The Deputy Secretary of Defense of the U.S. has recently admitted that it is indeed true, as rumors that circulated within the security community already had it, that in 2008 the Pentagon was subject to an attack that has already been dubbed the most serious intrusion ever suffered by US military computers.
Apparently the incident was discovered, and its consequences put under control, only 14 months later, and this part is maybe even more worrying than the attack itself. According to what Deputy Secretary Lynn stated, the attack was originated by an USB drive connected to a military computer somewhere in the Middle East, by some non specified foreign spy.
Inside the USB drive was a malware that has been able to penetrate the Central Command network, and spread itself through systems which were hosting military secrets and contained sensitive data. Thanks to this code, acting as some sort of beachhead, the perpetrators of the attack have been able to transfer data towards their servers.
Fortunately, consequences of the attack were relatively limited, as the malware code, called “Agent BTZ” needs public Internet access to be fully functional, and the US Defense Intranet is fortunately using its own infrastructure. Had the code been working also via Intranet, consequences could have been disastrous.
According to some media speculation, there might be some Russian agent behind the attack, although this rumor has not been confirmed by any official source. What is sure is that, after this experience, the Pentagon has specifically banned its officials from using non secure USB drives, that is, drives without a specific certification that makes them suitable for military and government use.