Another War-on-Terror Blog: L-3 Communications, Grumman: Hack Attack

Wednesday, June 1, 2011

L-3 Communications, Grumman: Hack Attack

I'd like to think that most folks running major technology companies in America are a trifle less clueless than Dilbert's manager:

Unhappily, it doesn't take a pointy-haired manager, or executives who think "password1" is a strong password, to have security troubles.

A system like this sounds fairly safe, I think:

"...SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds...."
(Wired)

The SecurID service probably worked pretty well. Until someone hacked into their system. We still don't know exactly what data was stolen, and how it's been used, but whats been happening to American defense contractors suggests that the encryption seeds for SecurID tokens is available to someone with Internet access.

And an interest in classified data about United States weapons systems.

This is not, in my considered opinion, good news. At all.

I've put excerpts from the last two days' news at the end of this post.¹

There's probably going to be quite a bit of finger-pointing, as word of ~~this~~ these hack attacks spreads. One of the more sensible points to look into, I think, is why more clients of SecurID didn't change their systems after the original hack?!

Oh, Come On: How Bad Could It Be?

Someone speculated that the control system for Predator drones might be hacked with data that's quite possibly been taken from someone's network. About the best outcome of that might be that the drones wouldn't work at all. Someone with a little piloting skill and the right software might decide to hijack a Predator drone and send it on a new mission.

That, I think, would be bad news. But then, I'm one of those people who don't think that the military-industrial complex and Yankee imperialism is the greatest threat to world peace and spotted owls.

Looking beyond strictly military data, America - and a fair number of other countries - depends on a complex power grid and a telecommunications system for most of what we do every day. Which, for quite a few months each year here in Minnesota, includes keeping the temperature inside above freezing.

Back when the Y2K bug was being dealt with, I evaluated my household's resources. Happily, we didn't get a chance to test this: but I'm pretty sure we would have been okay for at least a few weeks, if the power had failed at midnight, December 31, 1999.²

Then there are nightmare scenarios, like someone getting clever with a pharmacy chain's prescription software. Think Colossus: The Forbin Project meets Dr. Giggles.

Maybe the power grid and phone system crashing in mid-winter wouldn't be so bad, after all.

Related posts:

Hack Attacks
- "Pentagon's New(ish) Policy About Hack Attacks"
  (May 31, 2011)
- "Lockheed Martin, Oak Ridge, Spear Phishing, and Common Sense"
  (May 29, 2011)
- "Lockheed Martin Corp, SecureIDs, EMC, and All That"
  (May 28, 2011)
- "China, Paper on How to Bring Down USA Power Grid: All a Big Misunderstanding?"
  (March 20, 2010)
- "World Bank Group Network Hacked; Chinese IPs Used: Just What We Need"
  (October 10, 2008)
Passwords, security, and common sense
- "Cloud Computing, Dropbox, and the Postcard Principle"
  Apathetic Lemming of the North (May 13, 2011)
- "Lemming Tracks: Bad News From Sony; and Getting a Grip"
  Apathetic Lemming of the North (May 3, 2011)
- "Lemming Tracks: Epsilon Breach, Spam, and Getting a Grip"
  Apathetic Lemming of the North (April 6, 2011)
- "Strong Passwords: It Can be Done"
  Apathetic Lemming of the North (January 1, 2011)
- "International Cyber Crime Ring Busted: 'By Jove, I Think They've GOT It!' "
  Apathetic Lemming of the North (October 3, 2010)

In the news:

"EXCLUSIVE: Northrop Grumman May Have Been Hit by Cyberattack, Source Says"
Jeremy A. Kaplan, FoxNews.com (June 1, 2011)
"Second Defense Contractor L-3 'Actively Targeted' With RSA SecurID Hacks"
Kevin Poulsen, Threat Level, Wired (May 31, 2011)

¹ Excerpts from the news:

"Top military contractor Northrop Grumman Corp. may have been hit by a cyber assault, the latest in a string of alarming attacks against military suppliers...."

"...Lockheed Martin said its network had been compromised last week, and defense contractor L-3 Communications was targeted recently, as well. Both intrusions involved the use of remote-access security tokens, experts say.

"On May 26, Northrop Grumman shut down remote access to its network without warning -- catching even senior managers by surprise and leading to speculation that a similar breach had occurred...."

"...Charles Dodd, an information warfare consultant with Nisrad Cyber Research Institute, raised a scary possibility: Unmanned aerial vehicles such as the Predator can be controlled by computers. If hackers access those computers, can they operate those deadly drones?

" 'If adversaries get that technology, we may not be the one that controls those weapons,' he told Fox News.

"The network attacks spiral from a security breach in March, when hackers stole information related to RSA's SecurID access keys...."
(FoxNews.com)
"An executive at defense giant L-3 Communications warned employees last month that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.

"The L-3 attack makes the company the second hacker target linked to the RSA breach - both defense contractors. Reuters reported Friday that Lockheed Martin had suffered an intrusion.

" 'L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,' read an April 6 e-mail from an executive at L-3's Stratus Group to the group's 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity...."

"...Together, the attacks suggest the RSA intruders obtained crucial information - possibly the encryption seeds for SecurID tokens - that they're using in targeted intelligence-gathering missions against sensitive U.S. targets....

