Sign in with
Sign up | Sign in

Spy's USB Drive Caused Worst US Military Breach

By - Source: Tom's Hardware US | B 48 comments

Malware loaded from a USB drive = bad.

A U.S. Military security incident from 2008 has finally been revealed and detailed by Deputy Secretary of Defense William J. Lynn III in a new article he wrote for Foreign Affairs magazine.

Lynn opened his article with this explanation:

In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.

Deputy Secretary of Defense characterized this as "the most significant breach of U.S. military computers ever," and it marked a turning point in the U.S. cyberdefense strategy, starting with Operation Buckshot Yankee.

Lynn estimated that more than 100 foreign intelligence organizations are trying to break into U.S. networks, which presents a sizeable challenge for the military's global communications backbone, which covers 15,000 networks and 7 million computing devices in dozens of countries.

(Source: Cnet.)

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 28 Hide
    zerapio , August 27, 2010 4:08 PM
    Dang. When's the movie coming out?
  • 22 Hide
    Anonymous , August 27, 2010 4:26 PM
    all your base are belong to us!!
  • 21 Hide
    ares1214 , August 27, 2010 4:14 PM
    So mix this, with the intel mind reading stuff, and the apple liquid alloy metal, and we have Skynet...
Other Comments
    Display all 48 comments.
  • 28 Hide
    zerapio , August 27, 2010 4:08 PM
    Dang. When's the movie coming out?
  • 21 Hide
    ares1214 , August 27, 2010 4:14 PM
    So mix this, with the intel mind reading stuff, and the apple liquid alloy metal, and we have Skynet...
  • 4 Hide
    HavoCnMe , August 27, 2010 4:21 PM
    Not surprising.
  • 22 Hide
    Anonymous , August 27, 2010 4:26 PM
    all your base are belong to us!!
  • 19 Hide
    joebob2000 , August 27, 2010 4:29 PM
    Quote:
    Deputy Secretary of Defense characterized this as "the most significant breach of U.S. military computers ever," and it marked a turning point in the U.S. cyberdefense strategy, starting with Operation Buckshot Yankee.

    Lynn estimated that more than 100 foreign intelligence organizations are trying to break into U.S. networks, which presents a sizeable challenge for the military's global communications backbone, which covers 15,000 networks and 7 million computing devices in dozens of countries.


    LOL WAT

    So this is what it took for them to say "no flash drives from outside computers!" or maybe, just maybe, they used one of the zillion available methods to disallow flash drive usage altogether. How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief. Hell, a compromised flash drive was the plot of a damn movie prior to 2008 (the Recruit, 2003) and they still didn't think it was worth safeguarding??? It's nice to see the $600 billion or so per year is well spent!
  • 14 Hide
    Anonymous , August 27, 2010 4:42 PM
    The best part of this is the fact there is an "Ironkey the worlds most SECURE flash drive" add right beside the comment box.

    well played Ironkey.
  • 3 Hide
    Draven35 , August 27, 2010 4:49 PM
    naah, i saw an ad for kapersky antivirus...

    Btw, this is why computers connected to secure networks were not allowed to have floppy drives for years.
  • 1 Hide
    rollerdisco , August 27, 2010 4:51 PM
    ttwerdunThe best part of this is the fact there is an "Ironkey the worlds most SECURE flash drive" add right beside the comment box.well played Ironkey.


    Really i have adds for summer's eve........ what are they trying to tell me?
  • 6 Hide
    Anonymous , August 27, 2010 5:01 PM
    I knew as i was posting, that it was a banner that would be diffrent for everyone. Ah well just funny for me then:D 
  • 10 Hide
    dasper , August 27, 2010 5:02 PM
    rollerdiscoReally i have adds for summer's eve........ what are they trying to tell me?

    Yeah, I hate it when Google Ads tells me I am a douche.
  • 13 Hide
    jerreece , August 27, 2010 5:08 PM
    Maybe Uncle Sam needs to realize that the "Business" version of Symantec's Norton Antivirus just doesn't cut it anymore.

    LOL
  • 1 Hide
    calmstateofmind , August 27, 2010 5:12 PM
    And my friend said that 24 wasn't real...
  • 14 Hide
    hellwig , August 27, 2010 5:18 PM
    joebob2000LOL WATSo this is what it took for them to say "no flash drives from outside computers!" or maybe, just maybe, they used one of the zillion available methods to disallow flash drive usage altogether. How hard is that idea to come up with? What about sandboxing any external drive? Persistent internal firewalls? There are so many ways to stop this from happening that it defies belief. Hell, a compromised flash drive was the plot of a damn movie prior to 2008 (the Recruit, 2003) and they still didn't think it was worth safeguarding??? It's nice to see the $600 billion or so per year is well spent!

    See, what you neglect to account for is the senior guy at the U.S. Central Command that demanded he have unfettered access to the internet AND the secured networks. Plus, he absolutely needed to be able to hook up flash drives, because he needed to print off his daughters school project and his printer at home was on the fritz. The number one reason network security fails is the users, not some outside threat that is attacking said network.
  • 5 Hide
    hellwig , August 27, 2010 5:23 PM
    I just thought of a related anecdote. I used to work with some guys that eventually moved on to work at one of the national labs in ABQ. They had a security briefing about all sorts of things not allowed on the facility (anything that can record audio, video, etc...), CDs, floppy discs, mp3 players. Employees were issued company cell phones, they were not allowed to bring their own into the facility. During the meeting, someone in the audience stood up and asked the senior security agent "What about these?" and held up a USB flash drive. Of course, the security agent didn't even know what it was. So yeah, our national security and secrets are in good hands for sure.
  • 3 Hide
    tommysch , August 27, 2010 5:38 PM
    Retaliate with kinetic weapons... ASAP.
  • 6 Hide
    wildwell , August 27, 2010 5:51 PM
    Now that sounds like a real modern spy story. This thing with the Russians earlier this year sounded more like a crackdown on spy retirement plans.
  • -5 Hide
    nuvon , August 27, 2010 6:30 PM
    They forgot to use McAfee
  • -1 Hide
    liquidchild , August 27, 2010 7:04 PM
    That is why you keep your tech people out of the general military population. ITpro's with above average skills don't want to put on a pair of boots and get a ass chewing by some Idiot on a power trip for 8 weeks just to keep the servers secure.
  • 0 Hide
    jaysbob , August 27, 2010 7:20 PM
    I'd bet money on china having some hand in this
Display more comments