The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008, according to an article in Foreign Affairs.
In the article slated to be published today on Pentagon’s cyber strategy, Deputy Defense Secretary William J. Lynn III described how a foreign intelligence agency placed malicious code on the drive. The code then uploaded itself onto a network run by the U.S. military’s Central Command, The Washington Post reported.
That code spread unnoticed on classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control, Lynn said.
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” he writes.
To counter the attack, the Pentagon launched Operation Buckshot Yankee, marking a turning point in U.S. cyber-defense strategy, Lynn said. In November 2008, DoD banned the use of flash drives. The ban has since been amended.