Worst cyber attack on US military came via flash drive

Aug 25, 2010
US Deputy Secretary of Defense William Lynn testifies in 2009. The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, Lynn said Wednesday.

The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, a top US defense official said Wednesday.

The thumb drive, which was inserted in a military laptop in the Mideast, contained that "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Deputy Defense Secretary William Lynn wrote in the journal Foreign Affairs.

The code was placed on the drive by "a foreign intelligence agency," Lynn wrote.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Previous media reports speculated that the attack may have originated from Russia.

The Pentagon had never openly discussed the incident, but Lynn chose to reveal the details of the attack as officials try to raise public awareness of the growing threat posed to government computer networks.

The incident served as a wake-up for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command, Lynn said.

After the 2008 assault, the banned its work force from using flash drives, but recently eased the prohibition.

Since the attack, the military has developed methods to uncover intruders inside its network, or so-called "active defense systems," according to Lynn.

But he added that drafting rules of engagement for defending against was "not easy," as the laws of war were written before the advent of a digital battlefield.

Explore further: Coping with floods—of water and data

add to favorites email to friend print save as pdf

Related Stories

Pentagon spends $100 million to fix cyber attacks

Apr 07, 2009

(AP) -- The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.

Pentagon reviews social networking on computers

Aug 05, 2009

(AP) -- The Pentagon is reviewing the use of Facebook and other social networking sites on its computers with an eye toward setting rules on how to protect against possible security risks.

Homeland Security to hire up to 1K cyber experts

Oct 01, 2009

(AP) -- The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel ...

Sources: Pentagon planning new cybercommand

Apr 22, 2009

(AP) -- The Pentagon is planning to create a new military command to focus on cyberspace and protect its computer networks from cyberattacks, U.S. officials said Wednesday.

Recommended for you

Coping with floods—of water and data

22 hours ago

Halloween 2013 brought real terror to an Austin, Texas, neighborhood, when a flash flood killed four residents and damaged roughly 1,200 homes. Following torrential rains, Onion Creek swept over its banks and inundated the ...

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

User comments : 13

Adjust slider to filter visible comments by rank

Display comments: newest first

Royale
5 / 5 (2) Aug 25, 2010
they're just dumb for putting both together.. classified should never be on the same network as unclassified.. My dad works for a defense contractor, and their classified wires have to be 4 feet away from their unclassified ones. Everything classified can't be accessed via the internet. Stupid networking people over there.
Royale
5 / 5 (2) Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...
TabulaMentis
not rated yet Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...

Most workplaces that are security savvy have major restrictions on flash drives.
TabulaMentis
not rated yet Aug 25, 2010
Sounds like WikiLeak rebels up to their tricks again.
DaveGee
Aug 25, 2010
This comment has been removed by a moderator.
TabulaMentis
not rated yet Aug 25, 2010
Ah behold the power of Windows...

I hope Windows 8 has more security with artificial intelligence to make it easier to find keyloggers, etc.. "I am PC."
Eco_R1
5 / 5 (2) Aug 26, 2010
haha they fell for the oldest "digital bait" in the book, leaving a flash stick in the parking lot of a military institution.human curiosity once again was the main hurdle.
TabulaMentis
not rated yet Aug 26, 2010
Like the old saying goes "Curiosity Killed The Cat."
CarolinaScotsman
not rated yet Aug 26, 2010
Ah behold the power of Windows...

Any operating system is vulnerable and to think otherwise is extremely naive.
Modernmystic
1 / 5 (1) Aug 26, 2010
The only reason Windows gets attacked so much is because everyone uses it.

What's the point in making an OS virus?
otto1923
2.5 / 5 (2) Aug 26, 2010
haha they fell for the oldest "digital bait" in the book, leaving a flash stick in the parking lot of a military institution.human curiosity once again was the main hurdle.
Which is why attacks of this sort must be engineered to prompt protective measures in a controlled way.

"The incident served as a wake-up for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command"

-If an attack of this sort is Inevitable then it is absolutely Vital that it occur at the proper time and in the proper manner so as to improve defenses while not endangering critical infrastructure.

This is why viruses are routinely created and spread, to maintain protective services and preempt genuine attack. It is also, by the way, how organisms develop their immune systems. Children instinctively get dirty and expose themselves to infection early so they can develop healthy immune systems and avoid asthma.
Lordjavathe3rd
5 / 5 (1) Aug 26, 2010
This public announcement looks about as wise as bleeding in shark infested waters.

With wikileaks serving up american classified documents to everyone, what is the real danger here?

Also, either we beef up security because this is a serious problem, or we adopt different tactics for declassifying information that doesn't need to be classified.
Royale
5 / 5 (1) Aug 26, 2010
Probably a soldier trying to load a uTorrent program that he downloaded, that came with a lil extra.. Either way, we're doing it to other countries, so we shouldn't be shocked at all. Anyone who thinks we don't have NSA hackers creating viruses is naive. Either way we need better protection for the computers... users will always do stupid things.. lower their user privileges, etc..
ElasfarSovereign
not rated yet Aug 29, 2010
I imagine we will be hearing more such stories. It's a great way for our Government to put many more restrictions over our Internet Freedom here in the U.S. To bad too.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.