WASHINGTON — A foreign spy agency pulled off the most serious breach of Pentagon computer networks ever by inserting a flash drive into a U.S. military laptop, a top defense official said Wednesday.
The previously classified incident, which took place in 2008 in the Middle East, was disclosed in a magazine article by Deputy Defense Secretary William J. Lynn and released by the Pentagon Wednesday.
He said a "malicious code" on the flash drive spread undetected on both classified and unclassified Pentagon systems, "establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."
"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn wrote in an article for Foreign Affairs. "This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call."
The Pentagon operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyber-defense strategy, Lynn said.
In November 2008, the Defense Department banned the use of the small high-tech storage devices that are used to move data from one computer to another. The ban was partially lifted early this year with the approval of limited use of the devices.
Lynn did not disclose what, if any, military secrets may have been stolen in the 2008 penetration of the system, what nation orchestrated the attack, nor whether there were any other repercussions.