Iranians hacked Navy network for four months? Not a surprise.

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/

By Sean Gallagher
Ars Technica
Feb 19 2014

In 2012, Iranian hackers managed to penetrate the US Navy's unclassified 
administrative network, the Navy Marine Corps Intranet. While the attack was 
disclosed last September, the scale of it was not -- the attack gave hackers 
access to the NMCI for nearly four months, according to an updated report by 
The Wall Street Journal.

Vice Adm. Michael Rogers, who is now President Barack Obama's choice to replace 
Gen. Keith Alexander as both NSA director and commander of the US Cyber 
Command, led the US Fleet Cyber Command when the attack came to light. Rogers' 
response to the attack may be a factor in his confirmation hearings.

Iranian hackers attacked NMCI in August of 2012, using a vulnerability in a 
public-facing website to gain initial access to the network. Because of a flaw 
in the security of the network the server was hosted on, attackers were able to 
use the server to gain access to NMCI's private network and spread to other 
systems. While the vulnerability that allowed the attackers to gain access in 
the first place was discovered and closed by October, spyware installed by the 
attackers remained in place until November.

Officials said no e-mail accounts were compromised and no data was stolen in 
the attack. But it cost about $10 million to repair the damage done to the 
network’s systems -- a process that included taking the whole network down 
twice for upgrades to systems and removal of malware.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/