Slashdot Mirror
Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months
cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article:
"The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."
Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Wow suddenly they're super skilled and WE NEED MORE MONEY!!
Oh good! We haven't heard from the "false flag" trolls in a while. Where you been?
Where there's a willuh, there's a wayah. There's no better driving factor than to tell someone they can't do something.
By studying Stuxnet.
I eat only the real part of complex carbohydrates.
...and figured they could get some much-needed F14 parts if they requisitioned planes to be outfitted special for missions...
Do not look into laser with remaining eye.
Practicing the classic 'government officials say' rhetoric without mentioning Stuxnet, or what the U.S. would do if it was Iran sabotaging American nuclear facilities.
...the Navy saved taxpayers at least that much by not having tighter security.
Well, it was a nice thought.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
cold fjord sends news ...
So, you had to edit out the anit-Islam panic from his original post.
If I was the yavn and wanted to host a honeypot what would it look like?
They seem to learn fast, also they have a lot of good engineers. We should expect some kind of response to Stuxnet and I guess we have established by Stuxnet that electronic warfare is OK for countries to do against each other.
It is going to be much harder to stomach the day some Air-force guy is taken out by a drone attach in Virginia with a missile to his car as he is delivering his children to Kindergarten.
Iran is still not capable. They hired Russian and Chinese hackers.
It's not just the military or Iran. We choose to twittle our thumbs and write it off as a rarity. Most companies don't even realize the drastic damage its doing. When your competition in China has all your secrets and make identical clones of your products for a fraction of the price how do you expect to stay in business. Iran's impact is probably insignificant in the scheme of things. It's industrial espionage and 'theft' of proprietary information that's the major problem. Iran's just an exemplary example at the moment, but in reality most of these attacks are just swept under the carpet until the system breaks down utterly and completely. All the while you wonder why American companies are selling out there core businesses. There is nothing left the competition doesn't already have.
The only answer to this problem is defaulting to hardened systems, moving away from auto-on for stupid default setting (macros, javascript, etc), etc.
But your company uses Microsoft Windows? ohh never mind. Keep doing what your doing. I'm sure you'll survive given nobody ever went wrong with that!
this was clearly explained to me by the principal author of the HMI/SCADA program that I'd just been hired to work on. I later resigned in protest.
It's been long enough I figure they've fixed their security holes by now.
Despite their taking industrial safety very seriously, to company owner thought it was quite fucking funny that his product was totally shot through with security holes.
HMI/SCADA: Human-Machine Interface / Supervisory Control And Data Acquisition. That's the proper name for what most would call industrial control systems.
The Stuxnet and Flame worms attacked our competitor Siemens' HMI/SCADA, but only when the installations were in Iran. Particularly they spun the Uranium Hexafluoride Gas Turbine Centrifuges far faster than the could tolerate them, thereby damaging them.
It's not like the Iranians don't know how to write computer programs. Maybe right now would be a good time to move way the Hell out into the countryside, and invest in some HEPA filters and lots of solar power.
HEPA filters can get plutonium dust out of the air you see.
Please mail me URLs of software employers.
I know this because a client I once consulted for, sold 400,000 licenses for their Windows product to the Navy.
Windows isn't so bad if it's properly locked down, but it's not really possible to do that unless all of your application are Windows Logo-compliant, for example they don't store end-user documents in the Program Files folder. I expect the military has a lot of homebrew software they absolutely need to use, that prevents Program Files from being locked down.
Also everyone who actually administrates a windows box, has to actually know how to lock it down.
Please mail me URLs of software employers.
We're not at war with Iran, and no sane person in the U.S. or in Iran wants a shooting war. IMHO, what we have here is more of a cold-war style cat and mouse game where each side tries to provoke the other and see how far they can go. Examples being Iran supplying arms to Shiite militias in Iraq, Iran being involved in proxy wars in Syria and Lebanon, taking Americans hostage, and developing a nuclear weapons capability. The U.S. responded with Stuxnet and probably a few other things that we don't know about. In the end it's really about gaining some sort of political bargaining advantage and to have a stronger bargaining position when the time for deal making comes.
