A new report claimed that a cyberattack on the U.S. Navy’s largest unclassified computer network by Iranian hackers lasted much longer and was much more damaging than previously thought.
The attack, carried out by a group of hackers described as “working directly for Iran’s government [or] acting with the approval of Iranian leaders,” was initially reported by the Wall Street Journal in September. A Tuesday follow-up article showed that it took the Navy four months to eliminate the Iranian hackers from its network.
The Iranian hackers exploited a security gap in one of the Navy’s public-facing websites to infiltrate the Navy Marine Corps Intranet. The Iranian hackers made it to the “bloodstream” of the Navy network, costing $10 million to hire cybersecurity contractors to push out the hackers, repair the network and build safeguards for the future.
WSJ reported that this comprehensive response to the hack, which came at the order of Vice Admiral Michael Rogers (President Obama’s pick to be the next NSA director), was the reason it took so long to remove the Iranian hackers from the network.
The Iranian hackers were unable to access any classified information, and U.S. officials said that none of the information accessed was very valuable.
The attack did expose some of the weaknesses in the Navy’s cybersecurity, and it showed an escalation in Iran’s cyber-warfare capabilities.