[Infowarrior] - Northrop Grumman May Have Been Hit by Cyberattack, Source Says
Richard Forno
rforno at infowarrior.org
Wed Jun 1 12:21:02 CDT 2011
EXCLUSIVE: Northrop Grumman May Have Been Hit by Cyberattack, Source Says
By Jeremy A. Kaplan
http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/
Published June 01, 2011 | FoxNews.com
Top military contractor Northrop Grumman Corp. may have been hit by a cyber assault, the latest in a string of alarming attacks against military suppliers, a source within the company told FoxNews.com.
Lockheed Martin said its network had been compromised last week, and defense contractor L-3 Communications was targeted recently, as well. Both intrusions involved the use of remote-access security tokens, experts say.
On May 26, Northrop Grumman shut down remote access to its network without warning -- catching even senior managers by surprise and leading to speculation that a similar breach had occurred.
"We went through a domain name and password reset across the entire organization," the source told FoxNews.com. "This caught even my executive management off guard and caused chaos."
"I've been here a good amount of time and they've never done anything this way -- we always have advanced notice," the person said, speculating that the surprise action was a response to a similar network assault.
A spokeswoman for the company would not rule out a cyber attack.
"We do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions," Margaret Mitchell-Jones told FoxNews.com. "As a leader in cybersecurity, Northrop Grumman continuously monitors and proactively strengthens the security of our networks."
From Lockheed to L-3 to Northrop Grumman, the pattern of attacks is clear, said Anup Gosh, a former scientist with the Defense Advanced Research Projects Agency (DARPA) and chief scientist with security company Invincea.
"What we're seeing are targeted attacks against the defense industry," he told FoxNews.com. "Think about the data and information that those companies have. They have our nation's military technology secrets."
Charles Dodd, an information warfare consultant with Nisrad Cyber Research Institute, raised a scary possibility: Unmanned aerial vehicles such as the Predator can be controlled by computers. If hackers access those computers, can they operate those deadly drones?
"If adversaries get that technology, we may not be the one that controls those weapons," he told Fox News.
The network attacks spiral from a security breach in March, when hackers stole information related to RSA's SecurID access keys.
"The RSA attack was very sophisticated, probably executed by people who had plans for what to do with the keys," Gosh told FoxNews.com."Perhaps the RSA keys were used to get onto the Lockheed Martin network."
The keys were definitely used to attack L-3, according to a leaked memo obtained by Wired. “L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” an executive at the company wrote.
Northrop Grumman is also a SecurID customer, according to Bloomberg News.
An RSA spokeswoman said the company was still investigating the various incidents: "The investigation remains ongoing and it would be premature to speculate."
A breach is just the first stage in an operation, Gosh pointed out, meaning proprietary information hasn't necessarily been stolen.
But that isn't the goal anymore, he said.
It used to be, 'let me come through the front door both barrels blazing and grab the money from the vault.' But it's a hell of a lot more lucrative for the adversary to actually go to work inside the bank," he said.
http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/
More information about the Infowarrior
mailing list