"...SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds...."
(Wired)

² No 'survivalist' stuff: the water heater holds a pretty good supply of water, and the basement could be sealed off. It would have been cold and dark, though.

2 comments:

Brigid said...: I remember actually looking forward to Y2K. Then again, my imagination had it looking like a movie.; June 1, 2011 at 9:40 PM
Brian H. Gill said...: Brigid,

Your mother and I, although we made contingency plans for Y2K, did not worry about it. I suspect our lack of emotional involvement in the situation, coupled with dramatic reporting in news media, contributed to your perception.

It would have made an interesting - and quite literally dark - disaster flick.; June 2, 2011 at 12:40 PM

Blogroll

Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. ¹

American Islamic Congress
American-Islamic Forum for Democracy
Americas Interests.blog an Australian's perspective (on January 29, 2009 the author announced the end of new posts, and explained his reasons for doing so. He is, however, keeping the 21 months of accumulated posts on line, because of "the role that it plays in a larger ecosystem of information" - I recommend AI as an archival resource. )
Blog 4 Human Rights: Human Rights in Georgia (the nation) News, Opinions, Videos and Photos (Why blogroll this? Georgia is about 10% Muslim, very near the Middle East: and human rights is a critical part of the War on Terror.)
CAIR Council on American-Islamic Relations
The Capitol Tribune "A Journal by a Citizen and Servant of the Republic."
The Conservative Hawk An articulate conservative blog: definitely political, opinionated, informed, and intelligent
Defenders Council of Vermont "...our mission is to educate the citizens of Vermont about the nature, reality and threat of radical Islam, deepen Vermonters' understanding of America's heritage, honor the men and women of the armed services and their families, and support the efforts of others to help our armed forces work with local populations in foreign lands."
DefenseLink Blogger's Roundtable provides source material for stories in the blogosphere concerning the Department of Defense (DoD) by bloggers and online journalists.
FactCheck.org "aims to reduce the level of deception and confusion in U.S. politics". It's "a project of the Annenberg Public Policy Center of the University of Pennsylvania". From what I've seen, this non-partisan website must be quite annoying to all sides
Fiqh Council of North America "...a body of qualified Islamic scholars who live in the United States or Canada."
Foreign Policy Watch "Diplomatic strategy, international news, and thoughtful political analysis"
www.free-minds.org Another flavor of True Islam: one more articulate than many
Free Muslims Coalition "American Muslims and Arabs of all backgrounds who feel that religious violence and terrorism have not been fully rejected by the Muslim community in the post 9-11 era."
GlobalSecurity.org "Everyone is entitled to their own opinion, but not their own facts. We try to bring you the facts, to help you form your opinion."
Hudson Institute: Center on Islam, Democracy, and the Future of the Muslim World
IntelCenter "Our focus as a company is on studying terrorist groups and other threat actors and disseminating that information in a timely manner to those who can act on it."
Iraq the Model "New points of view about the future of Iraq."
Islam.com "...an information portal site on the internet that is pure, clean and 'worthy of its name', InshaAllah."
islamispeace.org.uk "...invites you to challenge your ideas of Islam and Muslims."
Islamic Circle of North America "... to seek the pleasure of Allah (SWT) through the struggle of Iqamat-ud-Deen (establishment of the Islamic system of life) as spelled out in the Qur'an and the Sunnah of Prophet Muhammad (pbuh)"
Islamic Republic News Agency Iran's official news agency
Islamic Society of Central Florida (ISCF) "...an organization which strives to serve the greater Central Florida community by catering to the social, religious, and educational needs of its Muslim inhabitants."
Islamic Society of North America "...playing a pivotal role in extending those bridges to include all people of faith within North America...."
(but note another view) )
Islamic World News أخبار العالم الاسلا
Michael J. Totten's Middle East Journal The War on Terror, as observed on the ground
Muir S. Fairchild Research Information Center A research resource for United States Air Force Air University students, "provided as a public service by Muir S. Fairchild Research Information Center and the Maxwell Support Division."
Muslamics Affad Shaikh and "A Writing Collaborative" This American Muslim Affad Shaikh, a very west-coast Muslim Los Angelano
Muslims Against Sharia An organization of Muslims, presumably dedicated "...to educate non-Muslims about the differences between moderate Muslims and Islamists..." - with a curious way of practicing Peace, Love Light, (words in their website's logo).
National Interest, and as a corollary, Primacy "These are indeed my personal pontifications on the vicissitudes of International Affairs." (Be prepared for big words, long sentences: and unexpected insights.)
PM’S World
Radio Free Europe/Radio Liberty "disseminating factual information and ideas"
The Straits Times (Singapore) "...strives to be an authoritative provider of news and views, with special focus on Singapore and the Asian region...."
Urban Conservative "Conservative 2.0 - A New Breed of Conservative
Why Islam? "... articles, books etc on Islam and comparative religion. ... initiated by volunteers from ICNA (Islamic Circle of North America). ..."

¹ Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.

Visit us online:
Spiral Light Candle	• Find a Retailer • Spiral Light Candle Store

Wednesday, June 1, 2011

L-3 Communications, Grumman: Hack Attack

Oh, Come On: How Bad Could It Be?

2 comments:

Unique, innovative candles

Blogroll