Iranian hackers managed to score a more serious hit on the US Navy than has been previously admitted.
In September, the US Navy’s largest unclassified computer network was hacked by a group either “working directly for Iran’s government or acting with the approval of Iranian leaders”.
Not much was said at the time, but it looked like a simple hack in revenge for all that Stuxnet stuff that the US and Israel did to the Iranian nuclear plant.
Now US officials say that the network infiltration was far more extensive than previously thought, and lasted much longer.
According to The Wall Street Journal, it took the Navy four months after initial news of the hack was published in late September to purge the hackers from the network.
The hackers hit the Navy Marine Corps intranet through “a security gap” in one of the Navy’s public-facing websites. Officials say that the hackers made no headway into classified networks but seemed to be everywhere in the network.
It took a coordinated plan to push them out and cyberwarriors and contractors had to be bought in to do the job. The cost to repair the network, a senior defence official said, was $10 million and will probably rise when a few invoices are paid.
The US Navy was surprised at the skills of the Iranian hackers. They had previously relied on DDoS attacks to attack US government networks which are not that difficult to stop.
What is worrying is that while the hackers reportedly were not able to extract any truly valuable information from their infiltration, they could still do a lot of damage. Moreover, the Iranians could train many people in their techniques.