Iranian Hacking to Test NSA Nominee Michael Rogers

Infiltration of Navy Computer Network More Extensive Than Previously Thought.

Iran’s infiltration of a Navy computer network was far more extensive than previously thought, according to officials, and the officer who led the response will likely face questions about it from senators weighing his nomination as the next head of the embattled National Security Agency.

It took the Navy about four months to finally purge the hackers from its biggest unclassified computer network, according to current and former officials.

Some lawmakers are concerned about how long it took. When Vice Adm. Michael Rogers, President Barack Obama’s choice for the new NSA director, faces his confirmation hearing, some senators are expected to ask whether there is a long-term plan to address security gaps exposed by the attack, congressional aides said. The hearing hasn’t been scheduled yet, but could be next month.

The Wall Street Journal in September first reported the discovery of the Iranian cyberattack. Officials at the time said the intruders had been removed. However, officials now acknowledge that the attack was more invasive, getting into what one called the “bloodstream” of the Navy and Marine Corps system and managing to stay there until November.

The hackers targeted the Navy Marine Corps Intranet, the unclassified network used by the Department of the Navy to host websites, store nonsensitive information and handle voice, video and data communications. The network has 800,000 users at 2,500 locations, according to the Navy.

Officials said there was no evidence the Iranians have been able to break into a network beyond the Navy Marine Corps Intranet and no classified networks were penetrated.

Network repairs continue to close the many security gaps revealed by the intrusion, not just on Navy computers but across the Department of Defense, the officials said.

More From The Wall Street Journal (subscription required):