David Kirkpatrick

August 27, 2010

US military hacked in 2008

Hacked by a compromised USB thumb drive. Just goes to show you can worry all day about technical threats and software backdoors and plain old network hacking, but all those assets out in the wild — people’s heads with sensitive passwords, unattended laptops, USB drives, et al. — can be hard to lock down and are usually the easiest way into a network.

From the link:

It was a USB drive loaded with malware.

That’s how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military.

In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command.

The malware then spread — undetected — on both classified and unclassified systems, essentially establishing a “digital beachhead” from which data could be transferred to servers outside the U.S, “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Lynn wrote.

Here’s additional coverage of this story.

Update 8/30/10: And even more coverage. Looks like the actual threat was very low-level and involved the W32.SillyFDC worm.

1 Comment »

  1. What you might want to ask yourself, is why this story is being reported now, two years after the incident occurred. Is it because there is something that we can all learn from this incident or is it because the White House and Department of Defense are trying to elicit support from the American public for it’s cybersecurity initiatives? Malware on USB drives is nothing new.

    Comment by Mister Reiner — August 28, 2010 @ 4:19 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: