WASHINGTON, (Reuters) – A foreign spy agency led a 2008 cyber attack on U.S. military computer systems, a top Pentagon official said, shedding light on what he called the most significant breach of American military cyber security.
Deputy Defense Secretary William Lynn said the attack took place after an infected flash-drive was inserted into a U.S. military laptop at a base in the Middle East, uploading malicious computer code onto the Central Command network.
“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead from which data could be transferred to servers under foreign control,” Lynn wrote in an article for Foreign Affairs magazine published yesterday.
“This previously classified incident was the most significant breach of U.S. military computers ever.”
Lynn did not say which country’s spy agency was behind the attack. But he said that more than 100 foreign intelligence organizations were trying to break into U.S. networks.
“Some governments already have the capacity to disrupt elements of the U.S. information infrastructure,” he wrote.
Every year, he said, hackers steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over.
When it comes to attacks on the military, the difficulty identifying culprits behind attacks make them very hard to respond to and alluring for hostile governments, he said.
“Cyber attacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace,” he wrote.
Counterfeit hardware had already been detected in systems that had been procured by the Defense Department, Lynn said — a danger since computer chips can be written with remotely operated “kill switches” and hidden backdoors.
