Forgot your password?
typodupeerror
The Military Government Security United States

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months 147

Posted by Soulskill
from the your-tax-dollars-at-work dept.
cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article: "The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."
This discussion has been archived. No new comments can be posted.

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months

Comments Filter:
  • by cold fjord (826450) on Wednesday February 19, 2014 @01:16AM (#46283067)

    Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.

    • Re: (Score:1, Insightful)

      by Amorymeltzer (1213818)

      Asymmetrical? Heard of a little thing called Stuxnet [slashdot.org]? Centrifuges, uranium, and control systems aren't exactly cheap either.

    • by ZouPrime (460611) on Wednesday February 19, 2014 @01:33AM (#46283137)

      This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.

      In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.

      This also can lead to a cult of the offensive:
      http://en.wikipedia.org/wiki/Cult_of_the_offensive

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        Jeez, I've joked plenty of times about Slashdot turning into a sounding board for Zionist NeoCon warmongering, but like every trolls' joke Slashdot refuses to admit is true (like my satirical but correct prediction of Slashdot announcing that they will try to more frequently divert readers to Beta etc.). I'd much rather be friends with an Iranian Family than a Saudi or Jewish family. Lift those goddamn sanctions completely and stop fucking with them -- America's real enemies in the Middle-East are Saudi Ara

        • Re: (Score:1, Troll)

          by aliquis (678370)

          I just learned it was, maybe not all that surprising, western nations (GB and France) who made those nations/borders in the first place..

          The enemy of peace and stability have likely often been western military powers interfering and destabilizing regions.

          • by quenda (644621)

            I just learned it was, maybe not all that surprising, western nations (GB and France) who made those nations/borders in the first place..

            The enemy of peace and stability have likely often been western military powers interfering and destabilizing regions.

            Thats a very bold accusation, coming from someone who admits to being one article away from complete ignorance on the subject.
            The British and French were trustees of those lands after the collapse of the Ottoman Empire. They had promised independence to the Arabs, for supporting them in WWI. What were they supposed to do? Leave the Arabs to sort out a diplomatic solution amongst themselves?

            • "What were they supposed to do? Leave the Arabs to sort out a diplomatic solution amongst themselves?"
              You broke my sarcasm-o-meter.

          • Who the fuck modded this "troll"? That idiot should at least check Wiki. Those borders were drawn by Great Britain and France with complete disregard of who lived where and what they wanted.

        • by Anonymous Coward

          Christ, mnoderations get worse and worse here. Look, guys, ethanol-fueled is a troll and nothing but a troll. He posts anon so he'll start at 0 rather than -1, as he would logged in because his karma is so low. Hell, though, the way moderation has been lately he might as well log in, hios troll comments might get his karma back since idiots are modding him up.

      • Vive le Maréchal Foch!

        "My centre is giving way, my right is retreating, situation excellent, I am attacking." -- General Ferdinand Foch [wikipedia.org]

      • by aliquis (678370)

        This also can lead to a cult of the offensive:
        http://en.wikipedia.org/wiki/C... [wikipedia.org]

        lol, also true in RTS games.

        So you think those towers/turrets with catapults/missile launchers/.. behind them will save you and win the war? Think again.

    • by khasim (1285) <brandioch.conner@gmail.com> on Wednesday February 19, 2014 @01:48AM (#46283209)

      My first question would be ... how are we sure that Iran did this?

      The second question would be how did whomever do it? We've heard about how the NSA/CIA/etc are stockpiling zero-day exploits. Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

        This is an interesting question; it's still not enough. Experience in OpenBSD's audit process [openbsd.org] shows that a single vulnerability is an entry to finding other bugs. If you fix all of the similar bugs in your code then you very likely fix vulnerabilities you will never realise you had. The NSA (and the GCHQs) should be using it's government purchasing power to

        • insist that the source code to all software used by their nation is availble to them; recommend against code without the source code
        • actively identif
      • by AmiMoJo (196126) *

        My first question would be ... how are we sure that Iran did this?

        Because we have always been at war with Iran.

        • It would be more accurate to say that Iran has always been at war with the US after the Islamic Revolution overthrew the Shah.

          • The coup d'etat was way before your date (which was 79' revolution.) You can read more about that at wiki: http://en.wikipedia.org/wiki/1... [wikipedia.org] It probably dates way before these dates.
            • Both the Shah and Iran were friendly to the US until the revolutionary Islamist government took power and declared the US to be its enemy. That also extended to another Iranian ally, Israel. The problem in relations between Iran and Israel is Iran's doing.

