Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Iran's Hacking of US Navy 'Extensive,' Repairs Took $10M and 4 Months

Soulskill posted about 9 months ago | from the your-tax-dollars-at-work dept.

The Military 147

cold fjord sends news that Iran's breach of a computer network belonging to the U.S. Navy was more serious than originally thought. According to a Wall Street Journal report (paywalled, but summarized at The Verge), it took the Navy four months to secure its network after the breach, and the repair cost was approximately $10 million. From the article: "The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy. ... The intrusion into the Navy's system was the most recent in a series of Iranian cyberoffensives that have taken U.S. military and intelligence officials by surprise. In early 2012, top intelligence officials held the view that Iran wanted to execute a cyberattack but had little capability. Not long after, Iranian hackers began a series of major "denial-of-service" attacks on a growing number of U.S. bank websites, and they launched a virus on a Saudi oil company that immobilized 30,000 computers. ... Defense officials were surprised at the skills of the Iranian hackers. Previously, their tactics had been far cruder, usually involving so-called denial of service attacks that disrupt network operations but usually don't involve a penetration of network security."

Sorry! There are no comments related to the filter you selected.

Asymetrical warfare (5, Insightful)

cold fjord (826450) | about 9 months ago | (#46283067)

Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed. A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems. If there is one thing Iran probably isn't short of it is smart people that like to play with computers. It isn't 1988 anymore, and the world has heard about the internet.

Re:Asymetrical warfare (1, Insightful)

Amorymeltzer (1213818) | about 9 months ago | (#46283115)

Asymmetrical? Heard of a little thing called Stuxnet [slashdot.org] ? Centrifuges, uranium, and control systems aren't exactly cheap either.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283235)

You don't seem to understand the definition of asymmetrical warfare. The USA focuses on expensive means of offensiveness while Iran, due to their more limited budgets and resources, has to focus on cheaper-to-deploy attacks that still nonetheless effect some real damage.

You don't understand his point. (1)

Anonymous Coward | about 9 months ago | (#46286413)

His point is that the USA also engages in the same "asymmetrical warfare", therefore it IS NOT "asymmetrical". The only asymmetry is the USA's defence spend being more than the next 25 biggest spenders on defence put together.

This in no way stops them using the same methods (and to great expense to the victim) making the petulant whine from the USA about how much it cost patently ridiculous like a bully complaining to teacher about how some kid punched him and made his nose bleed...

Re:Asymetrical warfare (-1)

Anonymous Coward | about 9 months ago | (#46283243)

A smart kid with some talent and desire can develop the skills to do all these hacks using the internet and a cheap computer. And many prolific hackers do exactly that. There's no reason to think any nation with anything approaching a modern educational system or infrastructure would have any difficulty doing it... we're not talking about a bunch of loin-cloth wearing tribesmen in Africa who have no access to electricity or running water.
Stuxnet was only impressive because a) it required intimate knowledge of their program, b) access to inside information on the hardware systems, and c) the ability to actually physically insert it. Nothing in the design, programming, etc. is impressive or requires any kind of large government budget if you have the information on the target you need. And in fact a good bit of the code is actually somewhat amateurish.

Frankly speaking, any time I hear my government make claims about some country not being technically capable of hacking shit it makes me want to puke. If they actually believe that then they're a bunch of fucking morons, but personally I think it's just spin for the sake of the General Public who don't understand computer technology.

Stuxnet, unimpressive? . (0)

Anonymous Coward | about 9 months ago | (#46283953)

.. Yeah, like Michael Jordan.

Re:Asymetrical warfare (3, Interesting)

joss (1346) | about 9 months ago | (#46284443)

Most of what you say I agree with but:

> A good bit of the code is actually somewhat amateurish

Citation needed. Or, to put it less politely, are you out of your fucking mind ? Stuxnet is the most advanced piece of malware ever discovered, and it worked. I don't believe you have access to the original source code so, can you justify this comment in any way ?

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46285987)

YHBT

Re: Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283129)

$9,999,900 to study the fix, $100 to implement, I'll bet. And as far as "suprised" goes, please!

Re: Asymetrical warfare (3, Interesting)

aslashdotaccount (539214) | about 9 months ago | (#46283335)

You're spot on! Most of these organizations blow things massively out of proportion to attain more funding for their so-called 'research'. Even a relatively harmless virus in the POS computer of a staff knick-knack shop would be reported as a 'possible avenue for compromising the high-value intelligence networks'. That goes on to trigger an agency-wide investigation, which ends up in the request for funds to conduct the said study. The studies are then sourced to organizations with ties to the IT heads of the principle agency, thus spreading the goodwill, and getting some in return.

It's also a cycle that's endorsed by all major software vendors. They always ensure that a certain amount of uncertainty goes into the security assurance of their products and services so that there's always 'room for improvement'.

Re: Asymetrical warfare (2)

jd2112 (1535857) | about 9 months ago | (#46285475)

Even a relatively harmless virus in the POS computer of a staff knick-knack shop would be reported as a 'possible avenue for compromising the high-value intelligence networks'.

And yet thousands of compromised POS systems (Target, Nieman-Marcus, et al) aren't sufficient to switch to a more secure payment system.

Re:Asymetrical warfare (5, Insightful)

ZouPrime (460611) | about 9 months ago | (#46283137)

This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.

In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.

This also can lead to a cult of the offensive:
http://en.wikipedia.org/wiki/Cult_of_the_offensive

Re:Asymetrical warfare (1, Insightful)

Anonymous Coward | about 9 months ago | (#46283211)

Jeez, I've joked plenty of times about Slashdot turning into a sounding board for Zionist NeoCon warmongering, but like every trolls' joke Slashdot refuses to admit is true (like my satirical but correct prediction of Slashdot announcing that they will try to more frequently divert readers to Beta etc.). I'd much rather be friends with an Iranian Family than a Saudi or Jewish family. Lift those goddamn sanctions completely and stop fucking with them -- America's real enemies in the Middle-East are Saudi Arabia, Israel, and Pakistan; not Iran.

Don't be fooled by the beating of the war-drums.

-- Ethanol-fueled

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283299)

I love how everyone buys these bullshit stories! If it was true then I think maybe the smart move would be to not publicize it? Eh?

Re:Asymetrical warfare (0, Troll)

Anonymous Coward | about 9 months ago | (#46283333)

It's 2014, not 1974. The government that used to be friendly to the US is long gone. The Islamic Revolution has taken place in Iran, and the current government has declared the US to be its enemy and after all these years still sponsors weekly rallies with chants of, "Death to America!". The Iranian government is engaged in subversion against many of its neighbors and is propping up the Syrian dictatorship which in turn continues to screw with Lebanon. The Iranian government engages in terrorism and assassinations around the world, either directly or through its proxies like Hezbollah. You don't seem to be able to differentiate friend from foe at the moment.

It's kind of hard to believe you are the real "-- Ethanol-fueled."

Re: Asymetrical warfare (1)

Anonymous Coward | about 9 months ago | (#46283473)

The first democratically elected leader in iran was not friendly to the US, or, more importantly at the time, Britain.

Cue a CIA led coup, the Shah of iran's dictatorship (or as you say 'friendly to the west while his people suffer'), a few decades of suffering, leading to people seeking to overthrow him, and voila, militant islamists in power.

Where have we seen this before? Germany in the 1920s and the rise of the nazis.

Where do we see this now? greece and its right wing parties.

How about we stop meddling in other people's affairs?

Re:Asymetrical warfare (1)

gl4ss (559668) | about 9 months ago | (#46284489)

the revolutionary guard in Iran is much more an enemy of the Iranian people than the US.

Pakistan for example on the other hand is an american ally. ...with an out of control population in large areas and it's questionable what the motives of the government are as well. but hey, it's an ally! who cares if their backyard(or rather a back room of their house) is used for all kinds of shady shit used for direct attacks on US troops!

Re:Asymetrical warfare (1, Troll)

aliquis (678370) | about 9 months ago | (#46283389)

I just learned it was, maybe not all that surprising, western nations (GB and France) who made those nations/borders in the first place..

The enemy of peace and stability have likely often been western military powers interfering and destabilizing regions.

Re:Asymetrical warfare (2)

quenda (644621) | about 9 months ago | (#46283995)

I just learned it was, maybe not all that surprising, western nations (GB and France) who made those nations/borders in the first place..

The enemy of peace and stability have likely often been western military powers interfering and destabilizing regions.

Thats a very bold accusation, coming from someone who admits to being one article away from complete ignorance on the subject.
The British and French were trustees of those lands after the collapse of the Ottoman Empire. They had promised independence to the Arabs, for supporting them in WWI. What were they supposed to do? Leave the Arabs to sort out a diplomatic solution amongst themselves?

Re:Asymetrical warfare (1)

cold fjord (826450) | about 9 months ago | (#46283213)

Vive le Maréchal Foch!

"My centre is giving way, my right is retreating, situation excellent, I am attacking." -- General Ferdinand Foch [wikipedia.org]

Re:Asymetrical warfare (1)

aliquis (678370) | about 9 months ago | (#46283367)

This also can lead to a cult of the offensive:
http://en.wikipedia.org/wiki/C... [wikipedia.org]

lol, also true in RTS games.

So you think those towers/turrets with catapults/missile launchers/.. behind them will save you and win the war? Think again.

Re:Asymetrical warfare (1)

aslashdotaccount (539214) | about 9 months ago | (#46283397)

It's a lucrative business for all the major software vendors and affiliated consultancy firms. So, I'm only expecting these 'hacking' incidents to gain momentum and the cost of fixes to increase astronomically.

