2008 malware infection of the United States Department of Defense

In 2008, the United States Department of Defense was infected with malware. Described at the time as the "worst breach of U.S. military computers in history", the defense against the attack was named "Operation Buckshot Yankee". It led to the creation of the United States Cyber Command.^[1][2][3]

History

The infection started when a USB flash drive containing malicious code created by a foreign intelligence agency was plugged into a laptop that was attached to United States Central Command. From there it spread undetected to other systems, both classified and unclassified.^[1][2]

Operation Buckshot Yankee

The Pentagon spent nearly 14 months cleaning the worm, named agent.btz, from military networks. Agent.btz, a variant of the SillyFDC worm,^[4] has the ability "to scan computers for data, open backdoors, and send through those backdoors to a remote command and control server."^[5] It was originally suspected that Chinese or Russian hackers were behind it as they had used the same code that made up agent.btz before in previous attacks. In December 2016, the United States FBI and DHS issued a Joint Analysis Report which included attribution of Agent.BTZ to one or more "Russian civilian and military intelligence Services (RIS)."^[6] In order to try to stop the spread of the worm, the Pentagon banned USB drives, and disabled the Windows autorun feature.^[5]

References

1. "Defense Department Confirms Critical Cyber Attack". Eweek. August 25, 2010. Retrieved 2010-08-25.
2. William J. Lynn III. "Defending a New Domain". Foreign Affairs. Retrieved 2010-08-25.
3. Knowlton, Brian (August 25, 2010). "Military Computer Attack Confirmed". The New York Times. Retrieved 2010-08-26.
4. Shachtman, Noah (November 19, 2008). "Under Worm Assault, Military Bans Disks, USB Drives". Wired.
5. Shachtman, Noah. "Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack (Updated)". Wired. Retrieved 2016-10-04.
6. NCCIC (December 29, 2016). "GRIZZLY STEPPE – Russian Malicious Cyber Activity" (PDF). Retrieved 2023-05-08.

Further reading

• Nakashima, Ellen; Julie Tate (8 Dec 2011), "Cyber-intruder sparks massive federal response — and debate over dealing with threats", The Washington Post, washingtonpost.com, retrieved 9 Dec 2011