A top Pentagon official has confirmed a previously classified incident that he describes as \u201cthe most significant breach of U.S. military computers ever,\u201d a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan.<\/p>\n
Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East amounted to \u201ca digital beachhead, from which data could be transferred to servers under foreign control,\u201daccording to William J. Lynn 3d, deputy secretary of defense,\u00a0writing in the latest issue of the journal Foreign Affairs<\/a>.<\/p>\n <\/p>\n \u201cIt was a network administrator\u2019s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,\u201d Mr. Lynn wrote.<\/p>\n The incident was first reported<\/a> in November 2008 by the Danger Room blog of Wired magazine, and then\u00a0in greater detail<\/a> by The Los Angeles Times, which said that the matter was sufficiently grave that President\u00a0George W. Bush<\/a> was briefed on it. The newspaper mentioned suspicions of Russian involvement.<\/p>\n But Mr. Lynn\u2019s article was the first official confirmation. He also put a name \u2014 Operation Buckshot Yankee \u2014 to the Pentagon operation to counter the attack, and said that the episode \u201cmarked a turning point in U.S. cyber-defense strategy.\u201d In an early step, the Defense Department banned the use of portable flash drives with its computers, though it later modified the ban.<\/p>\n Mr. Lynn described the extraordinary difficulty of protecting military digital communications over a web of 15,000 networks and 7 million computing devices in dozens of countries against farflung adversaries who, with modest means and a reasonable degree of ingenuity, can inflict outsized damage. Traditional notions of deterrence do not apply.<\/p>\n \u201cA dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States\u2019s global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target,\u201d he wrote.<\/p>\n Security officials also face the problem of counterfeit hardware that may have remotely operated \u201ckill switches\u201d or \u201cback doors\u201d built in to allow manipulation from afar, as well as the problem of software with rogue code meant to cause sudden malfunctions.<\/p>\n Against the array of threats, Mr. Lynn said, the\u00a0National Security Agency<\/a> had pioneered systems \u2014 \u201cpart sensor, part sentry, part sharpshooter\u201d \u2014 that are meant to automatically counter intrusions in real time.<\/p>\n