

The Pentagon's classified military networks were reportedly infiltrated by attackers in 2008, who allegedly stole a considerable amount of data. In a statement published today by the US Council on Foreign Relations, Deputy Secretary of Defense William J. Lynn revealed that the attack originated at a base in the Middle East and was caused by a computer virus that was loaded on a flash drive.

According to Lynn, the virus was able to spread swiftly across the network and infect many military systems, eventually infiltrating the Department of Defense's classified network. He says that the attackers were able to establish a "digital beachhead" that enabled the transfer of highly sensitive material to unknown foreign agents. The incident, which is described as the most significant breach of US military computers in history, is now publicly acknowledged by the military.

Lynn says that this isn't the first time that military computer systems have been compromised. In fact, he says that "adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data."

The 2008 attack, he says, was a wakeup call that changed the way that the US military prepares for similar threats. He touts the Pentagon's partnership with the Department of Homeland security as an important step towards better protecting the defense department's classified networks.

A report published by Wired contradicts the official story and suggests that the alleged attack was not, in fact, a concerted effort by foreign adversaries. Some members of the military who participated in the Pentagon's response and clean-up effort after the classified network was compromised told Wired that there is much less certainty than Lynn contends regarding the circumstances of the attack and the amount of data that was compromised.

Wired says that the virus that compromised the Pentagon's network, called agent.btz, is a variant of the relatively benign SillyFDC worm, which was been classified by security firm Symantec as a "very low" risk. The details revealed by Wired suggest that simple negligence enabled a commonplace virus to spread broadly across the network and that it was not actually an intentionally orchestrated attack.

In 2008, the NSA was tasked with developing a tool to prevent unauthorized use of USB drives on government networks. The tool is now said to be in widespread use throughout the defense department and other government agencies. It's likely that the tool was developed as a response to the 2008 network compromise incident. It could reduce the risk of similar situations in the future.

