Offer to change data keys after Lockheed hack

Art Coviello, executive chairman of RSA, said the threats to digital information continues to escalate [EPA]

RSA, the US-based digital security firm, has offered to replace millions of SecurID electronic keys after it came to light that data stolen from them was used to break into the network of Lockheed Martin last month.

Art Coviello, executive chairman of RSA, made the offer in a letter posted on the company website.

The move comes days after Lockheed Martin, the world’s largest military contractor, confirmed that its network was partly breached by using data stolen from RSA in a separate hacking attack in March.

RSA, a division of the EMC Corporation, which makes the SecurID keys, confirmed that the information taken from it in March had been used in the attack.

EMC had previously warned that information stolen from RSA related to its SecurIDs and has now offered to replace the electronic keys of any customers who request them, a spokesman told Reuters.

“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related [intellectual property],” RSA said in Monday’s letter.

Lockheed, which is also the world’s biggest aerospace company and the US government’s top information technology provider, had said that it thwarted the cyber attack in May.

Several cyber security experts with extensive government dealings said the attack on Lockheed shows the level of vulnerability of US security forces in the context of digital content.

In 2009, hackers were reported to have accessed computers holding data on Lockheed’s projected $380bn-plus F-35 fighter programme, the Pentagon’s most expensive arms purchase.

Lockheed Martin produces F-16, F-22 and F-35 fighter jets as well as warships and other multibillion-dollar arms systems sold worldwide.

The SecurID system allows employees who want to log onto a work computer to remotely access files.

Users input a six-digit passcode which is regenerated every 30 or 60 seconds. The process creates “seed numbers” which match up with pin numbers on a main server to allow access.

Other big corporations have also suffered from hacking attacks recently, including Sony Corp and Google.

Data from 25 million users of Sony’s PC games were stolen after electronics giant’s PlayStation network was hacked in May and last week hackers again accessed information from more than one million customers.