Iran’s hack of the U.S. Navy Marine Corps Intranet in 2013 lasted longer than previously reported by officials, indicating the Middle Eastern nation’s years of cybersecurity development have made it a digital force to be reckoned with.
The hack of the nonclassified network that U.S. officials say was conducted by Iran was first reported in September, but it took until November for Navy staff to remove infiltrators from the systems, current and former U.S. officials told The Wall Street Journal.
A security gap in one of the Navy's public websites was the origin of the breach, and poor internal network security allowed hackers to access the “bloodstream” of the deep network, the Journal reports.
The attack prompted the Navy to hire new cybersecurity staff to help contain the breach. The cost of repairing the network is already $10 million and is expected to rise, pending reviews and upgrades of Navy and Defense Department networks, officials told the Journal.
Vice Adm. Michael S. Rogers oversaw the effort to combat the attack on the network, and the length of the breach likely will be mentioned during his Senate confirmation hearing to become the next commander of U.S. Cyber Command and director of the National Security Agency, the Journal reports.
The attack was more advanced than expected from Iran, but Rogers’ response to the hack was “a very measured, calm approach” and should not derail his confirmation, says James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies.
“The Iranians have been working on building their cybersecurity capabilities for about seven years and they now have the ability to do things that could be harmful,” says Lewis, who is also a former State Department official.
Recent attacks that show Iran’s growing digital abilities include the 2012 hack of oil giant Saudi Arabian Oil Co., which deleted 75 percent of the company’s hard drives and replaced the data with images of a burning American flag.
During a 2011 attack on DigiNotar – which issued certificates of secure encrypted communications for Internet companies including Google – 500 fraudulent certificates were issued, allowing a hacker or hackers with suspected ties to Iran to impersonate a website, steal passwords and track communications that users thought were encrypted. DigiNotar’s reputation never recovered after the hack and the company no longer exists. That effort to track communications matches the Iranian regime’s desire to protect itself by silencing dissidents and monitoring the country's networks.
There is an ongoing international debate on what digital espionage or attacks are acceptable during peacetime, and a controversial example often raised is the Stuxnet virus designed by the U.S. and Israeli governments to sabotage Iranian nuclear equipment.
While these attacks show the Iranian regime becoming more aggressive in its hacking, the recent intranet breach likely will be viewed by Iran as spying on rivals instead of a hostile digital attack, Lewis says. Iran likely views spying as acceptable behavior after a recent agreement to curb its nuclear capabilities in exchange for the U.S. and the European Union lifting some of the lighter sanctions against it, Lewis explains.
“Everyone spies on everyone else,” Lewis says.
The next step for Iran to grow its digital capabilities likely includes buying censorship and cybersecurity gear from China and increasing its cache of “zero-day" exploits, which are weaknesses that hackers discover and keep secret until the time is right to target a Web service. China maintains an extensive “Great Firewall” and the Obama administration has accused that nation of hacking American businesses to steal secrets to benefit its own private sector.
can buy zero-days on the black market, so
anyone with $100,000 can buy a zero-day,” Lewis says. “Iran has had some
coding ability and started doing this well before Stuxnet. This is not revenge for Stuxnet.”