The network of defense contractor Lockheed-Martin was attacked using counterfeit electronic keys. Since the RSA Security network was hacked and the keys to its SecurID tokens were compromised a few months ago, the world has been waiting for the proverbial other shoe to drop. Well, it dropped.
In an analysis of the breach at RSA Security, NSS Labs predicted, “This was a strategic move to grab the virtual keys to RSA’s customers–who are the most security conscious in the world. One or several RSA clients are likely the ultimate target of this attack. Military, financial, governmental, and other organizations with critical intellectual property, plans and finances are at risk.”
Cyber attacks have evolved into precision tools for corporate and government espionage.Since the compromise of the SecurID keys, there have been malware and phishing campaigns probing for specific data connecting RSA tokens to the end-user, suggesting that those attacks were being conducted by the original RSA Security attackers with a goal in mind.
Most crimes are crimes of opportunity, and most crimes of opportunity can be avoided. Stay in populated, well-lit areas, and you’re relatively safe. Walk down dark, deserted alleys and your odds of getting mugged go up. Lock your car doors and keep valuable hidden, and you probably won’t get things stolen. Leave your car unlocked with your iPad sitting on the passenger seat and it probably won’t be there when you get back.
However, avoiding a targeted attack–a stalker dedicated to trailing you specifically–is much more difficult. The attack against RSA Security does not appear to have been a random crime of opportunity, but rather a targeted attack calculated with the goal of acquiring the keys necessary to tackle larger prey like Lockheed-Martin.
I am sure that Lockheed-Martin and the United States government have information security experts much smarter than me investigating these incidents and connecting the dots, but it certainly seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments.
Thankfully, Lockheed-Martin detected the attack and acted quickly to thwart it. A spokesperson for Lockheed-Martin reports that no customer, program, or employee data has been compromised as a result of this attack.
But, the entire incident–starting from the RSA Security attack and compromise of the SecurID tokens, and ending at Lockheed-Martin–illustrates that malware and cyber-crime are becoming more insidious. Malware has evolved from a trivial, script-kiddie nuisance, to a professional crime syndicate, and now into a tool for precision corporate and government espionage.
PARIS — French automaker Renault SA named a top executive of Nissan Americas as its new chief operating officer on Monday, in an effort to move on from an embarrassing scandal around false accusations of espionage.
The partially state-owned French car maker said Carlos Tavares, head of operations at the U.S. division of Renault partner Nissan(NSANY), will take up the post immediately.
In a statement, Carlos Ghosn, the CEO of both Renault and Nissan, called the appointment of longtime Renault veteran Tavares “a first step in strengthening Renault’s management.”
Also Monday, Nissan Motor Co. Ltd. said Colin Dodge, its chief performance officer and chairman of Africa, Middle East, India and Europe, will take on the Americas post that had been held by Tavares.
Renault in April announced a wide-scale corporate shakeout — including the ouster of Patrick Pelata from the COO post — over a scandal over false accusations against three executives for espionage.
When the scandal was made public early this year, Pelata accused the three executives of masterminding an “organized, international network” to obtain information on Renault’s flagship electric car program.
The three were suspended Jan. 11 after Renault announced it had discovered signs of espionage and proof the men had received “funds from a foreign source,” and accused them of selling strategic information.
The executives had strongly denied the allegations and investigators could not verify them. Renault sent a deep apology to the wrongly accused employees in March.
Three of Renault’s top security officers and its legal counsel lost their jobs in the scandal, and Ghosn responded by announcing that he would waive all stock option benefits for this year and bonuses for 2010.
The three wrongly accused executives have since reached settlements with Renault, which the car maker did not make public.
Shortly after the scandal broke, Industry Minister Eric Besson spoke openly of “economic warfare” against one of France’s top industrial giants — and one lawmaker from French President Nicolas Sarkozy’s party floated an unspecified “Chinese buyer” connection on French radio.
China’s foreign ministry rejected that allegation by Bernard Carayon, a conservative UMP party lawmaker, as “totally groundless, irresponsible and unacceptable.”
CANBERRA (Reuters) – Australia will a develop a cyber defence strategy to combat hacking and electronic espionage, the government said on Friday, responding to what it sees as an increased threat after recent cyber attacks on global companies and government officials.
The United States said this week it was assessing whether security had been compromised after Google Inc revealed a major hacker attack targeting U.S. officials that the Internet giant pegged to China.
Google’s hacking has fuelled debate in Washington over China’s intentions in cyberspace, which the United States has identified as a potential flashpoint for future conflict.
Australia’s cyber defence blueprint will confront the growing threat posed by electronic espionage, theft and state-sponsored cyber attack, Attorney-General Robert McClelland and Defence Minister Stepehen Smith said.
“The Cyber White Paper will examine what we need to do to protect ourselves online, the role of government, industry and the public in protecting our interests,” McClelland told a cyber security function in Sydney.
The strategy paper, to be completed in the first half of 2012, would look at a broad range of areas including consumer protection, cyber safety, cyber crime, cyber security and cyber defence, McClelland said.
Google announced on Wednesday that suspected Chinese hackers tried to steal passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.
