Worst cyber attack on US military came via flash drive

US Deputy Secretary of Defense William Lynn
US Deputy Secretary of Defense William Lynn testifies in 2009. The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, Lynn said Wednesday.

The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, a top US defense official said Wednesday.

The thumb drive, which was inserted in a military laptop in the Mideast, contained that "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Deputy Defense Secretary William Lynn wrote in the journal Foreign Affairs.

The code was placed on the drive by "a foreign intelligence agency," Lynn wrote.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Previous media reports speculated that the attack may have originated from Russia.

The Pentagon had never openly discussed the incident, but Lynn chose to reveal the details of the attack as officials try to raise public awareness of the growing threat posed to government computer networks.

The incident served as a wake-up for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command, Lynn said.

After the 2008 assault, the banned its work force from using flash drives, but recently eased the prohibition.

Since the attack, the military has developed methods to uncover intruders inside its network, or so-called "active defense systems," according to Lynn.

But he added that drafting rules of engagement for defending against was "not easy," as the laws of war were written before the advent of a digital battlefield.


Explore further

Pentagon says military response to cyber attack possible

(c) 2010 AFP

Citation: Worst cyber attack on US military came via flash drive (2010, August 25) retrieved 15 October 2019 from https://phys.org/news/2010-08-worst-cyber-military.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Aug 25, 2010
they're just dumb for putting both together.. classified should never be on the same network as unclassified.. My dad works for a defense contractor, and their classified wires have to be 4 feet away from their unclassified ones. Everything classified can't be accessed via the internet. Stupid networking people over there.

Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...

Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...

Most workplaces that are security savvy have major restrictions on flash drives.

Aug 25, 2010
Sounds like WikiLeak rebels up to their tricks again.

Aug 25, 2010
Ah behold the power of Windows...

I hope Windows 8 has more security with artificial intelligence to make it easier to find keyloggers, etc.. "I am PC."

Aug 26, 2010
haha they fell for the oldest "digital bait" in the book, leaving a flash stick in the parking lot of a military institution.human curiosity once again was the main hurdle.

Aug 26, 2010
Like the old saying goes "Curiosity Killed The Cat."

Aug 26, 2010
Ah behold the power of Windows...

Any operating system is vulnerable and to think otherwise is extremely naive.

Aug 26, 2010
The only reason Windows gets attacked so much is because everyone uses it.

What's the point in making an OS virus?

Aug 26, 2010
This public announcement looks about as wise as bleeding in shark infested waters.

With wikileaks serving up american classified documents to everyone, what is the real danger here?

Also, either we beef up security because this is a serious problem, or we adopt different tactics for declassifying information that doesn't need to be classified.

Aug 26, 2010
Probably a soldier trying to load a uTorrent program that he downloaded, that came with a lil extra.. Either way, we're doing it to other countries, so we shouldn't be shocked at all. Anyone who thinks we don't have NSA hackers creating viruses is naive. Either way we need better protection for the computers... users will always do stupid things.. lower their user privileges, etc..

Aug 29, 2010
I imagine we will be hearing more such stories. It's a great way for our Government to put many more restrictions over our Internet Freedom here in the U.S. To bad too.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more