The Pentagon victim of an important security breach
August 28, 2010
The Pentagon confirmed late yesterday that it has launched a full-fledged investigation on what it describes as the most significant breach of U.S. military computers ever, in which a flash drive more than two years ago was used to infect a large number of Pentagon computers, including those used by the Central Command overseeing combat zones in Iraq and Afghanistan.
Why the Pentagon took more than two years to discover such an important security issue is still unknown at this time, and has more than one security observer worried that such similar attacks can be easily replicated in the near future.
When the flash drive in question was plugged into a military laptop located on an undisclosed base in the Middle East, malicious code soon linked highly sensitive computers to critical networks controlled by an unnamed foreign intelligence agency, Deputy Defense Secretary William Lynn wrote in the first official account of the security breach.
“The malicious code rapidly spread undetected on both classified and unclassified computer networks in the Pentagon, establishing what amounted to a digital beachhead, from which data could easily be transferred to servers under foreign control,” he wrote in an article to be published Sep. 1st.
“It was a network administrator's worst nightmare: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary, and most probably located in an enemy country or for military espionage purposes.”
The discovery, included in the latest issue of Foreign Affairs, comes almost two years after The Los Angeles Times reported an unofficial account of the same incident that claimed it most likely originated in Russia. The soon-to-be-published article will signal attempts by the Pentagon to raise awareness to the growing vulnerability of the U.S. military to Internet and computer-based attacks which often allow adversaries with very modest means to inflict grave damage to the United States' military.
“A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States's global logistics network, steal its operational plans, blind its intelligence capabilities or severely hinder its ability to deliver weapons on target,” The Los Angeles Times suggested in July 2008.
On July 26, 2010, a retired U.S. general made many of the same points, comparing the network world to the highly vulnerable North German plain that has been invaded repeatedly over the past several centuries.
Military officials responded with a counter attack known as Operation Buckshot Yankee, which was characterized by many as a turning point in the Pentagon's computer defense strategy. Among the steps initially taken was the banning of USB devices by the Defense Department, a curb that has since been modified slightly.
Source: The Pentagon.
You can link to the Internet Security web site as much as you like.