It took the Navy longer than previously reported to remove Iranian hackers from the Navy and Marine Corps Intranet (NMCI). According to the Wall Street Journal, the hackers had access to the system last year for four months.
The hackers were able to gain access via a hole in a public facing website and conducted surveillance on the intranet, though a senior official told the WSJ that no emails were hacked and no data was extracted.
The NMCI is the largest enterprise network in the world and second only to the internet itself in size. It handles about 70% of the Department of the Navy’s IT needs. It encompasses more than 360,000 computers and 4,100 servers connected together in over 600 locations.
The sheer size of this network makes is very difficult to secure. IT specialists have to make sure everything is kept updated and all security issues are dealt with on the hundreds of thousands of systems.
Attackers just need to find one opening to exploit.
Then once someone does gain access into a network of this size, it can take a long time for security specialists to analyze what was touched, what was compromised and what, if any, backdoors were left.
Though the system is the Navy’s unclassified network, the fact that Iran was able to gain access to this military intranet is very concerning.
“It was a real big deal, it was a significant penetration that showed a weakness in the system.” a senior official told the WSJ.
Of interest to this story too, is that just five days after the breach was initially disclosed last year, an Iranian cyber commander was apparently assassinated.
Iranian Cyber Commander Mojtaba Ahmadi’s body was found in a remote area near Karaj. Initial police reports stated that he has shot by two men on a motorbike.
“An eyewitness reported that there were “two bullet wounds on his body”, and that ‘”The extent of his injuries indicated that he had been assassinated from a close range with a pistol“.
This style of attack seems to be a very similar to a tactic used by Israeli secret agents.
Though it has not been proved that Israel was involved, and Iranian officials later denied that Ahmadi was assassinated – One thing seems true, physical responses for cyber attacks seem to be on the table.
And, you don’t mess with the United States Marine Corps!