US DoD confirms 2008 cyber-attack

The US Department of Defense (DoD) has traced the origins of a 2008 cyber-attack to an unauthorized flash drive that was inserted into a military laptop somewhere in the Middle East.

According to Deputy Defense Secretary William J. Lynn III, malicious code placed on the drive by an unspecified foreign intelligence agency uploaded itself onto a network run by CENTCOM (US Central Command).

“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn claimed in a Foreign Affairs article cited by the WaPost.

“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

As Danger Room’s Noah Shachtman points out, the worm – dubbed agent.btz – infected the Pentagon’s computers for nearly 14 months until it was eradicated in an operation known as “Operation Buckshot Yankee.”

“The endeavor was so tortuous that it helped lead to a major reorganization of the armed forces’ information defenses, including the creation of the military’s new Cyber Command,” explained Shachtman.

“[Still], exactly how much (if any) information was compromised because of agent.btz remains unclear. And members of the military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government – despite ongoing talk that the Russians were behind it.”

Indeed, Shachtman noted that agent.btz’s ability to compromise classified information remains “fairly limited.” 

“SIPRNet, the military’s secret network and JWICS, its top secret network, have only the thinnest of connections to the public Internet.

“[So], without those connections, intruders would have no way of exploiting the backdoor, or, indeed, of even knowing that agent.btz had founds its way into the CENTCOM network.”