Iran inside US Navy Unclassified Intranet System for Four Months

Navy NMCI

It took the Navy longer than previously reported to remove Iranian hackers from the Navy and Marine Corps Intranet (NMCI). According to the Wall Street Journal, the hackers had access to the system last year for four months.

The hackers were able to gain access via a hole in a public facing website and conducted surveillance on the intranet, though a senior official told the WSJ that no emails were hacked and no data was extracted.

The NMCI is the largest enterprise network in the world and second only to the internet itself in size. It handles about 70% of the Department of the Navy’s IT needs. It encompasses more than 360,000 computers and 4,100 servers connected together in over 600 locations.

The sheer size of this network makes is very difficult to secure. IT specialists have to make sure everything is kept updated and all security issues are dealt with on the hundreds of thousands of systems.

Attackers just need to find one opening to exploit.

Then once someone does gain access into a network of this size, it can take a long time for security specialists to analyze what was touched, what was compromised and what, if any, backdoors were left.

Though the system is the Navy’s unclassified network, the fact that Iran was able to gain access to this military intranet is very concerning.

It was a real big deal, it was a significant penetration that showed a weakness in the system.” a senior official told the WSJ.

Of interest to this story too, is that just five days after the breach was initially disclosed last year, an Iranian cyber commander was apparently assassinated.

Iranian Cyber Commander Mojtaba Ahmadi’s body was found in a remote area near Karaj. Initial police reports stated that he has shot by two men on a motorbike.

An eyewitness reported that there were “two bullet wounds on his body”, and that ‘”The extent of his injuries indicated that he had been assassinated from a close range with a pistol“.

This style of attack seems to be a very similar to a tactic used by Israeli secret agents.

Though it has not been proved that Israel was involved, and Iranian officials later denied that Ahmadi was assassinated – One thing seems true, physical responses for cyber attacks seem to be on the table.

And, you don’t mess with the United States Marine Corps!

Advertisements

The Navy’s latest Ship falls to Red Team Hackers

/Users/Photo2/Desktop/IPTC.IPT

The Littoral Combat Ship (LCS), one of the Navy’s newest ships, has cyber vulnerabilities, a Navy Red Team testing group discovered during a recent security assessment.

LCS is a class of warships designed to flex military power close in to shore.The ships were made to be easily configured for several roles including recon & intelligence gathering, anti-surface & anti-submarine warfare, and mine countermeasure operations. Each vessel is capable of sprint speeds over 40 knots and has a range of over 3,500 miles.

The class flagship, the USS Freedom (shown below in a Lockheed Martin Promotional video), was tested for computer system exploits and found vulnerable.

The USS Freedom’s computer system was successfully compromised by  Navy hackers in the penetration test. According to an anonymous Navy official.We do these types of inspections across the fleet to find individual vulnerabilities, as well as fleet-wide trends,” the official stated. 

The Pentagon’s director of weapons testing “recommended those vulnerabilities be remediated without delay.” and rest assured, the Navy is moving to fix the issues as soon as possible.

The vulnerability is not serious enough to delay the ship’s current deployment.


Navy Developing Robots to Fight Pirates

The Navy is developing a series of sensors and software to allow robotic helicopters to detect suspicious boats according to a FoxNews article:

The Navy turned to a combination of different sensing technologies to address this. Called the Multi-Mode Sensor Seeker, or MMSS, an unmanned helicopter uses high-definition cameras, mid-wave infrared sensors and laser-radar (LADAR) to find the boat. 

Seaborne piracy is still a huge problem, especially near places like Somalia. It is a long and tedious procedure to scan unending open water for suspicious vessels, one that drones and robotics could handle very well if programmed correctly. Drones can help detect the questionable ships and then human operators can verify friend or foe designation and task armed forces to the area.

The Navy will test this technology this summer against test targets off the California coast. Until it is available, there is always the tried and true method of fighting piracy: