.png)
A young man in a cyber cafe in Wuhan, China. The cyber-attacks in May on three U.S. defense contractors, were organized by what seems to be the Chinese regime, according to CNET. (Cancun Chu/Getty Images)
The cyber-attacks in May on three U.S. defense contractors, Lockheed Martin, Northrop Grumman, and L-3 Communications were precise and complex. Highly sophisticated work was done in order to breach the networks of three incredibly secure companies, each with long histories of government and military production.
The attacks were professional, as they took patience and weeks of waiting between multiple efforts. The attacks had vast resources, requiring many different aspects of knowledge and expertise. The attacks were brazen, hitting a high-end cyber security firm trusted by the government. Finally, according to what experts told CNET and its affiliate ZDNet Asia, the attacks were also carried out by what seems to be the Chinese regime.
All three targets are logical when engaging in cyber warfare against the U.S., as they are all among the top ten defense contractors in the nation, two of which, Lockheed and Northrop, are in the top three and have been producing military aviation and aerospace defense technology since World War 2.
L-3 Communications was originally formed after the purchase of unwanted Lockheed Martin units, and has grown rapidly in the last 14 years to become one of the prime producers of intelligence, avionics, and surveillance and reconnaissance equipment for the government.
All three were accessed by way of cyber security firm RSA’s SecurID authentication tokens, virtual devices used like keys, which were stolen from an earlier breach of RSA’s own networks in March.
RSA Executive Chairman Art Coviello along with experts interviewed by CNET, stated that they believed the attack was an Advanced Persistent Threat (APT), an incredibly sophisticated and specifically targeted attack, which one of the experts interviewed by CNET, Rich Mogull, called “a euphemism for China.”
According to CNET, Google evidenced the APT as the same kind of attack on its Gmail service in December, where the e-mail accounts of Chinese human rights activists were accessed.
Because RSA’s authentication tokens were a two-factor authentication device, a second accompanying factor, personal company passwords, were required for the attacker to have before being able to access any of the three company’s networks. The attacker would have had to design methods that would obtain those passwords such as malware or fake emails that were well written and appeared professional enough to fool company employees into divulging the necessary information.
The attacks commenced in rapid succession in May, compromising the highly secretive weapons information and data stored on the companies’ networks, and forcing them to temporarily disable universal access until replacement security measures could be instituted.