US officials have revealed that Iranian hackers managed to infiltrate an unclassified computer network belonging to the US Navy. The attacks are believed to have taken place sometime over the last few weeks. In a statement addressing the issue, the officials blamed either Iranian agents or proxies acting with the support of Tehran.
Embarrassingly for Iranian President Hassan Rouhani, the revelations surfaced on the same weekend that he spoke with President Obama by phone in the first leader-to-leader communication to take place between the two countries since the Iranian Revolution of 1979. Commentators have speculated about whether this incident might slow the thaw seeming to take hold in US-Iran relations since the moderate Rouhani took power earlier this year.
The Iranian President isn't the only one to be embarrassed by the news. The Navy and Marine Corps Intranet (NMCI), the system believed to have been breached, is the largest internal network in the world. It includes over 363,000 individual computers, and serves more than 700,000 Sailors, Marines and civilians in 620 locations across the continental US, Hawaii, and Japan. The network was developed by HP in 2000, and has been criticised before for lacking now-widespread security measures like hard disk encryption, threat heuristics, and network access control.
"As a matter of policy and for reasons of operations security, we do not comment on the details of our operations to counter cyber threats or any allegations made in recent media reports," said Department of Defense spokesman Lt. Col. Damien Pickart in a statement.
Iran has been accused of hacking US energy companies in the past. Still, news of the breach of a government network has led to speculation about Iran's capabilities in the realm of cyberwarfare, and questions about the effectiveness of US defences. James Lewis, a former State Department official and cybersecurity specialist commented that "Iran is very active... They're better than we thought."
The NMCI network hosts email accounts belonging to top officials such as the chief of naval operations and commandant of the Marine Corps. While these accounts have apparently remained uncompromised, and the hackers are believed to have gained no sensitive information, the DoD has taken down the unclassified system for significant security upgrades.
A Pentagon spokesman said that defence networks are attacked almost constantly. "We take these attempts seriously and work to learn lessons from every one of them," he said.
Iranian officials haven't commented, but The Tehran Times has drawn parallels with the worm Stuxnet that sabotaged Iranian nuclear facilities in 2010, and was believed to be designed by Israeli and US programmers.
Coming just as the UK government announced its plans to develop a cyber defence force manned by reservists, the breach of the NMCI is another reminder of how cyberwarfare is increasingly becoming the fourth theatre of combat.
Image: Flickr (Virginia Guard Public Affairs)