Bad flash drive caused worst U.S. military breach

Breach in 2008 was wake-up call for Defense Department to create new cybersecurity strategy, says U.S. Deputy Defense Secretary William J. Lynn III.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
William J. Lynn III, deputy secretary of defense
William J. Lynn III, deputy secretary of defense U.S. Department of Defense

A malware-laden flash drive inserted in a laptop at a U.S. military base in the Middle East in 2008 led to the "most significant breach of" the nation's military computers ever, according to a new magazine article by a top defense official.

The malware uploaded itself to the U.S. Central Command network and spread undetected on classified and unclassified computers creating a "digital beachhead, from which data could be transferred to servers under foreign control," William J. Lynn III, U.S. deputy secretary of defense, wrote in his essay in the September/October issue of Foreign Affairs.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," he wrote. This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy."

Lynn doesn't say who was believed to be responsible for the breach, but says the malicious code on the flash drive was placed there by a "foreign intelligence agency." In his essay, entitled "Defending a New Domain: The Pentagon's Cyberstrategy," (registration required for full article) Lynn estimates that more than 100 foreign intelligence organizations are trying to break into U.S. networks and said some governments have the ability to disrupt parts of the U.S. information infrastructure.

Military and civilian networks in the U.S. are scanned millions of times each day and thousands of files, including weapons blueprints, operations plans, and surveillance data, have been stolen by adversaries, he says. The military's global communications backbone alone covers 15,000 networks and 7 million computing devices in dozens of countries, according to Lynn.

"Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks that control critical civilian infrastructure. Computer-induced failures of U.S. power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption," he wrote. Meanwhile, Lynn warns of the threat from products shipped to the U.S. being tampered with and said counterfeit hardware has been detected in systems purchased by the Defense Department.

"Rogue code, including so-called logic bombs, which cause sudden malfunctions, can be inserted into software as it is being developed. As for hardware, remotely operated 'kill switches' and hidden 'backdoors' can be written into the computer chips used by the military, allowing outside actors to manipulate the systems from afar," he wrote. "The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyberthreat. Tampering is almost impossible to detect and even harder to eradicate."

To deal with these varied and mounting threats, the Pentagon recognizes cyberspace as a "new domain of warfare," that is just as critical to military operations as "land, sea, air, and space," Lynn wrote.

The Defense Department needs a proper organizational structure to handle threats in cyberspace, needs to be able to respond quickly, and must ensure that civilian infrastructure is secure, he said. The Pentagon also must hire more trained cybersecurity professionals and innovate faster.

"Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same," he wrote. "In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy."