Iranian hack of US Navy network was more extensive and invasive than previously reported

Rich McCormick — The Verge Feb 18, 2014

In September of 2013, it was reported the US Navy’s largest unclassified computer network was hacked by a group either “working directly for Iran’s government [or] acting with the approval of Iranian leaders.” Now US officials say that the network infiltration was far more extensive than previously thought, and lasted much longer than previously reported. According to The Wall Street Journal, it took the Navy four months — until November 2013, after initial news of the hack was published in late September — to purge the hackers from the network.

The Wall Street Journal says the hackers targeted the Navy Marine Corps Internet, and were able to access through “a security gap” in one of the Navy’s public-facing websites. Although officials say that the hackers made no headway into classified networks, they also note that the attack was “more invasive” than reported, with the infiltrators able to make their way into the “bloodstream” of the network, necessitating the implementation of a co-ordinated plan to push them out. To execute that plan — and to draw up a list of safeguards for the future — the Navy ordered the hiring of “so-called cyberwarriors” and contractors. The cost to repair the network, a senior defense official said, was $10 million at the time, but will rise.

Officials were reportedly “surprised at the skills of the Iranian hackers,” who had previously relied on DDoS attacks to attack US government networks. The clean-up process took so long, a source for The Wall Street Journal says, because the attackers worked their way deep into the network’s “bloodstream,” and because Vice Admiral Michael Rogers — nominated by President Obama to be the next NSA director — wanted to put a “comprehensive strategy” for network security in place that would fix broader issues.

Even though the hackers reportedly weren’t able to extract any truly valuable information from their infiltration, Rogers will face tough questions about the US military’s protection against cyber attacks at his upcoming confirmation hearing.  “[The hack] was a real big deal,” a senior Navy official told The Wall Street Journal. “It was a significant penetration that showed a weakness in the system.”


Comments are closed, but trackbacks and pingbacks are open.