Iran is also the regional heavy weight, and they're not a bunch of modern-day spearchuckers as the parent somehow implies. They do have a professional conventional military with semi-modern weapons systems. They also have the ability to maintain, develop and upgrade their weapons systems. The main difference between Iran and the U.S. is that Iran lacks the global logistical capabilities that America brings to the battle field, and the depth that the U.S. has in any fight. The Iranians would lose a conventional battle with the U.S. and both sides know this. Defeating the U.S. in a conventional battle probably isn't a factor in Iran's military planning. They're more focused on regional domination, especially if and when the U.S. pulls out of the middle east. Without the U.S. backing of the Gulf states, Iran would probably be able to defeat any of their neighbors in a conventional war, at least in theory. Without the U.S., the only country in the region that might defeat Iran would be India.
If somehow forced into a conventional fight with the U.S., Iran could, with the right leadership, inflict heavy damage before being defeated. But Iran is a very old country. IMHO, they're playing for time and will poke us at any chance they get. As Sun Tzu once said, "If you wait by the river long enough, the bodies of your enemies will float by." In more modern terms that is called, "strategic patience."
NSA hacking will take billion and many years to repair.
.. Yeah, like Michael Jordan.
front opens at large
Stuxnet was the Israelis. You can tell because it was sophisticated and effective, intead of an over-sophisticed pork-barrel funded clusterfutz. Iran has effectively been applying guerrilla tactics against the US for decades, and has never forgiven the US for their long support of the astonishingly corrupt and destructive Shah of Irian, any more than the Cubans have ever forgiven them for supporting Batista, nor the Iraqis for first supporting Sadam, then ignoring his genocide, and only bothering about him when he threatened the oil supplies by invading Kuwait or eventually gradually losing control of Iraq.
Both Pakistan and Israel have far better trained troops, better equipment, and nuclear weapons to bomb Iran into the stone age, so don't get silly about "only India could defeat Iran". Both those nations know that they could not *hold* Iran afterwards. The Iraqis tried it, and got ground into history like a European army invading Moscow: an organized army can't outlast natives and terrain when everyone on the ground hates them. Everyone in Muslim world has learned the lessons of hundreds of years of invasions of Afghanistan, and more recently of Iraq: if you invade a country that has nothing to lose, they can outlast your willingness to spend money and troops.
Obama, elected leader of a country with a huge technology infrastructure, launched a cyberattack against a country with a much smaller technology infrastructure. Well, fucking duh. What did he expect them to do. Sit there and take it? Don't be fooled by the crisp suits and beautiful speech. As a President, he's as dumb ass.
And requires a waver to put anything else on it.
Cost about $3500 per seat.
Windows was picked simply because Microsoft gave a cut rate price to the GSA.
Secure? not a chance.
None of the scientists could use it. To do just one minor thing (email some minor data from place to place, and use it) couldn't be done... without a piece of software from Romania. They couldn't get it because of that. On linux, which they were already using it was trivial.
So nearly everybody got two systems - one Linux to do real work on (and attached to a different network), and one NMCI, just so they could send their status reports on.
Bomb the shit out of them.. Let's see those nerds firewall our drones!
Jesus titty fucking Christ!
Boy am I in the wrong job.
Tim
Do we bother believing the DOD telling us another story about big, bad, Muslim wolves and the need for endless war footing?
And if they spent $10 million, no doubt about 75% of that was wasted, poured down the maws of corpulent military contractors (cui bono).
The coup d'etat was way before your date (which was 79' revolution.) You can read more about that at wiki: http://en.wikipedia.org/wiki/1... It probably dates way before these dates.
