A malware-laden flash drive inserted in a laptop at a US military base in the Middle East in 2008 led to the "most significant breach" of the nation's military computers ever, according to a new magazine article by a top defence official.
Read this
Know the enemy: today's top 10 security threats
The more you know about the likely avenues of cybercrime attack, the better you can protect yourself against them, says Alan Calder
The malware uploaded itself to the US Central Command network and spread undetected on classified and unclassified computers creating a "digital beachhead, from which data could be transferred to servers under foreign control", William J Lynn III, US deputy secretary of defence, wrote in his essay in the September/October issue of Foreign Affairs.
"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," he wrote. "This previously classified incident was the most significant breach of US military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in US cyber-defence strategy."
For more on this ZDNet UK-selected story, see Bad flash drive caused worst U.S. military breach on CNET News.
Talkback
Until they realise that security can't be an afterthought and that a system has to be built from the ground up with security as the No.1 priority this sort of thing will keep happening.
The thought that there is any Microsoft code anywhere in their entire system if frankly horrifying.
I agree Andy. Using Microsoft Windows, or associated products, in a critical environment is just plain irresponsible. People may a major problem with security breaches, but if the network gets hacked then go back to the vendor.
You couldn't make it up could you? Literally for years, they terrorise some poor fool who manages to make an easy guess at passwords, then apparently learn absolutely nothing from that, and leave their systems wide open.
I can't find any reference to exactly what OS was involved, but I only know of one that allows silent auto-execution of code on removable media.