A foreign intelligence agent in 2008 managed to pull off the “most significant breach of U.S. military computers” in history by using a cigarette-lighter-sized portable flash drive to infect computers used by Central Command to oversee combat activities in Iraq and Afghanistan, according to a U.S. defense official.
The breach, unprecedented in both the size and the nature of information that was then easily transferred to servers in enemy countries, was first reported by the L.A. Times in November 2008. But neither the U.S. government’s response to nor the damning scope of the breach had been widely discussed until an article penned by U.S. Deputy Secretary of Defense William Lynn III confirmed many of the details this week in the September/October issue of the journal Foreign Affairs.
Lynn went on to say that more than 100 different foreign intelligence agencies are routinely working around the clock to hack into U.S. military networks and computers. The threat is so obvious and disconcerting that the Pentagon has been partnering with other governments and private-sector companies to conjure up appropriate, effective responses to growing cyber terrorism threats against the government, military, enterprise companies and U.S. citizens, he added.
He did not identify which country or countries the spy was working for, but the Times article cited sources who suspected Russian involvement in the elaborate attack.
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Lynn wrote in the article.
Lynn said the Pentagon responded with a plan — dubbed Operation Buckshot Yankee — that he said “marked a turning part in the U.S. cyber-defense strategy.” Initially the plan brought forth by the Defense Department banned the use of portable flash drives on any military computers (a prohibition that has since been slightly modified) and eventually, with the help of the National Security Agency, expanded to include systems that are “part sensor, part sentry and part sharpshooter” that are designed to immediately and automatically counter cyber attacks in real time.
Still, Lynn warned that the daunting challenge of safeguarding more than 15,000 military networks serving more than 7 million computers and mobile devices scattered across dozens of countries. Coupled with the relative ease by which would-be cyber terrorists can devise and initiate an attack, the threat means the government needs a complete overhaul in the way it thinks about, builds and implements security technology and systems going forward, he said.
“A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States’ global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target,” he wrote.
Lynn’s admonishment sounds eerily similar to the cyber security challenges outlined in June by Gen. Keith Alexander, the Defense Department’s new cyber security czar during his first public appearance after taking on the newly created federal appointment.
“Today our nation’s interests are in jeopardy,” Alexander said in an address at the Center for Strategic and International Studies, a Washington think tank.
Cyber terrorists targeting government, enterprise targets
Alexander added that the 15,000 networks the Defense Department maintains are probed by unauthorized users roughly 250,000 times an hour, or 6 million times each day.
The ingenuity and creativity of cyber terrorists, whether operating as independents or representing nation states or terrorist organizations, has already been felt by some of America’s largest and most technologically savvy companies including Google (NASDAQ: GOOG), Adobe Systems (NASDAQ: ADBE) and Intel (NASDAQ: INTC).
In January, top executives at America’s three largest oil companies, ExxonMobil (NYSE: XOM), ConocoPhillips (NYSE: COP) and Marathon Oil (NYSE: MRO), were targeted by sophisticated malware campaigns that managed to extract key information including proprietary data related to the location of new oil reservoirs as well as detailed information about U.S. oil reserves and production capacity.
The need to revise and, perhaps most important, quickly plan and implement appropriate security technology and protocols has been central to the Obama administration’s mandated overhaul of the nation’s IT systems and networks.
In October, the RAND Corporation released a study titled “Cyberdeterrence and Cyberwar” in which it concluded the U.S. and other nations dependent on externally accessible computer networks — particularly those used for electric power, telephone service and military command and control — are “danger of falling victim to a coordinated attack.”