June 1, 2011, 11:15AM
Report: L3 Warns Employees Of Attacks Using Compromised SecurID Tokens
Comment 
Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company's network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to a high-profile hack at RSA Security, the security division of EMC Corp. in March.
Wired.com's Threatlevel blog reported on Tuesday that an April e-mail sent from an executive at L-3's Stratus Group to around 5,000 employees of that division of the company claimed that L-3 "has been actively targeted with penetration attacks leveraging the compromised information," referring to the hack of RSA's SecurID information. An L-3 spokesperson did not respond to Threatpost requests for comment.
RSA admitted to the serious breach in March, but denied that the information taken by attackers could be used to clone RSA SecureID tokens, which are used as a second factor for users who wish to access network resources, often from remote locations.
Editor's Pick
Following the breach, RSA warned customers to be on the lookout for targeted attacks. Information taken from RSA servers "could potentially be used to reduce the effectiveness of a current two-factor authentication," the company warned.
On May 29, Lockheed Martin claimed it thwarted a "tenacious" cyber attack on May 21 and that no "customer program or employee personal data" was compromised. Published reports in Wired.com and elsewhere suggested that the Lockheed attack, also, made use of forged SecurID tokens to generate one time passwords and gain access to Lockheed's network. However, the company did not confirm that and security experts have questioned whether the Lockheed incident had anything to do with the compromise at EMC.
Large military contractors are a frequent target of so called "advanced persistent" attackers, which use a variety of tactics to compromise sensitive networks and make off with customer and employee data, intellectual property and more.
The hacks and reported links to the earlier hack at EMC/RSA have spurred calls for better sharing of attack details.
Commenting on this Article is closed.
Today's Most Popular
- Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Common Firewall Feature Enables TCP Hijacking Attacks
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- Facebook Cancellation Malware Disguised As Adobe Update Making Rounds
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (10)
-
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you (1)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (4)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
