Worst cyber attack on US military came via flash drive

August 25, 2010
US Deputy Secretary of Defense William Lynn testifies in 2009. The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, Lynn said Wednesday.

The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, a top US defense official said Wednesday.

The thumb drive, which was inserted in a military laptop in the Mideast, contained that "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Deputy Defense Secretary William Lynn wrote in the journal Foreign Affairs.

The code was placed on the drive by "a foreign intelligence agency," Lynn wrote.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Previous media reports speculated that the attack may have originated from Russia.

The Pentagon had never openly discussed the incident, but Lynn chose to reveal the details of the attack as officials try to raise public awareness of the growing threat posed to government computer networks.

The incident served as a wake-up for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command, Lynn said.

After the 2008 assault, the banned its work force from using flash drives, but recently eased the prohibition.

Since the attack, the military has developed methods to uncover intruders inside its network, or so-called "active defense systems," according to Lynn.

But he added that drafting rules of engagement for defending against was "not easy," as the laws of war were written before the advent of a digital battlefield.

Explore further: Pentagon says military response to cyber attack possible

Related Stories

Pentagon spends $100 million to fix cyber attacks

April 7, 2009

(AP) -- The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.

Pentagon reviews social networking on computers

August 5, 2009

(AP) -- The Pentagon is reviewing the use of Facebook and other social networking sites on its computers with an eye toward setting rules on how to protect against possible security risks.

Homeland Security to hire up to 1K cyber experts

October 1, 2009

(AP) -- The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel ...

Sources: Pentagon planning new cybercommand

April 22, 2009

(AP) -- The Pentagon is planning to create a new military command to focus on cyberspace and protect its computer networks from cyberattacks, U.S. officials said Wednesday.

Recommended for you

Team breaks world record for fast, accurate AI training

November 7, 2018

Researchers at Hong Kong Baptist University (HKBU) have partnered with a team from Tencent Machine Learning to create a new technique for training artificial intelligence (AI) machines faster than ever before while maintaining ...


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Aug 25, 2010
they're just dumb for putting both together.. classified should never be on the same network as unclassified.. My dad works for a defense contractor, and their classified wires have to be 4 feet away from their unclassified ones. Everything classified can't be accessed via the internet. Stupid networking people over there.
5 / 5 (2) Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...
not rated yet Aug 25, 2010
also, make sure that flash drives don't autoplay like they want to (and usually do). It's not that hard people.... come on now...

Most workplaces that are security savvy have major restrictions on flash drives.
not rated yet Aug 25, 2010
Sounds like WikiLeak rebels up to their tricks again.
not rated yet Aug 25, 2010
Ah behold the power of Windows...

I hope Windows 8 has more security with artificial intelligence to make it easier to find keyloggers, etc.. "I am PC."
5 / 5 (2) Aug 26, 2010
haha they fell for the oldest "digital bait" in the book, leaving a flash stick in the parking lot of a military institution.human curiosity once again was the main hurdle.
not rated yet Aug 26, 2010
Like the old saying goes "Curiosity Killed The Cat."
not rated yet Aug 26, 2010
Ah behold the power of Windows...

Any operating system is vulnerable and to think otherwise is extremely naive.
1 / 5 (1) Aug 26, 2010
The only reason Windows gets attacked so much is because everyone uses it.

What's the point in making an OS virus?
5 / 5 (1) Aug 26, 2010
This public announcement looks about as wise as bleeding in shark infested waters.

With wikileaks serving up american classified documents to everyone, what is the real danger here?

Also, either we beef up security because this is a serious problem, or we adopt different tactics for declassifying information that doesn't need to be classified.
5 / 5 (1) Aug 26, 2010
Probably a soldier trying to load a uTorrent program that he downloaded, that came with a lil extra.. Either way, we're doing it to other countries, so we shouldn't be shocked at all. Anyone who thinks we don't have NSA hackers creating viruses is naive. Either way we need better protection for the computers... users will always do stupid things.. lower their user privileges, etc..
not rated yet Aug 29, 2010
I imagine we will be hearing more such stories. It's a great way for our Government to put many more restrictions over our Internet Freedom here in the U.S. To bad too.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.