Forgot your password?
typodupeerror
The Military Government Security United States

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months 147

Posted by Soulskill
from the your-tax-dollars-at-work dept.
cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article: "The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."
This discussion has been archived. No new comments can be posted.

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months

Comments Filter:
  • by cold fjord (826450) on Wednesday February 19, 2014 @01:16AM (#46283067)

    Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.

  • by Amorymeltzer (1213818) on Wednesday February 19, 2014 @01:27AM (#46283115)

    Asymmetrical? Heard of a little thing called Stuxnet [slashdot.org]? Centrifuges, uranium, and control systems aren't exactly cheap either.

  • by ZouPrime (460611) on Wednesday February 19, 2014 @01:33AM (#46283137)

    This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.

    In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.

    This also can lead to a cult of the offensive:
    http://en.wikipedia.org/wiki/Cult_of_the_offensive

  • by Anonymous Coward on Wednesday February 19, 2014 @01:34AM (#46283141)

    Practicing the classic 'government officials say' rhetoric without mentioning Stuxnet, or what the U.S. would do if it was Iran sabotaging American nuclear facilities.

  • by Anonymous Coward on Wednesday February 19, 2014 @01:38AM (#46283165)

    cold fjord sends news ...

    So, you had to edit out the anit-Islam panic from his original post.

  • by Anonymous Coward on Wednesday February 19, 2014 @01:48AM (#46283211)

    Jeez, I've joked plenty of times about Slashdot turning into a sounding board for Zionist NeoCon warmongering, but like every trolls' joke Slashdot refuses to admit is true (like my satirical but correct prediction of Slashdot announcing that they will try to more frequently divert readers to Beta etc.). I'd much rather be friends with an Iranian Family than a Saudi or Jewish family. Lift those goddamn sanctions completely and stop fucking with them -- America's real enemies in the Middle-East are Saudi Arabia, Israel, and Pakistan; not Iran.

    Don't be fooled by the beating of the war-drums.

    -- Ethanol-fueled

  • Tit for tat (Score:4, Insightful)

    by Sigurd_Fafnersbane (674740) on Wednesday February 19, 2014 @02:10AM (#46283269)

    They seem to learn fast, also they have a lot of good engineers. We should expect some kind of response to Stuxnet and I guess we have established by Stuxnet that electronic warfare is OK for countries to do against each other.

    It is going to be much harder to stomach the day some Air-force guy is taken out by a drone attach in Virginia with a missile to his car as he is delivering his children to Kindergarten.

  • by cold fjord (826450) on Wednesday February 19, 2014 @02:18AM (#46283295)

    Please go to the trouble of actually reading what I write. I don't engage in "anti-Islam panic." I am against violent extremists, aren't you? Certainly many ordinary Muslims are against the extremists and just want to live in peace.

  • by Anonymous Coward on Wednesday February 19, 2014 @02:38AM (#46283369)

    Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

    This is an interesting question; it's still not enough. Experience in OpenBSD's audit process [openbsd.org] shows that a single vulnerability is an entry to finding other bugs. If you fix all of the similar bugs in your code then you very likely fix vulnerabilities you will never realise you had. The NSA (and the GCHQs) should be using it's government purchasing power to

    • insist that the source code to all software used by their nation is availble to them; recommend against code without the source code
    • actively identify and report vulnerabilities
    • build automatic tools which identify all similar bugs in the vendor's code
    • offer support to vendors in building their own tools to do similar things
    • again; recommend against and (for networks where they have access) insist on replacing software where the vendor doesn't then rapidly fix those similar bugs

    This kind of work would make the internet safer for everyone. It would interfere slightly with some of their spying work, however the benefit of having a safe, stable, secure internet would vastly outweigh that. Even so they would find plenty of space in a) software targeted to other nations and b) systems yet fully upgraded to be able to able to continue that work.

    When they fail to do this they are failing in their duties.

  • by Mabhatter (126906) on Wednesday February 19, 2014 @12:23PM (#46286851)

    That's ok, we attacked their infrastructure with damaging programs first. If the CIA is gonna play with hackers, they'd better make sure the rest of the military is ready to play ball too.

    It's not lie the navy had a few years of notice after Stuxxnet that the Iranians were going to take a shot back. If the navy can't hang with the big kids, they better stay out of hacking OTHER countries, eh.

We have a equal opportunity Calculus class -- it's fully integrated.

Working...