Infected USB drive blamed for '08 military cyber breach
Malware was uploaded to network run by the U.S. Central Command
Computerworld - It was a USB drive loaded with malware.
That's how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military.
In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command.
The malware then spread -- undetected -- on both classified and unclassified systems, essentially establishing a "digital beachhead" from which data could be transferred to servers outside the U.S, "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn wrote.
He did not say whether the malware allowed any classified or unclassified data to be stolen from U.S. Defense networks. Nor did he offer clues as to which foreign intelligence agency may have been behind the intrusion.
Even so, Lynn described the hitherto classified incident as the "most significant breach of U.S. military computers ever," saying it served as an important wake-up call for the military.
The incident led to a massive Pentagon response operation called "Operation Buckshot Yankee" aimed at purging infected systems of the malware and preventing something similar from happening again.
Lynn's description in Foreign Affairs throws a little more light on the military's sudden ban on the use of removable USB flash drives in 2008. At that time, the Pentagon said its decision was tied to concerns about a malware program called Agent.btz that propagated itself via the drives. That worm was a variant of another malware program called SillyFDC that was designed to scan infected systems for specific data and open backdoors for communications with remote command and control servers.
The Pentagon said at the time that the malware had begun infecting military systems, but offered few other reasons for the USB ban.
The incident highlights the enormous problems that can result from seemingly minor vulnerabilities, said J.R. Reagan, a analyst with Deloitte Consulting Services. "It brings to life what we have all feared for a long time from the small little holes in the dike that can really open up big problems," Reagan said.
In the military's case, the problems may have been exacerbated by an ongoing drive to make information sharing easier, he said.
The bigger issue really is not that the intrusion happened in the first place, but just how much information was in danger of being spirited out of the military's network, he said.
Lynn's description of the USB incident is part of a broader article on the challenges the U.S. military faces in securing its networks against foreign intelligence agencies. U.S. military networks are probed thousands of a times a day, he said.
"Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations," Lynn said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts