculation that a similar breach had occurred."

" 'We went through a domain name and password reset across the entire organization,' the source told 'This caught even my executive management off guard and caused chaos.' "

Northrop is neither confirming nor denying the story.

With cyber attacks reportedly against three of the top ten US defense contractors, the question is now becoming who hasn't been attacked rather than who has been.] 

In related news, I noted yesterday that the US government has taken the position that a major cyber attack launched by a foreign power on critical US assets like its power grid may be considered an act of war. Retaliation in the form of a traditional military response as well as a cyber response is possible.

A Washington Post story today outlined the types of cyber-weapons the US Department of Defense has developed for such an occasion along with their protocols for use.

The Post story discusses in some detail the problems that arise when trying to determine whether or not to employ a cyber weapon and the need to coordinating with allies on the subject. For instance, not long ago, several US government agencies like the CIA and DoD were debating whether or not to launch a cyber attack against an on-line jihadist magazine written in English called Inspire which was being developed by the al-Qaeda affiliate al-Qaeda in the Arabian Peninsula.

Ultimately, the Post story reports, the US decided not to do so in order to protect "sources and methods and [not] disrupt an important source of intelligence." However, the UK government apparently independently decided to launch just such a cyber attack of its own against Inspire, which made large parts of the magazine unreadable for two weeks.


Speaking of the UK, the Minister of State for the Armed Forces Nick Harvey disclosed yesterday in an interview with the London Guardian that the UK also is developing a range of cyber-weapons, and considers them to be "an integral part of the country's armoury." 

Minister Harvey is quoted in the Guardian as saying:

"We need a toolbox of capabilities and that's what we are currently developing... The circumstances and manner in which we would use them are broadly analogous to what we would do in any other domain."

The announcements by the US and UK about cyber weapons development follow the confirmation by the Chinese government last week that it has a 30-strong commando unit of cyber warriors. The Australian reports that the Chinese government insists that the cyber war commando unit is for defensive purposes only.

The US and UK announcements may have been purely coincidental, but one has to wonder a little about their timing.

One reason is that Google posted at its blog today that it had disrupted a phishing campaign to take users' passwords and monitor their emails. The users apparently targeted, Google says, included the:

"... personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."

Google also said that:

"This campaign ... appears to originate from Jinan, China."

If that location sounds familiar, a related Washington Post story this evening reports:

"That’s the home city of a military vocational school whose computers were linked to the assault more than a year ago on Google’s computer systems, along with those of more than 20 other U.S. companies."

No doubt this is just a coincidence, too.

In addition, the Post stated that:

"Mila Parkour, a security researcher who helped alert Google to the Gmail breach, said the attacks had been occurring for at least a year before they were finally uncovered."

Google also stated in its blog post that:

"We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."

The political fallout from this latest Google hack - along with those on US defense contractors - will certainly be interesting to watch.

PHOTO: iStockphoto

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
An illustration of a series
Carl De Torres

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less