Malware loaded from a USB drive = bad.
A U.S. Military security incident from 2008 has finally been revealed and detailed by Deputy Secretary of Defense William J. Lynn III in a new article he wrote for Foreign Affairs magazine.
Lynn opened his article with this explanation:
In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.
Deputy Secretary of Defense characterized this as "the most significant breach of U.S. military computers ever," and it marked a turning point in the U.S. cyberdefense strategy, starting with Operation Buckshot Yankee.
Lynn estimated that more than 100 foreign intelligence organizations are trying to break into U.S. networks, which presents a sizeable challenge for the military's global communications backbone, which covers 15,000 networks and 7 million computing devices in dozens of countries.