Second defense contractor in RSA SecurID hack

A couple news reports this morning tell of another defense contractor getting hit with a breach that can be traced back to RSA SecurID products. The latest victim is L-3.

One report is from Wired News blogger Kevin Poulsen:

An executive at defense giant L-3 Communications warned employees last month that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.

The L-3 attack makes the company the second hacker target linked to the RSA breach — both defense contractors. Reuters reported Friday that Lockheed Martin had suffered an intrusion.

“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 e-mail from an executive at L-3’s Stratus Group to the group’s 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

A second report on the incident is from Alastair Stevenson of The International Business Times, who also notes that Reuters had a report on the incident Friday:

The company has not yet released any details about the breach and it’s not yet clear how Reuters discovered the use of the RSA’s compromised SecurID data.

But if true and stolen SecurID data was used in the cyber attack, then the company’s security breach presents a number of troubling scenarios.

L-3 is itself one of the largest federal-government contractors within the United States. It provides command-and-control, communications, intelligence, surveillance and reconnaissance technology to the Pentagon and a number of the U.S.A.’s intelligence agencies.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a