Analysis of cyber security occurrence and data defense

In late May of 2011, Lockheed‐Martin was targeted by a cyberattack. Lockheed‐Martin claimed that they discovered the attack early and reacted quickly, with the result that no real harm was done. The b

In late May of 2011, Lockheed‐Martin was targeted by a cyberattack. Lockheed‐Martin claimed that they discovered the attack early and reacted quickly, with the result that no real harm was done.

The basis for this breach was with two‐factor authentication, where a “factor” in authentication can be something you know, something your are, or something you have. A two‐factor authentication system requires you to present instances of two of these three to authenticate with a system. Lockheed‐Martin employed a two‐factor authentication system that combined a password (something you know) with SecurID, a system produced by RSA labs that provides the “something you have” factor.

A SecurID is a small key fob that displays a number, which changes every 60 seconds. Each key fob has a unique number called its seed, which determines what number is shown in the fob at any given point in time. The server stores your username, password hash, and the seed value for your key fob, and this allows it to determine what number is showing on your key fob (as the fob is synched with your account). When you authenticate, you enter your username and regular password, then you look at the key fob and enter in the number shown there. The authentication server knows what number should be shown at that time on the key fob, and so can verify that the key fob is indeed a thing you have. This is called a one‐time password (OTP) system.

In March of 2011, someone attacked RSA with a relatively unsophisticated phishing attack with an attached Excel file with embedded code that exploited a zero‐ day vulnerability in Adobe Flash.

This enabled attackers to set up a “backdoor”—a way for them to get into the computer—where the attackers were able to steal from RSA the seed values of SecurID key fobs.

In late May of 2011, the attack moved to Lockheed‐Martin, where attackers managed to get a key logger onto a company system. The key logger recorded the username, password, and SecurID OTPs used by the victim when he or she authenticated, along with the date and time of the log in.

Two‐factor authentication is designed for just this kind of scenario. The attacker cannot authenticate because knowing the username, password, and an old OTP is not enough; the current OTP is required. However, these attackers stole seed values. For a given seed value and date/time, they could calculate the number the key fob with that seed value would display at that date and time. All the attackers had to do was to write a program that would compute, for every stolen seed value, the number that would have been showing at the date and time the key logger recorded the victim’s login. Once they found a match with the OTP the key logger recorded, they would have matched a seed value with a username. This appeared as if the attackers actually had the key fobs themselves

Critical Elements

Your paper should include these critical elements:

  Identification of cyber security tenets that were violated and rationale of cause

  Analysis of cyber security occurrence and data defense

  Recommendation of best practices to prevent further recurrence

"Is this question part of your assignment? We can help"

ORDER NOW