It was a USB drive loaded with malware.
That’s how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military.
In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command.
The malware then spread — undetected — on both classified and unclassified systems, essentially establishing a “digital beachhead” from which data could be transferred to servers outside the U.S, “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Lynn wrote.
He did not say whether the malware allowed any classified or unclassified data to be stolen from U.S. Defense networks. Nor did he offer clues as to which foreign intelligence agency may have been behind the intrusion.
Even so, Lynn described the hitherto classified incident as the “most significant breach of U.S. military computers ever,” saying it served as an important wake-up call for the military.
The incident led to a massive Pentagon response operation called “Operation Buckshot Yankee” aimed at purging infected systems of the malware and preventing something similar from happening again.
Lynn’s description in Foreign Affairs throws a little more light on the military’s sudden ban on the use of removable USB flash drives in 2008. At that time, the Pentagon said its decision was tied to concerns about a malware program called Agent.btz that propagated itself via the drives. That worm was a variant of another malware program called SillyFDC that was designed to scan infected systems for specific data and open backdoors for communications with remote command and control servers.