Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months

Posted by Soulskill on from the your-tax-dollars-at-work dept.

cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article: "The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."

7 of 147 comments (clear)

  1. Asymetrical warfare by cold+fjord · · Score: 5, Insightful

    Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re:Asymetrical warfare by ZouPrime · · Score: 5, Insightful

      This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.

      In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.

      This also can lead to a cult of the offensive:
      http://en.wikipedia.org/wiki/Cult_of_the_offensive

    2. Re:Asymetrical warfare by khasim · · Score: 5, Interesting

      My first question would be ... how are we sure that Iran did this?

      The second question would be how did whomever do it? We've heard about how the NSA/CIA/etc are stockpiling zero-day exploits. Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

    3. Re: Asymetrical warfare by Mabhatter · · Score: 4, Insightful

      That's ok, we attacked their infrastructure with damaging programs first. If the CIA is gonna play with hackers, they'd better make sure the rest of the military is ready to play ball too.

      It's not lie the navy had a few years of notice after Stuxxnet that the Iranians were going to take a shot back. If the navy can't hang with the big kids, they better stay out of hacking OTHER countries, eh.

  2. Re:False flag? by Ralph+Wiggam · · Score: 4, Informative

    The Marine Corp's budget is $29B per year. An extra $10M would be an increase of 0.03%. The Department of Defense budget, minus the money spent on individual military branches, is $190B. $10M is 0.005% of that.

  3. The US Navy has lots of windows boxen by IgnorantMotherFucker · · Score: 5, Informative

    I know this because a client I once consulted for, sold 400,000 licenses for their Windows product to the Navy.

    Windows isn't so bad if it's properly locked down, but it's not really possible to do that unless all of your application are Windows Logo-compliant, for example they don't store end-user documents in the Program Files folder. I expect the military has a lot of homebrew software they absolutely need to use, that prevents Program Files from being locked down.

    Also everyone who actually administrates a windows box, has to actually know how to lock it down.

    The Navy's Smart Ship technology is being considered a success, because it has resulted in reduced manpower, workloads, maintenance and costs for sailors aboard the Aegis missile cruiser USS Yorktown. However, in September 1997, the Yorktown suffered a systems failure during maneuvers off the coast of Cape Charles, VA., apparently as a result of the failure to prevent a divide by zero in a Windows NT application. The zero seems to have been an erroneous data item that was manually entered. Atlantic Fleet officials said the ship was dead in the water for about 2 hours and 45 minutes. A previous loss of propulsion occurred on 2 May 1997, also due to software. Other system collapses are also indicated. [Source: Gregory Slabodkin, Software glitches leave Navy Smart Ship dead in the water, Government Computer News, 13 Jul 1998, PGN Stark Abstracting from http://www.gcn.com/gcn/1998/Ju... ...

    ``Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor,'' said Anthony DiGiorgio, a civilian engineer with the Atlantic Fleet Technical Support Center in Norfolk.

    --
    Please mail me URLs of software employers.
  4. Re:Asymetrical warfare - Not by bkmoore · · Score: 4, Interesting

    We're not at war with Iran, and no sane person in the U.S. or in Iran wants a shooting war. IMHO, what we have here is more of a cold-war style cat and mouse game where each side tries to provoke the other and see how far they can go. Examples being Iran supplying arms to Shiite militias in Iraq, Iran being involved in proxy wars in Syria and Lebanon, taking Americans hostage, and developing a nuclear weapons capability. The U.S. responded with Stuxnet and probably a few other things that we don't know about. In the end it's really about gaining some sort of political bargaining advantage and to have a stronger bargaining position when the time for deal making comes.

    Iran is also the regional heavy weight, and they're not a bunch of modern-day spearchuckers as the parent somehow implies. They do have a professional conventional military with semi-modern weapons systems. They also have the ability to maintain, develop and upgrade their weapons systems. The main difference between Iran and the U.S. is that Iran lacks the global logistical capabilities that America brings to the battle field, and the depth that the U.S. has in any fight. The Iranians would lose a conventional battle with the U.S. and both sides know this. Defeating the U.S. in a conventional battle probably isn't a factor in Iran's military planning. They're more focused on regional domination, especially if and when the U.S. pulls out of the middle east. Without the U.S. backing of the Gulf states, Iran would probably be able to defeat any of their neighbors in a conventional war, at least in theory. Without the U.S., the only country in the region that might defeat Iran would be India.

    If somehow forced into a conventional fight with the U.S., Iran could, with the right leadership, inflict heavy damage before being defeated. But Iran is a very old country. IMHO, they're playing for time and will poke us at any chance they get. As Sun Tzu once said, "If you wait by the river long enough, the bodies of your enemies will float by." In more modern terms that is called, "strategic patience."