August 26, 2010

Flash Drive Responsible For 2008 Pentagon Cyber Attack

A 2008 cyber attack on classified Department of Defense computer networks originated from an infected flash drive, according to a recent article written by a top Pentagon official.

In the September/October issue of Foreign Affairs, Deputy Defense Secretary William Lynn, stated that the drive was "inserted into a U.S. military laptop at a base in the Middle East" and "uploaded itself onto a network run by the U.S. Central Command."

The code was then able to "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," he added, calling it "a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Lynn also called it "the most significant breach of U.S. military computers ever" and said that the incident "was not the only successful penetration" of Pentagon computers, but said that it nonetheless "served as an important wake-up call" that America needed to improve their defense strategy against such cyberattacks.

"Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans, and surveillance data," before the establishment of the United States Cyber Command in May of this year.

This is the first official confirmation of the attacks, which previous reports suggested may have originated from Russia, according to the AFP news agency. The Associated Press notes that the use of flash drives and other portable storage devices to transfer information from one computer to another were banned starting in November 2008--a ban that was partially lifted earlier this year.

"As the scale of cyberwarfare's threat to U.S. national security and the U.S. economy has come into view, the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military," Lynn added. "An enormous amount of foundational work remains, but the U.S. government has begun putting in place various initiatives to defend the United States in the digital age.


On the Net: