clock menu more-arrow no yes mobile

Filed under:

Iranian hack of US Navy network was more extensive and invasive than previously reported

New, 28 comments
iranian flag
iranian flag

In September of 2013, it was reported the US Navy's largest unclassified computer network was hacked by a group either "working directly for Iran's government [or] acting with the approval of Iranian leaders." Now US officials say that the network infiltration was far more extensive than previously thought, and lasted much longer than previously reported. According to The Wall Street Journal, it took the Navy four months — until November 2013, after initial news of the hack was published in late September — to purge the hackers from the network.

The Wall Street Journal says the hackers targeted the Navy Marine Corps Intranet, and were able to access through "a security gap" in one of the Navy's public-facing websites. Although officials say that the hackers made no headway into classified networks, they also note that the attack was "more invasive" than reported, with the infiltrators able to make their way into the "bloodstream" of the network, necessitating the implementation of a coordinated plan to push them out. To execute that plan — and to draw up a list of safeguards for the future — the Navy ordered the hiring of "so-called cyberwarriors" and contractors. The cost to repair the network, a senior defense official said, was $10 million at the time, but will rise.

Hackers worked their way into the "bloodstream" of the US Navy's largest unclassified network

Officials were reportedly "surprised at the skills of the Iranian hackers," who had previously relied on DDoS attacks to attack US government networks. The clean-up process took so long, a source for The Wall Street Journal says, because the attackers worked their way deep into the network's "bloodstream," and because Vice Admiral Michael Rogers — nominated by President Obama to be the next NSA director — wanted to put a "comprehensive strategy" for network security in place that would fix broader issues.

Even though the hackers reportedly weren't able to extract any truly valuable information from their infiltration, Rogers will face tough questions about the US military's protection against cyber attacks at his upcoming confirmation hearing. "[The hack] was a real big deal," a senior Navy official told The Wall Street Journal. "It was a significant penetration that showed a weakness in the system."