What was that, "Golden rule" or "Eye for eye"? Looks like you're still in the latter buddy; except you're probably "Eye for scrape"
Both the Shah and Iran were friendly to the US until the revolutionary Islamist government took power and declared the US to be its enemy. That also extended to another Iranian ally, Israel. The problem in relations between Iran and Israel is Iran's doing.
As to the coup, if you look into the history you will see that democracy was gone. The legislature had been dissolved, an election faked, and the PM was ruling by decree and ignored the usual checks and balances in a constitutional monarchy of the monarch being able to dismiss the PM. The head of state, the Shah, was forced to flee. Iran was in fact a dictatorship at that point. What you refer to as a coup was in fact a counter-coup and restored the Shah to power.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Is this just Iranians basically commiting acts of hooliganism? Is there any damage actually being done here?
You are hopeless. Absolutely hopeless.
Both Pakistan and Israel have far better trained troops, better equipment, and nuclear weapons to bomb Iran into the stone age,
And people wonder why Iran wants the bomb.
Watch this Heartland Institute video
In short I'm correct, just not "politically correct."
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
So, we unleashed stuxnet. Among other things, it came back and bit us on the ass, and now those against whom we sinned, have returned the favor.
"What a Shock!"
At mait lefitgam dekharev, at khai lefitgam dekharev.
Don't take life too seriously; it isn't permanent.
"... until the revolutionary Islamist government took power and declared the US to be its enemy." That's because Iraq attacked Iran then. Where Iraq used biological bombs; Iran refused to stoop to that level. Iraq, with US intelligence+weapons. As such, US was their enemy too. Note that it was a coup, not "counter-coup." Even the CIA admits to that: http://www2.gwu.edu/~nsarchiv/... Stephen Kinzer wrote a Bestseller there: All the Shah's Men: An American Coup and the Roots of Middle East Terror.
Your history is a bit scrambled. Ayatollah Khomeini declared the US to be "The Great Satan" nearly a year before Iraq attacked Iran.
I know that Iraq used chemical weapons, as did Iran. I don't think that they used biological weapons at all.
A counter-coup is still a coup, but it is in reaction to another.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
His point is that the USA also engages in the same "asymmetrical warfare", therefore it IS NOT "asymmetrical". The only asymmetry is the USA's defence spend being more than the next 25 biggest spenders on defence put together.
This in no way stops them using the same methods (and to great expense to the victim) making the petulant whine from the USA about how much it cost patently ridiculous like a bully complaining to teacher about how some kid punched him and made his nose bleed...
The Saudi Oil Company in question here is Vela. One of the tactics used to hack Vela is straight out of the NSA's catalog of exploits. Infected SIM cards were used to gain one time passwords from system administrators. This news article reeks of propaganda and misdirection. Either that or Iran has capabilities on par with the NSA.
How much would the Navy have had to pay for pen testing of this quality? Or a training exercise this realistic? Much better to discover and fix the vulnerabilities now then later.
How did it take $10M and 4 Months to re-image a Windows desktop ?
it probably cost more than $10M -- if it took an hour to re-image and restore data for one of their PCs, that's still 800,000 lost man hours of productivity. if those people were all working for $10/hour that's $8M right there.
Despite Shia-Sunni differences, Pakistan is not an enemy of Iran. Yeah, they are a lot friendlier with the Saudis and other Sunni Muzzies, but Iran is not their enemy either.
Your other point - both Batista and the Shah were more than a generation ago - the people who remember them with any anger are slowly dying out. Cuba and North Korea, after the end of the Soviet Union, have essentially been de-facto autocratic monarchies - even royal families in Asia, much less Europe, don't have their subjects, er citizens, worshipping them the way the North Koreans do Kim. In Iran, there is a mix of people who want to oust Islam altogether, and those who want to replace this Islamic regime with another.
As far as Islamic countries go, the best warfare to wage against them is encourage civil wars in those countries - like the one currently on in Syria between Sunnites & Alawites. In the case of Iran, although 90% of that country is Shi'ite, there are other divisions: Farsis are just 50% of the population, and Balochis, Kurds, Azeris and Arabs form the remaining 50%. Encouraging an ethnic civil war there between those 4 minority groups vs the Farsis would be the way to go. It would do wonders if Iran could be plunged into a civil war between these groups that totally disables them from funding Hizbullah or the Assad regime. Similarly, other insurrections should be encouraged in Saudi Arabia and Yemen (Shiite vs Sunnite), Pakistan (Panjabi vs Pathan/Balochi/Sindi), Afghanistan (Pashtun vs Tajik, Turkoman, Hazara), and similar places.
One will see an end to jihad sponsorships once that happens.
AFAIK Iraq only started doing chemical-biological warfare after they started losing the war.
War is Americas business model. Wars we fight, fund, or supply are how we make a living.
"I know that Iraq used chemical weapons, as did Iran." Do you have any reference for that? That is, showing Iran used them as well? Any source I have checked say Iraq used; this is first time I hear that Iran used. Bottom line is, Iran didn't "start" this. US expansionism has caused this. After WWII, the new role it had.
"..., as did Iran." I don't see any reference here. I'm not a historian on this stuff; but, I am skeptical Iran started. After WWII, many countries changed. US took on new roles it never had; with that, US expansionism, too. The affair with Iran is over oil; nothing else makes any sense there at all. As such, it doesn't make sense what you say. Look at oil prices in past century. http://www.globaleye.org.uk/se...
"Defense officials were surprised at the skills of the Iranian hackers."
Ayrabs are as thick as camelshit. Iranians ain't ayrabs.
10 print $enemy perpetrated $act_of_war against us implying that we should $form_of_retaliation
20 $enemy = rand ($enemies)
30 goto 10
Requiem for the American Dream
How did it take $10M and 4 Months to re-image a Windows desktop ?
It was Windows 7 on 5 1/4" floppies.
To assume that a populous, rapidly developing, third world country does not have first class hackers.
All it takes is brain power, time, and an Internet connection.
Second class citizen of the New Gilded Age
It took 4 months and $10,000,000 to audit tens-of-thosuands-to-hundreds-of-thousands of computers, fix or document all problems discovered, perform risk analyses, develop a mitigation strategy, and re-image a Windows desktop.
If you think that fixing a compromised network involves nothing more than reimaging a single workstation, you are must be a PHB.
"I know that Iraq used chemical weapons, as did Iran." Where'd you get the idea Iran did? As far as I know, you are wrong here.
10 $enemy = rand ($enemies);
20 $message = $enemy perpetrated $act_of_war against us implying that we should $form_of_retaliation
30 send(CONGRESS, $message)
40 ???
50 profit!!!
60 goto 10
US spends more on military than:
China, Russia, UK, Japan, France, Saudi Ariabia, and a lot more COMBINED.
It has 39% of world share! (http://en.wikipedia.org/wiki/List_of_countries_by_military_expenditures)
That's $682,000,000,000.00 per year; or roughly $2 billion per day!
So yes, US companies make money; and it is oldest business model yet; well maybe after prostitution there; but it's way old, like from the stone ages.
Think otherwise means naive/blind by pride.
Iran - Chemical Weapons
"US expansionism" had nothing to do with the Iran-Iraq war, and nothing to do with Iran's manufacture and use of chemical weapons. I don't recall that the US has added any territory to itself since WWII. It has vacated many military bases around the world since then.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
The main current issue with Iran is its nuclear weapons program that is piggybacking on the cover of a nuclear power program. To that you can add concern over Iran's repeated threats to choke off the world's oil supply, and involvement supporting terrorism around the world, and various other actions. Just because it doesn't make sense to you doesn't mean that it isn't an actual issue.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
You don't expect them to remain stupid for ever...
Israel has previously beaten a combined Middle Eastern force including Iran. This is not in theory but in fact.