US defence officials have admitted for the first time that malware on a USB stick "significantly compromised" classified Pentagon computers in 2008.
Writing in Foreign Affairs journal, US deputy secretary of defence William Lynn said the recently declassified attack began when an infected flash drive was put into a US military laptop at a base in the Middle East.
This led to the most significant breach of US military computers ever, and served as an important wake-up call, Lynn said.
"The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the US Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Lynn said.
He claimed more than 100 foreign intelligence organisations were trying to hack into the US military digital networks that support operations. The frequency and sophistication of attacks had "increased exponentially" over the past 10 years, he said.
"Every day, US military and civilian networks are probed thousands of times and scanned millions of times. And the 2008 intrusion was not the only successful penetration. Adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data.
The Pentagon recognised the catastrophic threat posed by cyberwarfare, and was working with allied governments and private companies to prepare itself, Lynn said.
"An enormous amount of foundational work remains, but the US government has begun putting in place various initiatives to defend the United States in the digital age," he said.