Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months 147
cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article:
"The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."
Asymetrical warfare (Score:5, Insightful)
Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.
Re:Asymetrical warfare (Score:1, Insightful)
Asymmetrical? Heard of a little thing called Stuxnet [slashdot.org]? Centrifuges, uranium, and control systems aren't exactly cheap either.
Re:Asymetrical warfare (Score:5, Insightful)
This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.
In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.
This also can lead to a cult of the offensive:
http://en.wikipedia.org/wiki/Cult_of_the_offensive
latest propaganda from Cold Fucktard (Score:1, Insightful)
Practicing the classic 'government officials say' rhetoric without mentioning Stuxnet, or what the U.S. would do if it was Iran sabotaging American nuclear facilities.
Reading between the lines (Score:1, Insightful)
cold fjord sends news ...
So, you had to edit out the anit-Islam panic from his original post.
Re:Asymetrical warfare (Score:1, Insightful)
Jeez, I've joked plenty of times about Slashdot turning into a sounding board for Zionist NeoCon warmongering, but like every trolls' joke Slashdot refuses to admit is true (like my satirical but correct prediction of Slashdot announcing that they will try to more frequently divert readers to Beta etc.). I'd much rather be friends with an Iranian Family than a Saudi or Jewish family. Lift those goddamn sanctions completely and stop fucking with them -- America's real enemies in the Middle-East are Saudi Arabia, Israel, and Pakistan; not Iran.
Don't be fooled by the beating of the war-drums.
-- Ethanol-fueled
Tit for tat (Score:4, Insightful)
They seem to learn fast, also they have a lot of good engineers. We should expect some kind of response to Stuxnet and I guess we have established by Stuxnet that electronic warfare is OK for countries to do against each other.
It is going to be much harder to stomach the day some Air-force guy is taken out by a drone attach in Virginia with a missile to his car as he is delivering his children to Kindergarten.
Re:Reading between the lines (Score:2, Insightful)
Please go to the trouble of actually reading what I write. I don't engage in "anti-Islam panic." I am against violent extremists, aren't you? Certainly many ordinary Muslims are against the extremists and just want to live in peace.
Re:Asymetrical warfare (Score:3, Insightful)
Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?
This is an interesting question; it's still not enough. Experience in OpenBSD's audit process [openbsd.org] shows that a single vulnerability is an entry to finding other bugs. If you fix all of the similar bugs in your code then you very likely fix vulnerabilities you will never realise you had. The NSA (and the GCHQs) should be using it's government purchasing power to
This kind of work would make the internet safer for everyone. It would interfere slightly with some of their spying work, however the benefit of having a safe, stable, secure internet would vastly outweigh that. Even so they would find plenty of space in a) software targeted to other nations and b) systems yet fully upgraded to be able to able to continue that work.
When they fail to do this they are failing in their duties.
Re: Asymetrical warfare (Score:5, Insightful)
That's ok, we attacked their infrastructure with damaging programs first. If the CIA is gonna play with hackers, they'd better make sure the rest of the military is ready to play ball too.
It's not lie the navy had a few years of notice after Stuxxnet that the Iranians were going to take a shot back. If the navy can't hang with the big kids, they better stay out of hacking OTHER countries, eh.