Infected USB drive blamed for '08 military cyber breach
Malware was uploaded to network run by the U.S. Central Command
Computerworld - It was a USB drive loaded with malware.
That's how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military.
In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command.
The malware then spread -- undetected -- on both classified and unclassified systems, essentially establishing a "digital beachhead" from which data could be transferred to servers outside the U.S, "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn wrote.
He did not say whether the malware allowed any classified or unclassified data to be stolen from U.S. Defense networks. Nor did he offer clues as to which foreign intelligence agency may have been behind the intrusion.
Even so, Lynn described the hitherto classified incident as the "most significant breach of U.S. military computers ever," saying it served as an important wake-up call for the military.
The incident led to a massive Pentagon response operation called "Operation Buckshot Yankee" aimed at purging infected systems of the malware and preventing something similar from happening again.
Lynn's description in Foreign Affairs throws a little more light on the military's sudden ban on the use of removable USB flash drives in 2008. At that time, the Pentagon said its decision was tied to concerns about a malware program called Agent.btz that propagated itself via the drives. That worm was a variant of another malware program called SillyFDC that was designed to scan infected systems for specific data and open backdoors for communications with remote command and control servers.
The Pentagon said at the time that the malware had begun infecting military systems, but offered few other reasons for the USB ban.
The incident highlights the enormous problems that can result from seemingly minor vulnerabilities, said J.R. Reagan, a analyst with Deloitte Consulting Services. "It brings to life what we have all feared for a long time from the small little holes in the dike that can really open up big problems," Reagan said.
In the military's case, the problems may have been exacerbated by an ongoing drive to make information sharing easier, he said.
The bigger issue really is not that the intrusion happened in the first place, but just how much information was in danger of being spirited out of the military's network, he said.
Lynn's description of the USB incident is part of a broader article on the challenges the U.S. military faces in securing its networks against foreign intelligence agencies. U.S. military networks are probed thousands of a times a day, he said.
"Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations," Lynn said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!