24,000 Pentagon files stolen in major cyber breach, official says

Published on 07-14-2011 10:39 PM

The Defense Department lost 24,000 files to “foreign intruders” in the spring in what appears to be one of the most damaging cyberattacks to date on the U.S. military, a top Pentagon official acknowledged Thursday.

Deputy Defense Secretary William J. Lynn III, who disclosed the March breach during a speech to roll out the Pentagon’s new cyber strategy, said the files were taken from a defense contractor. He did not say who was believed to be behind the attack or describe the nature of the files that were stolen.
But Lynn said that, over the past few years, all manner of data has been stolen, some of it mundane, some of it concerning “our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.”
“It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.

Last August, the Pentagon acknowledged for the first time that the U.S. military had suffered a major cyberattack in 2008 after malicious code was placed on a flash drive inserted into a U.S. military laptop. The code spread undetected on both classified and unclassified systems, “establishing what amounted to a digital beachhead,” Lynn wrote last year in an article for Foreign Affairs.
The Pentagon’s vast networks are believed to be the subject of malicious probing every day, but it is often difficult if not impossible to determine the identity of an attacker.

In a statement Thursday, Defense Secretary Leon Panetta said more than 60,000 “new malicious software programs or variations are identified every day threatening our security, our economy and our citizens.”

The Pentagon’s new cyber strategy is built in part on a belief that the Defense Department should “treat cyberspace as an operational domain to organize, train and equip” and that it should partner to some extent with the private sector, according to the announcement.
“Our strategy’s overriding emphasis is on denying the benefit of an attack,” Lynn said Thursday. “Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries’ incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”

Categories:
Internet

3 Comments

Appzalien - 07-15-2011, 03:06 AM
- Reply
It's my guess they do not want to drop any contractor names. Shheeeeeeew!!!! BOOM! Haliburton?

darkmawl - 07-15-2011, 07:03 AM
- Reply
I have am no network specialist, but why would your have sensitive data on a network connected to the internet? I am pretty sure the US could have the means to have it own private network (intranet) with does not have to rely on the same network as the internet uses. Off course this would be expensive to roll out a nationwide private network between private contractors and goverment agencies and it would not be fully secure still, but to the very least one needs to be on location to hack and steal files at one of the contractors location of at the goverment agencies. If you have the money to spend billions collecting some rocks from a dead planet in space I am sure you might have some money left to do this.

phayze101 - 07-16-2011, 02:14 PM
- Reply
Originally Posted by Appzalien

It's my guess they do not want to drop any contractor names. Shheeeeeeew!!!! BOOM! Haliburton?

Isnt that the company in which like completely shafted a young woman from recieving any sort of compensation (whether legal or $$) for being raped horrifically on a US army base? What a repulsive company honestly.