US Military reveals 2008 attack by foreign spy service

Status
Not open for further replies.
Matt Damon

Matt Damon

Player Valuation: £60m
Secret US military computers 'cyber attacked' in 2008

http://www.bbc.co.uk/news/world-us-canada-11088658
_48868725_hi009841663.jpg

A 2008 cyber attack launched from an infected flash drive in the Middle East penetrated secret US military computers, a Pentagon official says.

The attack by a foreign spy service was the "most significant breach" ever of US military networks, Deputy Defence Secretary William Lynn said.

Writing in Foreign Affairs magazine, Mr Lynn described it as a "digital beachhead" to steal military secrets.

He urged the US to speed up its cyber defence system procurement procedure.

Mr Lynn, the number two official in the Pentagon, wrote that the previously undisclosed 2008 attack began when an infected flash drive was inserted into a US military laptop at a base.

The computer code then spread stealthily through US military computer networks and readied itself to transfer military data to enemy hands, he wrote.

It is unclear whether the cyber spy effort succeeded in obtaining US secrets, and further details on the attack were unavailable.

In the article, Mr Lynn warned that US military dominance was threatened by the relatively low cost of cyber warfare.

Time lag
"A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target," he wrote.

Mr Lynn, a former defence lobbyist and military budget official under former President Bill Clinton, warned the Pentagon had to speed up the process by which it develops and acquires cyber defence kit.

He noted that on average it took the Pentagon 81 months to get a new computer system online after its initial funding, while Apple developed the iPhone in 24 months, "less time than it would take the Pentagon to prepare a budget and receive congressional approval for it".

The US military operates 15,000 networks and seven million computers across the world that are probed by attackers thousands of times a day, Mr Lynn said.

The Pentagon has consolidated its cyber defence operations into a single command structure, which began operations in May.

The Pentagon did not immediately respond to a request for comment.


Comments?
 

In May this year, the Pentagon’s undersecretary of defence for policy James Miller said that the government would consider a military response in retaliation to a cyber attack against the country.
 
I can assure you they are working on new ways to prevent these kinds of things - which are much more secure. I know this for a fact. The federal government takes FOREVER to do anything though. Even when it's urgent. It's still disconcerting that all it took was an infected flash drive though.
 
In the not too distant past, when I was still in the military, flash drives were a major no-no. It basically provides a nice easy way into a system that bypasses all the network security. Flash drives are such a security risk as the one you buy at the store can be loaded with malware.

Unfortunately these flash drives really do pose a security problem, and not just for the military, but for businesses to.
 

Dylan said:
In the not too distant past, when I was still in the military, flash drives were a major no-no. It basically provides a nice easy way into a system that bypasses all the network security. Flash drives are such a security risk as the one you buy at the store can be loaded with malware.

Unfortunately these flash drives really do pose a security problem, and not just for the military, but for businesses to.
Click to expand...

There's a Cyber "cold war" going on with China and Iran.

Its obvious that the Iranians were behind the above. Both can use asymmetric tactics and "non-state actors" to do all this.



The UK has apparently got an "offensive cyber capability".

But they've been discussing the ethics on it's use.

Basically they've said that in the event of a major cyber attack on the UK, they will and can attack the attackers.

They're based out of GCHQ in Cheltenham.
http://news.bbc.co.uk/1/hi/uk_politics/8118729.stm
UK 'has cyber attack capability'
The UK has the ability to launch cyber attacks but does not use it for industrial espionage like some other countries, minister Lord West has said.
He told BBC Radio 4's PM programme the UK faced coordinated cyber attacks "on a regular basis" from other countries including Russia and China.
And he confirmed that the British government had approached the Russian and Chinese governments to ask them to stop the attacks.
"We have had a dialogue with them in the past and I wouldn't want to go into what goes on in terms of debate at the moment," he told the BBC.

The US has traditionally been slow at adapting to a new method of attack but when it does adapt within two or three years they've predominantly overtaken any perceived threats. This will be another text book case of this. The issue is that the US infrastructure from the start has been so "open" from the start.



The real issue is that in China for peanuts in dollar terms, you could employ 10's of people to work near 24/7 to systematically attack infrastructure.

Most 90% of the malware today that infects computers in the west comes from Asia and the Middle East.
 
Last edited:
Status
Not open for further replies.

Welcome

Join Grand Old Team to get involved in the Everton discussion. Signing up is quick, easy, and completely free.

Register

Shop

Back
Top