|Iranian hacking of U.S. Navy computers more extensive than first thought: WSJ||
TEHRAN – Iran’s alleged infiltration of a U.S. Navy computer network was far more extensive than previously thought, according to officials, and the officer who led the response will likely face questions about it from senators weighing his nomination as the next head of the embattled National Security Agency, the Wall Street Journal reported on Tuesday.
It took the Navy about four months to finally purge the hackers from its biggest unclassified computer network, according to current and former officials.
Some lawmakers are concerned about how long it took. When Vice Adm. Michael Rogers, President Barack Obama’s choice for the new NSA director, faces his confirmation hearing, some senators are expected to ask whether there is a long-term plan to address security gaps exposed by the attack, congressional aides said. The hearing hasn’t been scheduled yet, but could be next month.
The Wall Street Journal in September first reported the discovery of the alleged Iranian cyberattack. Officials at the time said the intruders had been removed. However, officials now acknowledge that the attack was more invasive, getting into what one called the “bloodstream” of the Navy and Marine Corps system and managing to stay there until November.
The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy.
Network repairs continue to close the many security gaps revealed by the intrusion, not just on Navy computers but across the Department of Defense, the officials said.
“It was a real big deal,” said the senior U.S. official. “It was a significant penetration that showed a weakness in the system.”
Adm. Rogers declined to comment, citing a standard practice of not speaking publicly before a confirmation hearing.
Iranian officials didn’t respond to requests to comment, but in the past have said they were victims of cyberattacks by Western powers, including the Stuxnet virus uncovered in 2010.
Details remain classified and murky, but the penetration allowed the Iranians to conduct surveillance on the Navy’s and Marine Corps’ unclassified networks, said the senior U.S. official. While that official said the intruders were able to compromise communications on the network, a senior defense official said no email accounts were hacked and no data was stolen.
The military response, an effort known as Operation Rolling Tide, was overseen by Adm. Rogers as the Navy’s chief of cybersecurity. But Adm. Rogers, who has also been nominated as chief of the military’s Cyber Command, will likely defer most answers at his confirmation hearing to a classified hearing.
The intrusion into the Navy’s system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise.
The senior defense official said the cost to repair the Navy network after the attack was approximately $10 million. But other officials said the ultimate price tag is likely to be higher.
Current and former officials differ on whether the time it took to push the Iranians out of the system and clean up the intrusion—approximately four months—was excessive. In part, the response took a long time because hackers were able to infiltrate deep into the system.
“The thing got into the bloodstream, and it wasn’t just in the main arteries, it was in all the little capillaries,” the senior U.S. official said.
The senior defense official said within three weeks of the intrusion, officials understood the full scope of the attack and put in place a plan to try and push the intruders out. As part of the response, the unclassified network was taken down twice for upgrades and to clean out the intruders, the senior defense official said.
As part of the response, a former official said the Navy ordered a surge of so-called cyberwarriors and contractors to work on the response to the attack. They are working with a list of roughly 60 actions to be taken to fix the network, the former U.S. official said.
One official said part of the reason the response has taken so long is that Adm. Rogers has sought to employ a comprehensive strategy that fixes broader network security problems rather than solely cleaning up after the incident. Cybersecurity experts said the roughly four-month-long penetration created security risks.
“That’s a long time,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies. “Generally, not being able to get people off your network is a significant risk for any military operation.”
Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don’t involve a penetration of network security.
The intruders were able to enter the network through a security gap in one of the Navy’s many public-facing websites, and investigators have discovered that poor internal network security allowed them to migrate deep inside that network, according to current and former officials.
Officials said the vulnerabilities that allowed the Iranians to get into the network were closed by early October, but it took several more weeks to eliminate hidden spyware lurking throughout the system.
By early November, the senior U.S. official said, the Navy was finally confident it had rid its networks of the hackers and had ensured they could no longer remotely access Navy systems. Officials said the Iranians probably obtained account credentials used to log into the network.
“It was a real eye-opener in terms of the capabilities of Iran to get into a Defense Department system and stay in there for months,” said a former U.S. official. “That’s worrisome.”
Subscribe to our RSS feed to stay in touch and receive all of TT updates right in your feed reader