Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Scenario: In late May of 2011, LockheedMartin was targeted by a cyberattack. Loc

ID: 3731359 • Letter: S

Question

Scenario:

In late May of 2011, LockheedMartin was targeted by a cyberattack. LockheedMartin claimed that they discovered the attack early and reacted quickly, with the result that no real harm was done. The basis for this breach was with twofactor authentication, where a “factor” in authentication can be something you know, something you are, or something you have. A twofactor authentication system requires you to present instances of two of these three to authenticate with a system. LockheedMartin employed a twofactor authentication system that combined a password (something you know) with SecurID, a system produced by RSA labs that provides the “something you have” factor. A SecurID is a small key fob that displays a number, which changes every 60 seconds. Each key fob has a unique number called its seed, which determines what number is shown in the fob at any given point in time. The server stores your username, password hash, and the seed value for your key fob, and this allows it to determine what number is showing on your key fob (as the fob is synched with your account). When you authenticate, you enter your username and regular password, then you look at the key fob and enter in the number shown there. The authentication server knows what number should be shown at that time on the key fob, and so can verify that the key fob is indeed a thing you have. This is called a onetime password (OTP) system. In March of 2011, someone attacked RSA with a relatively unsophisticated phishing attack with an attached Excel file with embedded code that exploited a zero day vulnerability in Adobe Flash. This enabled attackers to set up a “backdoor”—a way for them to get into the computer—where the attackers were able to steal from RSA the seed values of SecurID key fobs. In late May of 2011, the attack moved to LockheedMartin, where attackers managed to get a keylogger onto a company system. The keylogger recorded the username, password, and SecurID OTPs used by the victim when he or she authenticated, along with the date and time of the log in. Twofactor authentication is designed for just this kind of scenario. The attacker cannot authenticate because knowing the username, password, and an old OTP is not enough; the current OTP is required. However, these attackers stole seed values. For a given seed value and date/time, they could calculate the number the key fob with that seed value would display at that date and time. All the attackers had to do was to write a program that would compute, for every stolen seed value, the number that would have been showing at the date and time the keylogger recorded the victim’s login. Once they found a match with the OTP the keylogger recorded, they would have matched a seed value with a username. This appeared as if the attackers actually had the key fobs themselves.

ANSWER THE QUESTIONS BELOW:

In reference to the attack on Lockheed-Martin:

1. How were the cybersecurity tenets of confidentiality, integrity, and availability violated?

2. How were the attacks executed to bypass network defense?

3. What elements of network defense would have helped mitigate or prevent the breach?

4. What elements of data defense would have helped mitigate or prevent the breach?

5. What best practices would you recommend going forward---both for overall defense and to provide better detection?

Explanation / Answer

1. First the attackers write the program to steal the seed value of securID. Then they will find victim's number of login which leads to match the OTP and then will find a match of seed value with their username.

4. As the above paragraph, a password, a securID and one OTP which can only be seen by the user would have helped mitigate or prevent the breach.

5. The cybersecurity should plan for the coding or programming so that the OTP could not be matched by finding the number of victim's login.The OTP should be made safe and cofined to the user's phone number. When the attackers would try to match the OTP,the user should get a warning message whether to allow them or not.

Related Questions

Scenario: Assets and Liabilities of the Banking System Assets Loans Reserves Lia
Question #1128101
Scenario: Assume that you are the IT department at a large university. Due to a
Question #328744
Scenario: Assuming you are in the U.S. You have graduated from college, and will
Question #1171523
Scenario: At the start of the quarter, 600 students are registered for Econ 1. T
Question #1230089
Scenario: Aziz Ansari is a survivor of the zombie apocalypse. While gallivanting
Question #375954
Scenario: Back in the days of my childhood, we used vinyl records or cassette ta
Question #2121076
Scenario: Bay of Bengal: depleted fish stocks The Bay of Bengal’s basin contains
Question #359292
Scenario: Ben and Nick Two individuals, Ben and Nick, are the only members of a
Question #1249807
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Scenario: In fireworks (See Reactions 1-3 below), the heat released during a com
Next
Scenario: In our Six Sigma program, management identifies and prioritizes the im

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.