Close

Malware attack leaves Pentagon scrambling for answers

Pentagon officials have acknowledged that the malware known as Agent.btz recently affected some Defense Department systems. Although it has been in circulation for several months, the malware was not yet known to have penetrated military networks.

The incident has left DOD officials scrambling to clean infected systems, institute new policy and security measures to thwart future incidents, and perform forensics to discover the source of the attack.

The issue was serious enough to prompt Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, to brief President Bush and Defense Secretary Robert Gates last week on the incident.

DOD has not provided many details on the extent of the incident or whether the malware could have harmed systems that are critical to national security. Reports have indicated that the malware infected Central Command computers used by U.S. forces in Iraq and Afghanistan. According to one report, nearly three-quarters of the computers at the largest U.S. military base in Afghanistan were affected. Other computers and networks were apparently affected as well.

Pentagon officials responded by implementing a policy that prohibits the use of most types of portable data-storage media on government computers, particularly USB-based thumb or flash drives, memory sticks, and camera flash memory cards. Malware, viruses and other attack software can propagate via the thumb drives from one machine to another.

Although warranted, the policy creates a hardship for warfighters in the field, who often carry critical data on flash drives in areas in which conditions do not allow for reliable wireless computer communications. The new policy makes it more difficult to share information within a war theater.

Implementing such a policy requires a combination of technical measures and education.

Whether state-sponsored or otherwise, hackers who use malware, viruses and other methods to shut down computers, compromise data or steal information frequently target military computers and networks. The Agent.btz malware is a variation of a worm that surfaced in 2005, but the latest iteration appears to have been designed specifically to target military networks.

About the Author

Dan Campbell is a freelance writer with Defense Systems' sister publication, Government Computer News.

Reader Comments

Wed, Dec 24, 2008 Think OPSEC!

The adversary desires our sensitive but unclassified critical information. Providing details about just how effective or non-effective this malware is/was on DOD systems must NOT be shared with in blogosphere. Think OPSEC! Do you really need to vent to the enemy?

Thu, Dec 4, 2008 Eddie

We've not had the capability to use flash media in our office for quite some time. We've been using DVDRW and CDRW discs to move information. It's a bit slower, but we've found the incidence of data spills across networks has significantly decreased. I'm thinking it's because with the slower drives people have more time to think about what they're doing, versus just dumping files quickly and wrecklessly to a flash drive.

Wed, Dec 3, 2008 RSB Fort Huachuca, Arizona

On my desk there is Windows XP and RHEL 5.2. The Security Enhanced Linux does not seem to be vulnerable to this exploit. Yet the Army in the fullness of their wisdom is spending millions in a quest to make their world safe for Windows.

Wed, Dec 3, 2008 Samuel H. Cohen DCMA NY, Staten Island, NY

I have informed the DCMA Helpdesk of repeated interruptions while doing telework on my home computer. I had to repeat a 1.5 hour report 6 times before completion. This problem has been ongoing for several months.

Wed, Dec 3, 2008 peeved

With all the information technology afforded to DOD you would have thought this could have been avoided. I've got no way to now keep records on our contractor!Everything that was in the thumbdrive they took was in the notebook PC I had till yesterday. It is taking me longer to transpose notes to the PC on my desk than it does to actually drive to the contractor worksite and inspect them. For every hour of inpection it takes 2 to document. Then I've got no room for all the paper documents I used to scan and file on the computer! Nice! I agree with Attila T Hun - this was predictable and we have not learned anything in 20+ years!

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Highlights from the current issue

eSeminar

  • Where Cyberwarfare and Cybersecurity Meet

    We invite you to attend the third event in this three-part series on Cybersecurity. 1105 Government Information Group will present a panel of government and cybersecurity experts, including Jeffrey Carr, cyber strategies consultant and author of Inside Cyber Warfare; Dean Lindstrom, strategic cybersecurity architect and CEO of Cyberström LLC; and Dr. George Stein, director of the Cyberspace and Information Operations Study Center, Air War College, U.S. Air Force, in this editorial webcast on Tuesday, April 13 at 11 a.m., where they will discuss the cyberwarfare threat to both industry and government, as well as strategies to consolidate the wider cybersecurity mission. Read more