The December 2022 issue of IEEE Spectrum is here!

Close bar

DoD Confirms Flash Drive Breached its IT Security in 2008

Reason For 2008 Flash Drive Ban Now Explained

1 min read
DoD Confirms Flash Drive Breached its IT Security in 2008

In November of 2008, the US Department of Defense (DoD) military and civilian personnel were informed that DoD had immediately suspended  their use of USB and removable media devices, including digital cameras, switches, special data entry devices, personal digital assistants (PDA), hand held computers, printers, network hardware, and removable hard data storage devices (USB memory sticks, cards, etc).

Speculation at the time was that DoD's networks suffered  a massive hybrid worm/virus attack and that the attack originated in a USB type storage device and could also be spread by them, hence the ban.

According to news reports today, an article to be released later today by Foreign Affairs discussing DoD's  cyber strategy confirms the speculation. This Washington Poststory states that "Deputy Defense Secretary William J. Lynn  III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command."

Secretary Lynn writes in the Foreign Affairs article that:

"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control... It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Lynn also says that the DoD has found counterfeit hardware in systems that it has bought.

The Post story says that Secretary Lynn's article discusses in more detail DoD's approach to cyber security, which it calls "active defense."

The Post story also notes that some cyber security experts are concerned that the article will provide "adversaries useful information."

Exactly how escapes me.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less