Infected USB drive 'significantly compromised' Pentagon computers

US defence officials have admitted for the first time that malware on a USB stick "significantly compromised" classified Pentagon computers in 2008.

US defence officials have admitted for the first time that malware on a USB stick "significantly compromised" classified Pentagon computers in 2008.

Writing in Foreign Affairs journal, US deputy secretary of defence William Lynn said the recently declassified attack began when an infected flash drive was put into a US military laptop at a base in the Middle East.

This led to the most significant breach of US military computers ever, and served as an important wake-up call, Lynn said.

"The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the US Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Lynn said.

He claimed more than 100 foreign intelligence organisations were trying to hack into the US military digital networks that support operations. The frequency and sophistication of attacks had "increased exponentially" over the past 10 years, he said.

"Every day, US military and civilian networks are probed thousands of times and scanned millions of times. And the 2008 intrusion was not the only successful penetration. Adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data.

The Pentagon recognised the catastrophic threat posed by cyberwarfare, and was working with allied governments and private companies to prepare itself, Lynn said.

"An enormous amount of foundational work remains, but the US government has begun putting in place various initiatives to defend the United States in the digital age," he said.

Computer Weekly says…

What took the US Department of Defense so long to take this threat seriously? Will it now stop its proposed extradition of Gary McKinnon? For more see Pentagon hacks >>

See also Government trains hackers for cyberspace ops >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.