Thumb Drive Attack in 2008 Compromised Classified U.S. Networks

Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:36:13


A senior official at the Department of Defense is talking publicly about a 2008 security breach that he claims compromised classified intelligence networks used by the U.S. military.

Related Posts

Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware

August 15, 2016 , 12:57 pm

Misuse of Language: ‘Cyber’; When War is Not a War, and a Weapon is Not a Weapon

August 9, 2016 , 9:00 am

Kimpton Hotels Investigating Payment Card Fraud

July 26, 2016 , 2:50 pm

Classified networks used by the U.S. military were the target of a successful attack by a foreign nation in 2008, according to a senior official at the Department of Defense, leading to a wholesale review of U.S. cyber defense strategy.

The revelation came in interviews and an article in the magazine Foreign Affairs by U.S. Deputy Secretary of Defense William Lynn III. Writing for Foreign Affairs, Lynn described a 2008 virus infection that began when an infected USB flash drive was inserted into a U.S. military laptop at a base in the Middle East.

“The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command.”

The malware eventually spread to both classified and unclassified computer systems creating what Lynn described as a “digital beach head” from which classified information could be siphoned from the U.S. military to servers controlled by foreign governments.

Lynn’s article provides details about a widely reported incident in 2008, in which the malware known as Agent.btz is known to have spread extensively on Defense Department networks, prompting the DOD to suspend the use of USB drives or other external media by service members.

According to the article in Foreign Affairs, that outbreak prompted soul searching within the government which, up to that point, had a de-centralized cybersecurity operation that was spread across numerous task forces and geographies. In response, the military established a unified U.S. Cyber Command as part of U.S. Strategic Command in May. Cyber Command is scheduled to become operational in October, Lynn wrote.

The U.S. Military’s Cyber Command is responsible for day-to-day protection of defense networks and support of military and counter terrorism missions. It also provides a single chain of command all the way up to the Secretary of Defense and Commander in Chief. Finally, Cyber Command can coordinate efforts to cooperate with other government agencies, including DHS, the Justice Department and DISA, and with U.S. allies on cyber security matters, Lynn said.

The Military has also revamped its thinking on cyberdefense, conceiving of a two tiered approach that relies on traditional IT defenses, and that also seeks to leverage the intelligence capabilities of the National Security Agency and signals intelligence to provide “active defense” — spotting emerging attacks and insider threats often dubbed “advanced persistent threats.”

While Lynn’s article strikes an optimistic tone, he also points out that considerable challenges remain, including the job of securing the U.S.’s critical civilian and non civilian infrastructure, and marshaling the nation’s human capital for a future in which technological and engineering prowess will be linked directly to military and economic strength.