How stupid have they got to be to allow a 'public-facing' website to have any connection whatsoever to the "US navy's largest unclassified network"? I've got clients with public web servers which rely on data in mission-critical databases. Yet, none of these servers actually have access to those databases, only replicas. Plus, the replicas are always stored in separate virtual networks, with the critical network cordoned off in a separate VLAN. If I'm able to do this in one of the smallest countries in the world, how can the US Navy credibly claim that somebody from Iran tapped into the 'bloodstream' of their network?

Re:Asymetrical warfare (2)

Gogo0 (877020) | about 9 months ago | (#46283503)

DoD public-facing server are supposed to be cordoned off, DMZ'd, hardened to the point where theyre nearly unusable, and not contain anything but data classified as PUBLIC (ie, lose the server and you lose nothing important). These are part of many DISA requirements that simply werent followed. These guys were lazy/bad/apathetic -they arent now (though still getting paid the same, so why should they care).

The "Bloodstream" is just some official talking out of his ass about something he doesnt understand, unless he is talking about the DISA network the navy rides (which could /correctly/ be analogized as the 'bloodstream' of the global navy network). But that would be actual serious shit, and a different story altogether. Or maybe its a regional/theatre ops center with connections to lots of enclaves. Who knows.

My guess is that the web admins had a lax PKI implementation and local admin accounts that shared username/password with other servers. This "bloodstream" thing makes no sense as there are supposed to be physical and logical boundaries between enclaves. how much access do you have to your ISP's equipment? DoD networks are supposed to be like that to compartmentalize things.

Really, most of the explanation of what actually took place sounds like gibberish.

Re:Asymetrical warfare (1)

AHuxley (892839) | about 9 months ago | (#46285007)

Its all in the billable hours to fix systems facing the 'internet' that should not be or should have been more secure. Its win win win for the teams and staff. Over time, new systems will be needing 'expert' help, long hours and then all the new issues with a new system over months. If its fixed, another round of unexpected events ensure more fixes and costly upgrades are needed.
Are other nations looking, sure - but they don't get caught in low end events and usually have 'locals' to guide them in and out of any network of interest i.e. zero US press coverage.
News like this is for internal US gov (and sock puppet) consumption resulting in budget growth, department growth and new hardware sales for selected contractors :)

Re:Asymetrical warfare (5, Interesting)

khasim (1285) | about 9 months ago | (#46283209)

My first question would be ... how are we sure that Iran did this?

The second question would be how did whomever do it? We've heard about how the NSA/CIA/etc are stockpiling zero-day exploits. Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283315)

First question should be: Why is is being printed for everyone in America to see? "Hey! Look how incompetent we are! Allow us more moneys!

Not really a good tactic if the source material is true.

Re:Asymetrical warfare (1)

Camel Pilot (78781) | about 9 months ago | (#46283371)

I don't know about you but I don't want the government "classifying" screwups or incompetence to spare themselves the embarrassment... unfortunately that does happen.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46285047)

screwups are specifically prohibited from being classified to obscure them. It's a felony. However, the vulnerabilities exploited should be classified.

Re:Asymetrical warfare (1)

Eunuchswear (210685) | about 9 months ago | (#46285443)

First question should be: Why is is being printed for everyone in America to see? "Hey! Look how incompetent we are! Allow us more moneys!

Not really a good tactic if the source material is true.

For everyone in America to see?

The attackers already know it worked.

Re:Asymetrical warfare (3, Insightful)

Anonymous Coward | about 9 months ago | (#46283369)

Stockpiling them instead of helping the vendors fix them. So were our systems cracked by an enemy using an exploit that we knew of?

This is an interesting question; it's still not enough. Experience in OpenBSD's audit process [openbsd.org] shows that a single vulnerability is an entry to finding other bugs. If you fix all of the similar bugs in your code then you very likely fix vulnerabilities you will never realise you had. The NSA (and the GCHQs) should be using it's government purchasing power to

  • insist that the source code to all software used by their nation is availble to them; recommend against code without the source code
  • actively identify and report vulnerabilities
  • build automatic tools which identify all similar bugs in the vendor's code
  • offer support to vendors in building their own tools to do similar things
  • again; recommend against and (for networks where they have access) insist on replacing software where the vendor doesn't then rapidly fix those similar bugs

This kind of work would make the internet safer for everyone. It would interfere slightly with some of their spying work, however the benefit of having a safe, stable, secure internet would vastly outweigh that. Even so they would find plenty of space in a) software targeted to other nations and b) systems yet fully upgraded to be able to able to continue that work.

When they fail to do this they are failing in their duties.

Re:Asymetrical warfare (2)

AmiMoJo (196126) | about 9 months ago | (#46283857)

My first question would be ... how are we sure that Iran did this?

Because we have always been at war with Iran.

Re:Asymetrical warfare (1)

cold fjord (826450) | about 9 months ago | (#46284735)

It would be more accurate to say that Iran has always been at war with the US after the Islamic Revolution overthrew the Shah.

