In an article set for publication Wednesday, Deputy Defense Secretary William J. Lynn III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command, The Washington Post reported Tuesday.
"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Lynn says in the article to appear in Foreign Affairs. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."
Declassifying an incident officials had kept secret reflects the Pentagon's desire to raise congressional and public awareness of threats facing U.S. computer systems, experts said. The article says the Pentagon's 15,000 networks and 7 million computing devices are probed thousands of times daily by attackers who are difficult to identify.
Infiltrating the military's computer system is significant, a former intelligence official who spoke on the condition of anonymity said.
"This is how we order people to go to war. If you're on the inside, you can change orders. You can say, 'turn left' instead of 'turn right.' You can say 'go up' instead of 'go down.'"
Now, he said, the "Pentagon has begun to recognize its vulnerability and is making a case for how you've got to deal with it."