China fingered as possible source of RSA, defense contractor attacks

The RSA breach was carried out using an advanced persistent threat (APT), and China is known for using the APT attack method, Rich Mogull, chief executive of Securosis, told CNet.

"APT is a euphemism for China. There is a massive espionage campaign being waged by [that] country. It's been going on for years, and it's going to continue", Mogull said.

The security breaches at Lockheed Martin and L-3 Communications, and now reportedly at Northrop Grumman, appear to have resulted from the information taken from RSA, according to Chris Wysopal, chief technology officer at Veracode. "I think [the attacks on the contactors] are completely related" to the RSA intrusion, Wysopal told CNet.

Lockheed Martin admitted to the New York Times that the hackers that gained access to its network used data stolen from RSA. And RSA officials said that they were working with customers to offset the risk created by its data breach.

In April, L-3 told employees that it was the target of a cyberattack using information from the RSA breach, according to Wired. And just last week, reported that Northrop Grumman had to shutdown remote access for its employees, suggesting that a breach of the SecureID tokens was the reason for the shutdown.

While speculation that China was behind all of these attacks is just that – speculation it would fit in with the Chinese government’s posture that cyberspace is a competitive battleground with the US government, according to Rafal Rohozinski, a principal at SecDev who did research on targeted attacks on Tibet.

"China has made no secret that they see cyberspace as the domain that allows them to compete with the US", Rohozinski told CNet.

What’s Hot on Infosecurity Magazine?