              As to the coup, if you look into the history you will see that democracy was gone. The legislature had been dissolved, an election faked, and the PM was ruling by decree and ignored the usual checks and balances in a constitutional monarchy of the monar

              • by dave420 (699308)
                You are hopeless. Absolutely hopeless.
              • "... until the revolutionary Islamist government took power and declared the US to be its enemy." That's because Iraq attacked Iran then. Where Iraq used biological bombs; Iran refused to stoop to that level. Iraq, with US intelligence+weapons. As such, US was their enemy too. Note that it was a coup, not "counter-coup." Even the CIA admits to that: http://www2.gwu.edu/~nsarchiv/... [gwu.edu] Stephen Kinzer wrote a Bestseller there: All the Shah's Men: An American Coup and the Roots of Middle East Terror.
                • Your history is a bit scrambled. Ayatollah Khomeini declared the US to be "The Great Satan" nearly a year before Iraq attacked Iran.

                  I know that Iraq used chemical weapons, as did Iran. I don't think that they used biological weapons at all.

                  A counter-coup is still a coup, but it is in reaction to another.

                  • AFAIK Iraq only started doing chemical-biological warfare after they started losing the war.

                  • "I know that Iraq used chemical weapons, as did Iran." Do you have any reference for that? That is, showing Iran used them as well? Any source I have checked say Iraq used; this is first time I hear that Iran used. Bottom line is, Iran didn't "start" this. US expansionism has caused this. After WWII, the new role it had.
                    • Iran - Chemical Weapons [fas.org]

                      "US expansionism" had nothing to do with the Iran-Iraq war, and nothing to do with Iran's manufacture and use of chemical weapons. I don't recall that the US has added any territory to itself since WWII. It has vacated many military bases around the world since then.

                  • "..., as did Iran." I don't see any reference here. I'm not a historian on this stuff; but, I am skeptical Iran started. After WWII, many countries changed. US took on new roles it never had; with that, US expansionism, too. The affair with Iran is over oil; nothing else makes any sense there at all. As such, it doesn't make sense what you say. Look at oil prices in past century. http://www.globaleye.org.uk/se... [globaleye.org.uk]
                    • The main current issue with Iran is its nuclear weapons program that is piggybacking on the cover of a nuclear power program. To that you can add concern over Iran's repeated threats to choke off the world's oil supply, and involvement supporting terrorism around the world, and various other actions. Just because it doesn't make sense to you doesn't mean that it isn't an actual issue.

                  • "I know that Iraq used chemical weapons, as did Iran." Where'd you get the idea Iran did? As far as I know, you are wrong here.
      • Do we bother believing the DOD telling us another story about big, bad, Muslim wolves and the need for endless war footing?

        And if they spent $10 million, no doubt about 75% of that was wasted, poured down the maws of corpulent military contractors (cui bono).
    • by bkmoore (1910118) on Wednesday February 19, 2014 @02:58AM (#46283447)

      We're not at war with Iran, and no sane person in the U.S. or in Iran wants a shooting war. IMHO, what we have here is more of a cold-war style cat and mouse game where each side tries to provoke the other and see how far they can go. Examples being Iran supplying arms to Shiite militias in Iraq, Iran being involved in proxy wars in Syria and Lebanon, taking Americans hostage, and developing a nuclear weapons capability. The U.S. responded with Stuxnet and probably a few other things that we don't know about. In the end it's really about gaining some sort of political bargaining advantage and to have a stronger bargaining position when the time for deal making comes.

      Iran is also the regional heavy weight, and they're not a bunch of modern-day spearchuckers as the parent somehow implies. They do have a professional conventional military with semi-modern weapons systems. They also have the ability to maintain, develop and upgrade their weapons systems. The main difference between Iran and the U.S. is that Iran lacks the global logistical capabilities that America brings to the battle field, and the depth that the U.S. has in any fight. The Iranians would lose a conventional battle with the U.S. and both sides know this. Defeating the U.S. in a conventional battle probably isn't a factor in Iran's military planning. They're more focused on regional domination, especially if and when the U.S. pulls out of the middle east. Without the U.S. backing of the Gulf states, Iran would probably be able to defeat any of their neighbors in a conventional war, at least in theory. Without the U.S., the only country in the region that might defeat Iran would be India.

      If somehow forced into a conventional fight with the U.S., Iran could, with the right leadership, inflict heavy damage before being defeated. But Iran is a very old country. IMHO, they're playing for time and will poke us at any chance they get. As Sun Tzu once said, "If you wait by the river long enough, the bodies of your enemies will float by." In more modern terms that is called, "strategic patience."

    • Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money....A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems.

      I bet that's why the hackers used the compromised machines to play "Dirty Deeds Done Dirt Cheap" instead of "Thunderstruck". [dailymail.co.uk]

    • by Mabhatter (126906) on Wednesday February 19, 2014 @12:23PM (#46286851)

      That's ok, we attacked their infrastructure with damaging programs first. If the CIA is gonna play with hackers, they'd better make sure the rest of the military is ready to play ball too.

      It's not lie the navy had a few years of notice after Stuxxnet that the Iranians were going to take a shot back. If the navy can't hang with the big kids, they better stay out of hacking OTHER countries, eh.

      • In the case of Iran's nuclear program, the hacking was apparently an attempt to avert a future war. That seems to have failed. Since so many here hate that idea, I guess war it is. The only question is, how long will the countdown be, and what will be the price?

        • by Uberbah (647458)

          In the case of Iran's nuclear program, the hacking was apparently an attempt to avert a future war.

          "Apparently", eh? Will your Fascist Merit Badge be revoked if you get within 20 feet of the truth, or something? Even the head of the motherfucking IDF admitts [antiwar.com] Iran has no nuclear weapons program.

  • Maybe they learned (Score:4, Interesting)

    by Megahard (1053072) on Wednesday February 19, 2014 @01:28AM (#46283121)

    By studying Stuxnet.

    • They probably both learned about the technology, and to take it seriously.

      • Re: (Score:3, Informative)

        by rtb61 (674572)

        Far more likely the US congress running around all the time threatening to kill millions of Iranians to keep Israeli campaign donors happy has motivated a lot of high order Iranian thinkers to work together to thumb their noses at the US dogs of war.

        Real reason why the failure, US computer security services were far too busy attacking everyone else, purposefully leaving holes in the system and in some super crazily deranged false flag attack creating new ones for others to exploit which is OK so long as

        • Is there anything that this site can't blame on the Jews?

          • by quenda (644621)

            Is there anything that this site can't blame on the Jews?

            You cannot seriously discuss US middle-eastern policy without mentioning the Jewish/Israeli lobby. Or if you don't, its the elephant in the room.
            The same applies to oil. Middle-east wars would be about as interesting as the latest conflict in the Congo if they had no oil and no Israel.

          • Dude. Stuxnet was allegedly written by them and/or the US. So...

            There is no concrete proof of it of course. Just some pathnames.

  • by TWX (665546) on Wednesday February 19, 2014 @01:34AM (#46283139)
    ...and figured they could get some much-needed F14 parts if they requisitioned planes to be outfitted special for missions...
  • by Anonymous Coward

    Practicing the classic 'government officials say' rhetoric without mentioning Stuxnet, or what the U.S. would do if it was Iran sabotaging American nuclear facilities.

  • by Ichijo (607641) on Wednesday February 19, 2014 @01:38AM (#46283163) Homepage Journal

    ...the Navy saved taxpayers at least that much by not having tighter security.

    Well, it was a nice thought.

  • by Anonymous Coward

    cold fjord sends news ...

    So, you had to edit out the anit-Islam panic from his original post.

    • Re: (Score:2, Insightful)

      by cold fjord (826450)

      Please go to the trouble of actually reading what I write. I don't engage in "anti-Islam panic." I am against violent extremists, aren't you? Certainly many ordinary Muslims are against the extremists and just want to live in peace.

      • by Smauler (915644)

        I am against violent extremists, aren't you? Certainly many ordinary Muslims are against the extremists and just want to live in peace.

        I think the Palestinians have been saying this for ages, but Israel's armed forces don't seem to be listening.

        • Hamas isn't saying that. They are still committed to the destruction of Israel, and they control Gaza. Fatah is willing to say that in English when speaking to the West or where the West can hear, but when speaking in Arabic to their own they aren't so peaceful either.

          Israel may pay for tolerance it shows to killers [heraldsun.com.au]
          The Palestinians Want Peace — Just Not With a Jewish State [dennisprager.com]

          • by Uberbah (647458)

            Hamas isn't saying that. They are still committed to the destruction of Israel

            You mean they want their stolen property back, no different than Jews [huffingtonpost.com] demanding the return of property stolen from them. And your talking point died when Carter visited Hamas and talked them into accepting Israel as party of a peace deal, just by actually talking to them.

            Other parts left out of your storyline (cuz that's what you do), Israel created Hamas to undermine Fatah. And while you guys like to whine about the Hamas chart

  • If I was the yavn and wanted to host a honeypot what would it look like?

  • Tit for tat (Score:4, Insightful)

    by Sigurd_Fafnersbane (674740) on Wednesday February 19, 2014 @02:10AM (#46283269)

    They seem to learn fast, also they have a lot of good engineers. We should expect some kind of response to Stuxnet and I guess we have established by Stuxnet that electronic warfare is OK for countries to do against each other.

    It is going to be much harder to stomach the day some Air-force guy is taken out by a drone attach in Virginia with a missile to his car as he is delivering his children to Kindergarten.

  • Iran is still not capable. They hired Russian and Chinese hackers.
    • Probably. But they aren't as dumb as you think. I have met them on occasion in conferences and they seem to have a pretty good grasp at maths theory, physics, etc. Many of their diaspora are top notch research staff in North America. So dumb they are not. Their problem is they are too isolated by sanctions and can't easily access modern machine tools and other things required to actually build stuff.

  • by Anonymous Coward

    It's not just the military or Iran. We choose to twittle our thumbs and write it off as a rarity. Most companies don't even realize the drastic damage its doing. When your competition in China has all your secrets and make identical clones of your products for a fraction of the price how do you expect to stay in business. Iran's impact is probably insignificant in the scheme of things. It's industrial espionage and 'theft' of proprietary information that's the major problem. Iran's just an exemplary example

  • this was clearly explained to me by the principal author of the HMI/SCADA program that I'd just been hired to work on. I later resigned in protest.

    It's been long enough I figure they've fixed their security holes by now.

    Despite their taking industrial safety very seriously, to company owner thought it was quite fucking funny that his product was totally shot through with security holes.

    HMI/SCADA: Human-Machine Interface / Supervisory Control And Data Acquisition. That's the proper name for what most would

  • by IgnorantMotherFucker (3394481) on Wednesday February 19, 2014 @02:47AM (#46283415) Homepage

    I know this because a client I once consulted for, sold 400,000 licenses for their Windows product to the Navy.

    Windows isn't so bad if it's properly locked down, but it's not really possible to do that unless all of your application are Windows Logo-compliant, for example they don't store end-user documents in the Program Files folder. I expect the military has a lot of homebrew software they absolutely need to use, that prevents Program Files from being locked down.

    Also everyone who actually administrates a windows box, has to actually know how to lock it down.

    The Navy's Smart Ship technology is being considered a success, because it has resulted in reduced manpower, workloads, maintenance and costs for sailors aboard the Aegis missile cruiser USS Yorktown. However, in September 1997, the Yorktown suffered a systems failure during maneuvers off the coast of Cape Charles, VA., apparently as a result of the failure to prevent a divide by zero in a Windows NT application. The zero seems to have been an erroneous data item that was manually entered. Atlantic Fleet officials said the ship was dead in the water for about 2 hours and 45 minutes. A previous loss of propulsion occurred on 2 May 1997, also due to software. Other system collapses are also indicated. [Source: Gregory Slabodkin, Software glitches leave Navy Smart Ship dead in the water, Government Computer News, 13 Jul 1998, PGN Stark Abstracting from http://www.gcn.com/gcn/1998/Ju... [gcn.com] ...

    ``Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor,'' said Anthony DiGiorgio, a civilian engineer with the Atlantic Fleet Technical Support Center in Norfolk.

    • by ruir (2709173)
      You dont need to consult for them, it is public knowledge they are so incompetent and deranged to run nuclear power submarines with windows boxen.
    • by Anonymous Coward

      Old news. They have learned a little bit since then.

      http://arstechnica.com/information-technology/2013/10/the-navys-newest-warship-is-powered-by-linux/

    • by msauve (701917)
      Bluewater screen of literal death? It's General Protection's fault.
    • by Virtex (2914)
      I remember shortly after the Navy had their problem with the Yorktown, an admiral was quoted as saying, "A lot of people claim Windows NT is unstable, but we've found that not to be the case. Our Windows machines have an average uptime of around 95%" A 95% uptime works out to an hour and 12 minutes of downtime per day. Without realizing it, he made the point of just how bad NT4 really was. Fortunately for Microsoft, Windows stability has improved dramatically since those days.
    • by PPH (736903)

      USS Yorktown Dead In Water After Divide By Zero

      Its been decades since we lost any military assets to a Zero [wikipedia.org].

  • Is this just Iranians basically commiting acts of hooliganism? Is there any damage actually being done here?

  • So, we unleashed stuxnet. Among other things, it came back and bit us on the ass, and now those against whom we sinned, have returned the favor.

    "What a Shock!"

    At mait lefitgam dekharev, at khai lefitgam dekharev.

    • You should probably look a little further back in history. Besides that, would you prefer open war to Stuxnet?

  • How did it take $10M and 4 Months to re-image a Windows desktop ?
    • How did it take $10M and 4 Months to re-image a Windows desktop ?

      It was Windows 7 on 5 1/4" floppies.

  • by easyTree (1042254)

    10 print $enemy perpetrated $act_of_war against us implying that we should $form_of_retaliation
    20 $enemy = rand ($enemies)
    30 goto 10

  • To assume that a populous, rapidly developing, third world country does not have first class hackers.

    All it takes is brain power, time, and an Internet connection.

  • You don't expect them to remain stupid for ever...

Take care of the luxuries and the necessities will take care of themselves. -- Lazarus Long

Working...