"it would be more accurate to say that Iran has al (1)

c0rr3k710n (3543727) | about 9 months ago | (#46284975)

The coup d'etat was way before your date (which was 79' revolution.) You can read more about that at wiki: http://en.wikipedia.org/wiki/1... [wikipedia.org] It probably dates way before these dates.

Re:"it would be more accurate to say that Iran has (1)

cold fjord (826450) | about 9 months ago | (#46285121)

Both the Shah and Iran were friendly to the US until the revolutionary Islamist government took power and declared the US to be its enemy. That also extended to another Iranian ally, Israel. The problem in relations between Iran and Israel is Iran's doing.

As to the coup, if you look into the history you will see that democracy was gone. The legislature had been dissolved, an election faked, and the PM was ruling by decree and ignored the usual checks and balances in a constitutional monarchy of the monarch being able to dismiss the PM. The head of state, the Shah, was forced to flee. Iran was in fact a dictatorship at that point. What you refer to as a coup was in fact a counter-coup and restored the Shah to power.

Re:"it would be more accurate to say that Iran has (1)

dave420 (699308) | about 9 months ago | (#46285285)

You are hopeless. Absolutely hopeless.

Re:"it would be more accurate to say that Iran has (1)

cold fjord (826450) | about 9 months ago | (#46285515)

In short I'm correct, just not "politically correct."

"Both the Shah and Iran were friendly to the US un (1)

c0rr3k710n (3543727) | about 9 months ago | (#46285873)

"... until the revolutionary Islamist government took power and declared the US to be its enemy." That's because Iraq attacked Iran then. Where Iraq used biological bombs; Iran refused to stoop to that level. Iraq, with US intelligence+weapons. As such, US was their enemy too. Note that it was a coup, not "counter-coup." Even the CIA admits to that: http://www2.gwu.edu/~nsarchiv/... [gwu.edu] Stephen Kinzer wrote a Bestseller there: All the Shah's Men: An American Coup and the Roots of Middle East Terror.

Re:"Both the Shah and Iran were friendly to the US (1)

cold fjord (826450) | about 9 months ago | (#46286055)

Your history is a bit scrambled. Ayatollah Khomeini declared the US to be "The Great Satan" nearly a year before Iraq attacked Iran.

I know that Iraq used chemical weapons, as did Iran. I don't think that they used biological weapons at all.

A counter-coup is still a coup, but it is in reaction to another.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46284393)

Lack of interdepartmental cooperation. Who ever said the NSA actually shares all their goodies with other Government agencies? For all we know, maybe it was the ?NSA who did it, and cleverly left the right clues behind to pin the blame on the Iranians when the human excrement hit the air pump.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46284783)

My first question would be ... how are we sure that Iran did this?

The second question would be

And the third question would be, what version of windows was compromised?

Third question (2)

ThatsNotPudding (1045640) | about 9 months ago | (#46284853)

Do we bother believing the DOD telling us another story about big, bad, Muslim wolves and the need for endless war footing?

And if they spent $10 million, no doubt about 75% of that was wasted, poured down the maws of corpulent military contractors (cui bono).

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283217)

What good is an Intranet if you're unable to... *BOOM...SIZZLE* -EMP-. Ok boys, guess we can fuck this electronic pussy shit and go full kinetic from here on out. Knives and 1911s. Do it! Go go go!

Re: Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283351)

Yeah. This is fourth generation warfare.

The enemy can attack you for 1500 USD and cause 10 M USD loss to you. Guess who will win in the long run?

As a defensive measure asymmetric warfare is great. The only way for the attacker to win is to alter their strategy and give up some of the goals they have and focus their efforts in things in which they can win. This may mean the attacker does not get their way, for example control of a country with large reserves of something, such as oil.

Re:Asymetrical warfare - Not (4, Interesting)

bkmoore (1910118) | about 9 months ago | (#46283447)

We're not at war with Iran, and no sane person in the U.S. or in Iran wants a shooting war. IMHO, what we have here is more of a cold-war style cat and mouse game where each side tries to provoke the other and see how far they can go. Examples being Iran supplying arms to Shiite militias in Iraq, Iran being involved in proxy wars in Syria and Lebanon, taking Americans hostage, and developing a nuclear weapons capability. The U.S. responded with Stuxnet and probably a few other things that we don't know about. In the end it's really about gaining some sort of political bargaining advantage and to have a stronger bargaining position when the time for deal making comes.

Iran is also the regional heavy weight, and they're not a bunch of modern-day spearchuckers as the parent somehow implies. They do have a professional conventional military with semi-modern weapons systems. They also have the ability to maintain, develop and upgrade their weapons systems. The main difference between Iran and the U.S. is that Iran lacks the global logistical capabilities that America brings to the battle field, and the depth that the U.S. has in any fight. The Iranians would lose a conventional battle with the U.S. and both sides know this. Defeating the U.S. in a conventional battle probably isn't a factor in Iran's military planning. They're more focused on regional domination, especially if and when the U.S. pulls out of the middle east. Without the U.S. backing of the Gulf states, Iran would probably be able to defeat any of their neighbors in a conventional war, at least in theory. Without the U.S., the only country in the region that might defeat Iran would be India.

