Hacking incidents at defense contractor Lockheed Martin Corp. and broadcaster PBS that surfaced over the past few days show how widespread corporate breaches have become and underline how any organization can become a victim.
Over the weekend, the website for the PBS show “NewsHour” was altered by hackers to include a fake article claiming that rapper Tupac Shakur, who was murdered 15 years ago, was alive in New Zealand. The hackers also posted login information that stations and other entities use to access PBS sites.
The incident followed a recent breach at Lockheed, which said Saturday evening that it had detected a “significant and tenacious attack” against its computer networks on May 21. The company said it stopped the attack before data could be stolen.
The attacks are the latest in a mushrooming of breaches world-wide. While hackers once generally had targeted companies that stored financial data or had classified government information, culprits today are expanding their sights to other corporate secrets or seeking information that can lead to valuable data down the line. Amateur hackers also are becoming increasingly brazen.
In recent months, hackers stole data from EMC Corp.’s RSA security unit, email marketer Epsilon Data Management LLC, two of South Korea’s largest banks and Sony Corp., where the breach temporarily hobbled its online PlayStation Network.
“Almost anyone is a target,” said Alex Stamos, chief technology officer at security firm iSEC Partners. Professional hackers now “have good tools and good technique and know how to string them together,” he said. Hackers also are getting better at identifying the soft spots in corporate defenses, he said.
So-called hactivists, who take revenge on companies for perceived slights, also have moved from simply knocking websites offline to stealing data. “There are enough people out there who aren’t worried about the consequences that they are willing to wage a sustained campaign against a global company,” Mr. Stamos said.
Corporate executives said they no longer can take a passive approach to cybersecurity. Ted Chung chief executive of Hyundai Card/Hyundai Capital Co., an auto finance provider in South Korea that was hacked in April, blamed himself for not paying enough attention to the importance of information-technology security.
“When it comes to big companies or big banks, no CEO is that stupid not to pay attention. But maybe they pay the same attention I did, which is giving encouragement and budget to IT but then saying ‘What do I know about programming?’ ” he said in an interview Monday. “That is the wrong support.”
The latest attacks demonstrate a diversity of motives. Those who attacked Hyundai Capital tried to extract ransom for a database they stole. With Epsilon, the hackers made off with email addresses that could be used to send “phishing” emails that trick recipients into disclosing personal information.
At RSA, the perpetrators stole data about security systems that the company sells to its clients. Alone, the data are worthless, security experts said, but they could be used to crack defenses used by other companies.
With PBS, a group identifying itself as LulzSec claimed credit for the fake article on Tupac Shakur, which the group said was retaliation for a documentary, “WikiSecrets,” about the publication of classified documents on the WikiLeaks website and the Army intelligence analyst who has been charged with leaking them. “By the way, #WikiSecrets s—,” a message to PBS said. While the attack was more akin to graffiti than burglary, it underscored the threats companies now face.
PBS on Monday said it had corrected the false information on its website and was “notifying stations and affected parties to advise them of the situation.”
The fake article first appeared late Sunday night on the PBS “NewsHour” news blog, “The Rundown.” The group then posted a string of Twitter messages in which it took credit for the breach, beginning with a post that read, “Oh s—, what happened to @PBS?” followed shortly after by the post, “What’s wrong with @PBS…? How come their database is seized? Why are passwords cracked? .” The group then posted links to pages with the login information for the PBS sites.
Shortly after the story was published, PBS “NewsHour” posted several messages on Twitter stating that the article wasn’t produced by PBS and that the site had been hacked.
Separately, Lockheed said Saturday evening that the company’s information-security team detected its attack “almost immediately and took aggressive actions to protect all systems and data.”
“Our systems remain secure; no customer, program or employee personal data has been compromised,” the company said. Lockheed said it was conducting an investigation and that it “has continued to keep the appropriate U.S. government agencies informed of our actions.”
White House Press Secretary Jay Carney told reporters Sunday that President Barack Obama had been briefed on Lockheed attack and that the damage was understood as “fairly minimal.”
Still, that attack is likely to ripple throughout the defense industry. Lockheed supplies some of the most sophisticated weaponry to the U.S. military and is a major provider of information technology to the federal government. The company, based in Bethesda, Md., also is a top international supplier of military and security hardware, employing around 126,000 people world-wide.
Speculation around the Lockheed attack centered on whether hackers may have breached the system by exploiting a vulnerability in SecurID electronic keys made by RSA. In a memo to employees on Sunday, Lockheed Chief Information Officer Sondra Barbour said the company “took swift and deliberate actions” to step up security, including shutting down a virtual private network, resetting user passwords and upgrading SecurID tokens, among other measures.
In South Korea, prosecutors believe North Korea was behind an attack on a large farm cooperative, which couldn’t provide ATM, credit-card and online services for nearly a week after a system at its Seoul headquarters was accessed remotely. How law enforcement tracked the attack to North Korea wasn’t disclosed. But authorities said a link was made to the same Internet servers North Korea used in a 2010 denial-of-service attack against South Korean government websites. North Korea called the South’s accusation in the latest case “absurd” and “unreasonable.”
At Hyundai Capital, a pair of hackers in South Korea gained access to the company’s databases and downloaded personal information on 1.7 million customers. After the company contacted police, it agreed to pay part of what hackers sought. Police arrested the hackers after one was recorded by an ATM video camera as the hacker tried to withdraw some of the ransom. The company has since revamped its IT operation and begun an overhaul of its cybersecurity.