At the beginning of the year I hosted a podcast interview on cyber security with Eric Byres, chief technology officer of Byres Security Inc. The interview was conducted to help our audience understand the risks of cyber attacks and learn how to mitigate them. (Follow this link to listen to the podcast.)
During the interview Eric spoke of many hidden dangers – dangers that seem harmless at first blush but could wipe out your entire infrastructure in an instant. One of those harmless dangers was allowing vendors (or even employees) to use flash drives in your facility.
Now a report has come out from a top Pentagon official confirming a previously classified incident that he describes as “the most significant breach of U.S. military computers ever,” a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan.
A New York Times article from Aug. 25 offers this detail:
Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense, writing in the latest issue of the journal Foreign Affairs.
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Mr. Lynn wrote. (To read the entire article, follow this link.)
Do you allow vendors or outsiders to use flash drives in your facility? If you do, you'd better think twice.
Senior Digital Editor