USB = Unintended Security Breach
Here's yet another example of how despite tremendous safe guards, all it takes is one unintended internal mistake to create a costly breach: It was a USB drive loaded with malware. That's how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military. In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command. The malware then spread -- undetected -- on both classified and unclassified systems, essentially establishing a "digital beachhead" from which data could be transferred to servers outside the U.S, "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Lynn wrote. ... The incident highlights the enormous problems that can result from seemingly minor vulnerabilities, said J.R. Reagan, a analyst with Deloitte Consulting Services. "It brings to life what we have all feared for a long time from the small little holes in the dike that can really open up big problems," Reagan said. In the military's case, the problems may have been exacerbated by an ongoing drive to make information sharing easier, he said. Officials are reporting that this incident lead to a military-wide ban on USB drives, but really, the answer is so much simpler than that: lock the data down in the first place!