The Pentagon has finally confirmed a security breach that happened back in 2008 and which one of their top officials has described as “the most significant breach of U.S. military computers ever.” The breach was caused when a foreign intelligence agent used a flash drive to infect US military computers, including those used by the Central Command to oversee combat zones in Iraq and Afghanistan.
The device in question was a cigarette-lighter-sized flash drive which was plugged into an American military laptop from a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense, quoted by the New York Times
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Mr. Lynn wrote.
This serious security breach was first reported in November 2008 in Wired magazine’s Danger Room blog and according to The Los Angeles Times, the event was grave enough to have President George W. Bush briefed on it, also mentioning that Russian involvement was suspected.
Almost a year later, Mr. Lynn’s recent article was the first official confirmation of this breach which he called Operation Buckshot Yankee and said that the episode “marked a turning point in U.S. cyber-defense strategy.” One of the early countermeasures set in place was the fact that the Defense Department banned the use of portable flash drives in its computer network, yet the ban was later annuled.
“A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States’s global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target,” he wrote.
Against the array of threats, Mr. Lynn said, the National Security Agency had pioneered systems — “part sensor, part sentry, part sharpshooter” — that are meant to automatically counter intrusions in real time.