USB drive malware caused largest US military data loss

The US Defense Dept. has seven million computing devices

The largest data breach ever suffered by the US military was carried out using a USB Flash drive, the US deputy defense secretary William Lynn has revealed.

In an article in the journal Foreign Affairs, Lynn recounted how in 2008 a military laptop in the Middle East was accessed by an operative from a foreign government who installed malware via a USB Flash drive.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn wrote

“This ... was the most significant breach of US military computers ever and it served as an important wake-up call."

The US military mounted a huge mission to shut down the malware, dubbed Operation Buckshot Yankee, and banned the use of USB drives on all its systems following the attack. Lynn did not say what, if any, data was lost.

“Fascinating. Blame the Flash drive,” said Forrester senior analyst John Kindervag.

“Expect the USB bashing to start again soon. Sysadmins all over will be buying up the world's supply of Epoxy resin and shoving those nasty USB ports full of that goop. Go long on glue manufacturers.”

The US Defense Department has 15,000 networks and seven million devices in use in dozens of countries, with 90,000 people working to maintain them, Lynn said. The military had reconfigured its systems since the attack to meet similar threats.

He also reaffirmed the view, outlined by retired US general Michael Hayden at the Black Hat USA conference this year, that the military now views the online world as its newest operating sphere.