The allegations by the world’s largest Web search company sparked an angry response from Beijing, which said blaming China was “unacceptable”.
Australia’s parliament came under cyber attack in February, with the computers of at least 10 federal ministers including Prime Minister Julia Gillard and Defence Minister Stephen Smith, targeted and confidential emails possibly accessed.
Chinese intelligence agencies were among a list of foreign hackers suspected of being behind those raids, which followed similar breaches in France concerning computer network information about the Group of 20 wealthy nations.
McClelland earlier this week urged companies to tighten vigilance over cyber attacks launched offshore against some of the world’s biggest resource firms and other businesses, warning high-tech threats were intensifying.
The head of Australia’s Department of Foreign Affairs, Dennis Richardson, told upper house budget hearings on Thursday that his officials were experiencing near daily cyber attacks.
“I doubt whether there would be a 24-hour period in which you wouldn’t get something. They can be anything ranging from skilled kids seeing what they can do, to sophisticated hackers getting a kick out of it, through to attempted espionage,” said Richardson, a former head of Australia’s domestic spy agency.
Australia’s former prime minister Kevin Rudd made cyber security a national security priorities in 2009, but the country has not yet followed the lead of close ally the United States and lifted cyber hacking to a sphere of actual war.
But Australian Defence Minister Smith said the cyber threat was “a real, evolving and a growing” test to Australia’s national security defences.
“It comes from a wide range of sources, and from adversaries possessing a broad range of skills,” he said.
WASHINGTON – Federal regulators on Thursday expanded their civil insider-trading charges against a chemist with the Food and Drug Administration accused of using confidential FDA information on pending drug approvals to profit from trades of drug companies’ stock.
Cheng Yi Liang is facing both civil and criminal charges of running an insider trading scheme starting in November 2007. He and his son were arrested in March on charges including securities fraud and wire fraud.
The Securities and Exchange Commission said Thursday it filed a revised civil lawsuit against Liang, alleging he illegally traded in advance of a public announcement on FDA approval of XenoPort Inc.’s Horizant. That was the 28th announcement the SEC says Liang traded ahead of, in addition to the 27 cited in the agency’s suit filed in federal court in Greenbelt, Md., on March 29.
The agency’s revised suit “shows Liang had one more illegal trade in the pipeline when we charged him,” SEC spokesman John Nester said in a statement. “That trade was not expected to pay off until after we put a stop to his fraudulent scheme.”
Horizant was developed to treat restless leg syndrome. Liang made more than $126,000 in profits on XenoPort’s stock, the SEC said. He is accused of making a total $3.6 million in the trading scheme.
Liang’s lawyer, Andrew Carter, didn’t immediately return a telephone call seeking comment Thursday.
The SEC is seeking unspecified restitution and fines against Liang.
Liang looked up the status of the FDA’s review of Horizant on a confidential database at least 52 times between Jan. 6 and March 24, the SEC said. He bought 43,000 shares of XenoPort in accounts in other people’s names in February and March.
The announcement of the approval of Horizant came on April 6, about a week after Liang was charged by the SEC and federal prosecutors. It boosted the price of XenoPort stock by 56 percent, according to the SEC.
The new SEC complaint adds an eighth brokerage account to those it says Liang used to avoid getting caught. That one was in the name of his father, the agency said.
The Wall Street Journal reported Thursday that the government has expanded its investigation of insider trading at the FDA to cover other government employees besides Liang. The Journal cited unidentified people familiar with the matter.
“2011 has really lit up the boards in terms of data breaches,’’ said Josh Shaul, chief technology officer at Application Security, a New York-based company that is one of the largest database security software makers. “The list of targets just grows and grows.’’
Lockheed Martin Corp. said in a statement Saturday that it detected the May 21 attack “almost immediately’’ and took countermeasures.
“Our systems remain secure; no customer, program or employee personal data has been compromised,’’ the Bethesda, Md.-based company said. Neither Lockheed Martin nor federal agencies would reveal specifics of the attack, or its origins. Company spokeswoman Jennifer Whitlow declined to comment further on the case Sunday.
This isn’t the first time Lockheed Martin has been targeted. Nearly four years ago, officials revealed that hackers had breached Lockheed’s Joint Strike Fighter program. Officials said no classified information about the military program was compromised, but heightened protections were added.
Analysts said the latest attack would likely spur rival defense contractors like Northrop Grumman Corp., Raytheon Co., General Dynamics Corp. and Boeing Co. to take additional steps to safeguard their systems.
“I guarantee you every major defense contractor is on double alert this weekend, watching what’s going on and making sure they’re not the next to fall victim,’’ Shaul said.
Boeing declined to comment on the company’s network security measures. Northrop Grumman spokesman Randy Belote said in an e-mailed statement that “we do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions,’’ adding that the company “continuously monitors and proactively strengthens the security of our networks.’’
Cyber attacks have evolved into precision tools for corporate and government espionage.Since the compromise of the SecurID keys, there have been malware and phishing campaigns probing for specific data connecting RSA tokens to the end-user, suggesting that those attacks were being conducted by the original RSA Security attackers with a goal in mind.