Wednesday, August 25, 2010

America's Most Dangerous Military Computer Breach Was Caused By a Flash Drive

Via Washington Post (hat tip to Gizmodo) -

Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008.

In an article to be published Wednesday discussing the Pentagon's cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command.

"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," he says in the Foreign Affairs article.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Lynn's decision to declassify an incident that Defense officials had kept secret reflects the Pentagon's desire to raise congressional and public concern over the threats facing U.S. computer systems, experts said.


Lynn's declassification of the 2008 incident has prompted concern among cyberexperts that he gave adversaries useful information. The Foreign Affairs article, Pentagon officials said, is the first on-the-record disclosure that a foreign intelligence agency had penetrated the U.S. military's classified systems. In 2008, the Los Angeles Times reported, citing anonymous Defense officials, that the incursion might have originated in Russia.

The Pentagon operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy, Lynn said. In November 2008, the Defense Department banned the use of flash drives, a ban it has since modified.

Infiltrating the military's command and control system is significant, said one former intelligence official who spoke on the condition of anonymity because of the sensitivity of the matter. "This is how we order people to go to war. If you're on the inside, you can change orders. You can say, 'turn left' instead of 'turn right.' You can say 'go up' instead of 'go down.' "

In a nutshell, he said, the "Pentagon has begun to recognize its vulnerability and is making a case for how you've got to deal with it."


Foreign Affairs - Defending a New Domain (The Pentagon's Cyberstrategy)


Unlike Deputy Defense Secretary William J. Lynn, not everyone involved in “Operation Buckshot Yankee” is ready to call it a " foreign intelligence" attack, according to Wired's Danger Room Blog.

But exactly how much (if any) information was compromised because of agent.btz remains unclear. And members of the military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government — despite ongoing talk that the Russians were behind it.

"Some guys wanted to reach out and touch someone. But months later, we were still doing forensics. It was never clear, though,” one officer tells Danger Room. “The code was used by Russian hackers before. But who knows?” Left unsaid is a second question: why would an intelligence agency launch a limp attack?

No comments:

Post a Comment