If somehow forced into a conventional fight with the U.S., Iran could, with the right leadership, inflict heavy damage before being defeated. But Iran is a very old country. IMHO, they're playing for time and will poke us at any chance they get. As Sun Tzu once said, "If you wait by the river long enough, the bodies of your enemies will float by." In more modern terms that is called, "strategic patience."

Re:Asymetrical warfare - Not (0)

Anonymous Coward | about 9 months ago | (#46284209)

Stuxnet was the Israelis. You can tell because it was sophisticated and effective, intead of an over-sophisticed pork-barrel funded clusterfutz. Iran has effectively been applying guerrilla tactics against the US for decades, and has never forgiven the US for their long support of the astonishingly corrupt and destructive Shah of Irian, any more than the Cubans have ever forgiven them for supporting Batista, nor the Iraqis for first supporting Sadam, then ignoring his genocide, and only bothering about him when he threatened the oil supplies by invading Kuwait or eventually gradually losing control of Iraq.

Both Pakistan and Israel have far better trained troops, better equipment, and nuclear weapons to bomb Iran into the stone age, so don't get silly about "only India could defeat Iran". Both those nations know that they could not *hold* Iran afterwards. The Iraqis tried it, and got ground into history like a European army invading Moscow: an organized army can't outlast natives and terrain when everyone on the ground hates them. Everyone in Muslim world has learned the lessons of hundreds of years of invasions of Afghanistan, and more recently of Iraq: if you invade a country that has nothing to lose, they can outlast your willingness to spend money and troops.

Re:Asymetrical warfare - Not (1)

Eunuchswear (210685) | about 9 months ago | (#46285497)

Both Pakistan and Israel have far better trained troops, better equipment, and nuclear weapons to bomb Iran into the stone age,

And people wonder why Iran wants the bomb.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283599)

Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money. As long as you have them you are on a perpetual upgrade cycle if you don't want to be outclassed.

And the US will spend itself into oblivion if it continues on this path.

Meanwhile, Iraq is slipping back into the grasp of "the enemy" and
Afghanistan will as well. The reality is that war against a determined
adversary who is not afraid to die cannot be won unless and until virtually
every adversary is killed. And that is impossible.

Afghanistan and Iraq will be massive failures, just as Viet Nam was.

It is time for the US to put away the weapons and conduct itself in a different manner,
such that it does not end up being hated by much of the world. Force won't win, only
reclaiming the moral high ground will win. And no amount of ColdFjord propaganda
bullshit will change this truth.

Re:Asymetrical warfare (1)

Eunuchswear (210685) | about 9 months ago | (#46285533)

Afghanistan and Iraq will be massive failures, just as Viet Nam was.

No.

Vietnam was a success. The right side won, Vietnam is now an increasinly prosperous trading partner of the US.

There is no way Afghanistan or Iraq will ever become success stories like Vietnam.

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46283749)

Just curious but is it legal for a u.s. Citizen to hack Iranian owned computers? Just curious if there's a loop hole, forbidden, or allowable?

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46284337)

If there is one thing Iran probably isn't short of it is smart people that like to play with computers.

Wait, what?!?!?! No no no, Fox News told me that Iran was a backwards country that doesn't even have electricity and where school is outlawed! Next thing you know you'll be telling us that women have the right to vote in Iran.

Re:Asymetrical warfare (1)

SpankiMonki (3493987) | about 9 months ago | (#46285087)

Missiles, ships, planes, tanks, and large groups of soldiers all cost a lot of money....A geek with a computer is pretty cheap, can do a lot of things, and cause a lot of really inconvenient problems.

I bet that's why the hackers used the compromised machines to play "Dirty Deeds Done Dirt Cheap" instead of "Thunderstruck". [dailymail.co.uk]

Re:Asymetrical warfare (0)

Anonymous Coward | about 9 months ago | (#46285281)

The summary states that the repair cost is $10 million and 4 months. I'm trying to decide if that is the cost to reset the settings to what they were before, which is a repair, or if they implemented better security, so it is a $10 million and 4 months security update.

I get the feeling they are merely building one of those walls from Pacific Rim.

Re: Asymetrical warfare (4, Insightful)

Mabhatter (126906) | about 9 months ago | (#46286851)

That's ok, we attacked their infrastructure with damaging programs first. If the CIA is gonna play with hackers, they'd better make sure the rest of the military is ready to play ball too.

It's not lie the navy had a few years of notice after Stuxxnet that the Iranians were going to take a shot back. If the navy can't hang with the big kids, they better stay out of hacking OTHER countries, eh.

False flag? (0)

Anonymous Coward | about 9 months ago | (#46283075)

Wow suddenly they're super skilled and WE NEED MORE MONEY!!

Oh good! (0)

Anonymous Coward | about 9 months ago | (#46283085)

Oh good! We haven't heard from the "false flag" trolls in a while. Where you been?

Re:False flag? (4, Informative)

Ralph Wiggam (22354) | about 9 months ago | (#46283275)

The Marine Corp's budget is $29B per year. An extra $10M would be an increase of 0.03%. The Department of Defense budget, minus the money spent on individual military branches, is $190B. $10M is 0.005% of that.

Re:False flag? (2)

NoKaOi (1415755) | about 9 months ago | (#46284315)

The Marine Corp's budget is $29B per year. An extra $10M would be an increase of 0.03%. The Department of Defense budget, minus the money spent on individual military branches, is $190B. $10M is 0.005% of that.

Another figure to put in in perspective: 5% of the cost of a single F-35 or F-22.

Re:False flag? (1)

janrinok (846318) | about 9 months ago | (#46284319)

Its still $10M that could have remained in the taxpayers' pockets. Penny wise, and all that....

Re:False flag? (1)

Koby77 (992785) | about 9 months ago | (#46284741)

That $10M sounds pretty damn cost efficient compared to the costs of the obamacare website.

Re:False flag? (1)

Sepodati (746220) | about 9 months ago | (#46284847)

That's not how budgets work.

Allah y'allah should knowah (1)

jennatalia (2684459) | about 9 months ago | (#46283101)

Where there's a willuh, there's a wayah. There's no better driving factor than to tell someone they can't do something.

Maybe they learned (3, Interesting)

Megahard (1053072) | about 9 months ago | (#46283121)

By studying Stuxnet.

Re:Maybe they learned (1)

cold fjord (826450) | about 9 months ago | (#46283123)

They probably both learned about the technology, and to take it seriously.

Re:Maybe they learned (2, Informative)

rtb61 (674572) | about 9 months ago | (#46283253)

Far more likely the US congress running around all the time threatening to kill millions of Iranians to keep Israeli campaign donors happy has motivated a lot of high order Iranian thinkers to work together to thumb their noses at the US dogs of war.

Real reason why the failure, US computer security services were far too busy attacking everyone else, purposefully leaving holes in the system and in some super crazily deranged false flag attack creating new ones for others to exploit which is OK so long as they can also exploit them (seriously WTF). Want security in the US then completely separate cybersecuirty defence from offence and remind defensive system that they should consider offensive systems as the enemy and if they catch them operating within domestic territory they should be arrested and prosecuted.

Until then expect to routinely fail on the defensive side because it is harder and there is more opportunity for promotion impacting failure (success is the expected norm, failure is punished). On the attack side of course failure is completely ignored (failure is the norm, success in rewarded). Not to forget that success on the attack side requires your targets to fail. I'm sure anyone with half a brain can see the problem this creates, well, perhaps not your typical US politician or military type. Hint, you create a system where attack is promoted and those within the system prefer the attack side because that's where the promotions are and defence is where the losers end up because success for them is never rewarded but failure is a guaranteed career killer (which is why you separate them). Attack will also hide information from defence to protect it so they can use it, whilst demanding all information from defence in order to create new attacks and weakening defence.

Re:Maybe they learned (1)

Ralph Wiggam (22354) | about 9 months ago | (#46283277)

Is there anything that this site can't blame on the Jews?

Re:Maybe they learned (0)

Anonymous Coward | about 9 months ago | (#46283329)

Welllllllll....... If you look around you and read up on the world around you then you wouldn't narrow it to "this site." It's sort of a real thing, Dingleberry.

Re:Maybe they learned (1)

quenda (644621) | about 9 months ago | (#46284073)

Is there anything that this site can't blame on the Jews?

You cannot seriously discuss US middle-eastern policy without mentioning the Jewish/Israeli lobby. Or if you don't, its the elephant in the room.
The same applies to oil. Middle-east wars would be about as interesting as the latest conflict in the Congo if they had no oil and no Israel.

Re:Maybe they learned (0)

Anonymous Coward | about 9 months ago | (#46284599)

They probably bought some expertise from Russia.

Maybe they watched Iron Eagle... (2)

TWX (665546) | about 9 months ago | (#46283139)

...and figured they could get some much-needed F14 parts if they requisitioned planes to be outfitted special for missions...

latest propaganda from Cold Fucktard (1, Insightful)

Anonymous Coward | about 9 months ago | (#46283141)

Practicing the classic 'government officials say' rhetoric without mentioning Stuxnet, or what the U.S. would do if it was Iran sabotaging American nuclear facilities.

Re:latest propaganda from Cold Fucktard (-1)

Anonymous Coward | about 9 months ago | (#46283225)

Dude, you seem to be the one engaging in propaganda. This is about news that happened in the US to a US network, not in Iran. Get a grip. You should also see about getting some cream for that butthurt you have about cold fjord.

Re:latest propaganda from Cold Fucktard (0)

Anonymous Coward | about 9 months ago | (#46283471)

You missed the "what the U.S. would do if it was Iran sabotaging American nuclear facilities."

