‘Worst ever’ Pentagon cyber attack came from USB drive

A cyber attack described as "the most serious breach of US military computer networks ever" stemmed from an infected USB flash drive, the US deputy defence secretary has revealed.

The attack, which happened two years ago, was the catalyst for the Pentagon overhauling its digital security strategy.

Writing in the journal Foreign Affairs this week, William Lynn said that the malware-laden drive was inserted into a US laptop by a “foreign intelligence agency” operating in the Middle East.

Before it was detected, the malicious code reached as far as the US Central Command network, where it was exposed to sensitive military documents, Lynn said.

“[It] spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” he wrote. "It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

Following the attack in 2008, the Pentagon formed a Cyber Command unit to identify and defend against cyber security threats. It also prohibited its workforce from using USB flash drives, although this ban has recently been lifted.

Lynn estimates more than one hundred foreign intelligence organisations are attempting to break into US military networks at any one time.

In May this year, the Pentagon’s undersecretary of defence for policy James Miller said that the government would consider a military response in retaliation to a cyber attack against the country.

Enterprise Security 2010

Information Age‘s annual enterprise security strategy conference returns in October. Experts and practitioners will share their insight and experience of the ongoing challenge of securing information. Delegates will hear about the latest threats, the latest defense mechanisms and more importantly the latest methods for making IT security a core competency.

The event is free to attend for qualifying delegates.

Click here for more information

Peter Done

Peter Done is managing director of Peninsula Business Services, the personnel and employment law consultancy he set up having already built a successful betting shop business.

Related Topics