http://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/
By Sean Gallagher
Ars Technica
Feb 19 2014
In 2012, Iranian hackers managed to penetrate the US Navy's unclassified
administrative network, the Navy Marine Corps Intranet. While the attack was
disclosed last September, the scale of it was not -- the attack gave hackers
access to the NMCI for nearly four months, according to an updated report by
The Wall Street Journal.
Vice Adm. Michael Rogers, who is now President Barack Obama's choice to replace
Gen. Keith Alexander as both NSA director and commander of the US Cyber
Command, led the US Fleet Cyber Command when the attack came to light. Rogers'
response to the attack may be a factor in his confirmation hearings.
Iranian hackers attacked NMCI in August of 2012, using a vulnerability in a
public-facing website to gain initial access to the network. Because of a flaw
in the security of the network the server was hosted on, attackers were able to
use the server to gain access to NMCI's private network and spread to other
systems. While the vulnerability that allowed the attackers to gain access in
the first place was discovered and closed by October, spyware installed by the
attackers remained in place until November.
Officials said no e-mail accounts were compromised and no data was stolen in
the attack. But it cost about $10 million to repair the damage done to the
network’s systems -- a process that included taking the whole network down
twice for upgrades to systems and removal of malware.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