Obviously, we know the answer. It would be considered an act of war. Rightfully.

Let's hope... (2)

Ichijo (607641) | about 9 months ago | (#46283163)

...the Navy saved taxpayers at least that much by not having tighter security.

Well, it was a nice thought.

Reading between the lines (1, Insightful)

Anonymous Coward | about 9 months ago | (#46283165)

cold fjord sends news ...

So, you had to edit out the anit-Islam panic from his original post.

Re:Reading between the lines (1, Insightful)

cold fjord (826450) | about 9 months ago | (#46283295)

Please go to the trouble of actually reading what I write. I don't engage in "anti-Islam panic." I am against violent extremists, aren't you? Certainly many ordinary Muslims are against the extremists and just want to live in peace.

Re:Reading between the lines (-1)

Anonymous Coward | about 9 months ago | (#46283641)

Interesting - someone says "Islam", and you think "violent extremists".

I'm sure you think you're being rational, but this thread says otherwise: http://slashdot.org/comments.p... [slashdot.org]

Hmmm who put that there? (1)

m3ntos (225331) | about 9 months ago | (#46283177)

If I was the yavn and wanted to host a honeypot what would it look like?

Tit for tat (3, Insightful)

Sigurd_Fafnersbane (674740) | about 9 months ago | (#46283269)

They seem to learn fast, also they have a lot of good engineers. We should expect some kind of response to Stuxnet and I guess we have established by Stuxnet that electronic warfare is OK for countries to do against each other.

It is going to be much harder to stomach the day some Air-force guy is taken out by a drone attach in Virginia with a missile to his car as he is delivering his children to Kindergarten.

Re:Tit for tat (-1)

Anonymous Coward | about 9 months ago | (#46283357)

And that is an insightful point. The Republicans decided to do Stuxnet to escalate the conflict. Now they can justify taking even more money at gunpoint from the American people. It was a brilliant move on their part.

Re:Tit for tat (0)

Anonymous Coward | about 9 months ago | (#46283413)

Republicans....Democrats......

Actually.... It's YOUR fault and YOURS alone.

Re:Tit for tat (0)

Anonymous Coward | about 9 months ago | (#46285603)

oh no that would be terrorism.

Subcontractors (1)

edibobb (113989) | about 9 months ago | (#46283291)

Iran is still not capable. They hired Russian and Chinese hackers.

Re:Subcontractors (0)

Anonymous Coward | about 9 months ago | (#46283393)

I second this Notion.

Poor practices already have massive consequences (2, Informative)

Anonymous Coward | about 9 months ago | (#46283323)

It's not just the military or Iran. We choose to twittle our thumbs and write it off as a rarity. Most companies don't even realize the drastic damage its doing. When your competition in China has all your secrets and make identical clones of your products for a fraction of the price how do you expect to stay in business. Iran's impact is probably insignificant in the scheme of things. It's industrial espionage and 'theft' of proprietary information that's the major problem. Iran's just an exemplary example at the moment, but in reality most of these attacks are just swept under the carpet until the system breaks down utterly and completely. All the while you wonder why American companies are selling out there core businesses. There is nothing left the competition doesn't already have.

The only answer to this problem is defaulting to hardened systems, moving away from auto-on for stupid default setting (macros, javascript, etc), etc.

But your company uses Microsoft Windows? ohh never mind. Keep doing what your doing. I'm sure you'll survive given nobody ever went wrong with that!

I know how to use HMI/SCADA to detonate things (2)

IgnorantMotherFucker (3394481) | about 9 months ago | (#46283373)

this was clearly explained to me by the principal author of the HMI/SCADA program that I'd just been hired to work on. I later resigned in protest.

It's been long enough I figure they've fixed their security holes by now.

Despite their taking industrial safety very seriously, to company owner thought it was quite fucking funny that his product was totally shot through with security holes.

HMI/SCADA: Human-Machine Interface / Supervisory Control And Data Acquisition. That's the proper name for what most would call industrial control systems.

The Stuxnet and Flame worms attacked our competitor Siemens' HMI/SCADA, but only when the installations were in Iran. Particularly they spun the Uranium Hexafluoride Gas Turbine Centrifuges far faster than the could tolerate them, thereby damaging them.

It's not like the Iranians don't know how to write computer programs. Maybe right now would be a good time to move way the Hell out into the countryside, and invest in some HEPA filters and lots of solar power.

HEPA filters can get plutonium dust out of the air you see.

The US Navy has lots of windows boxen (5, Informative)

IgnorantMotherFucker (3394481) | about 9 months ago | (#46283415)

I know this because a client I once consulted for, sold 400,000 licenses for their Windows product to the Navy.

Windows isn't so bad if it's properly locked down, but it's not really possible to do that unless all of your application are Windows Logo-compliant, for example they don't store end-user documents in the Program Files folder. I expect the military has a lot of homebrew software they absolutely need to use, that prevents Program Files from being locked down.

Also everyone who actually administrates a windows box, has to actually know how to lock it down.

The Navy's Smart Ship technology is being considered a success, because it has resulted in reduced manpower, workloads, maintenance and costs for sailors aboard the Aegis missile cruiser USS Yorktown. However, in September 1997, the Yorktown suffered a systems failure during maneuvers off the coast of Cape Charles, VA., apparently as a result of the failure to prevent a divide by zero in a Windows NT application. The zero seems to have been an erroneous data item that was manually entered. Atlantic Fleet officials said the ship was dead in the water for about 2 hours and 45 minutes. A previous loss of propulsion occurred on 2 May 1997, also due to software. Other system collapses are also indicated. [Source: Gregory Slabodkin, Software glitches leave Navy Smart Ship dead in the water, Government Computer News, 13 Jul 1998, PGN Stark Abstracting from http://www.gcn.com/gcn/1998/Ju... [gcn.com] ...

``Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor,'' said Anthony DiGiorgio, a civilian engineer with the Atlantic Fleet Technical Support Center in Norfolk.

Re:The US Navy has lots of windows boxen (1)

ruir (2709173) | about 9 months ago | (#46283935)

You dont need to consult for them, it is public knowledge they are so incompetent and deranged to run nuclear power submarines with windows boxen.

Re:The US Navy has lots of windows boxen (1)

Anonymous Coward | about 9 months ago | (#46283957)

Old news. They have learned a little bit since then.

http://arstechnica.com/information-technology/2013/10/the-navys-newest-warship-is-powered-by-linux/

Re:The US Navy has lots of windows boxen (1)

msauve (701917) | about 9 months ago | (#46284363)

Bluewater screen of literal death? It's General Protection's fault.

The NMCI was ALL windows... (0)

Anonymous Coward | about 9 months ago | (#46284683)

And requires a waver to put anything else on it.

Cost about $3500 per seat.

Windows was picked simply because Microsoft gave a cut rate price to the GSA.

Secure? not a chance.

None of the scientists could use it. To do just one minor thing (email some minor data from place to place, and use it) couldn't be done... without a piece of software from Romania. They couldn't get it because of that. On linux, which they were already using it was trivial.

So nearly everybody got two systems - one Linux to do real work on (and attached to a different network), and one NMCI, just so they could send their status reports on.

Re:The US Navy has lots of windows boxen (1)

Virtex (2914) | about 9 months ago | (#46285887)

I remember shortly after the Navy had their problem with the Yorktown, an admiral was quoted as saying, "A lot of people claim Windows NT is unstable, but we've found that not to be the case. Our Windows machines have an average uptime of around 95%" A 95% uptime works out to an hour and 12 minutes of downtime per day. Without realizing it, he made the point of just how bad NT4 really was. Fortunately for Microsoft, Windows stability has improved dramatically since those days.

BFD (0)

Anonymous Coward | about 9 months ago | (#46283563)

NSA hacking will take billion and many years to repair.

Posing as me (0)

Anonymous Coward | about 9 months ago | (#46284183)

front opens at large

People in glass houses (0)

Anonymous Coward | about 9 months ago | (#46284389)

Obama, elected leader of a country with a huge technology infrastructure, launched a cyberattack against a country with a much smaller technology infrastructure. Well, fucking duh. What did he expect them to do. Sit there and take it? Don't be fooled by the crisp suits and beautiful speech. As a President, he's as dumb ass.

Let's not pussyfoot the issue... (0)

Anonymous Coward | about 9 months ago | (#46284757)

Bomb the shit out of them.. Let's see those nerds firewall our drones!

Re (1)

c0rr3k710n (3543727) | about 9 months ago | (#46285009)

What was that, "Golden rule" or "Eye for eye"? Looks like you're still in the latter buddy; except you're probably "Eye for scrape"

10 MILLION fucking dollars? (0)

Anonymous Coward | about 9 months ago | (#46284845)

Jesus titty fucking Christ!

Boy am I in the wrong job.

Tim

Am I missing something? (1)

benjfowler (239527) | about 9 months ago | (#46285199)

Is this just Iranians basically commiting acts of hooliganism? Is there any damage actually being done here?

One must ask, "Who started the Cycle?" (1)

NReitzel (77941) | about 9 months ago | (#46285839)

So, we unleashed stuxnet. Among other things, it came back and bit us on the ass, and now those against whom we sinned, have returned the favor.

"What a Shock!"

At mait lefitgam dekharev, at khai lefitgam dekharev.

Saudi Oil Company is Vela (0)

Anonymous Coward | about 9 months ago | (#46286523)

The Saudi Oil Company in question here is Vela. One of the tactics used to hack Vela is straight out of the NSA's catalog of exploits. Infected SIM cards were used to gain one time passwords from system administrators. This news article reeks of propaganda and misdirection. Either that or Iran has capabilities on par with the NSA.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?