Spies behind 2008 cyber attack, U.S. official says

Deputy Defense Secretary William Lynn said the attack took place after an infected flash-drive was inserted into a U.S. military laptop at a base in the Middle East, uploading malicious computer code onto the Central Command network.

"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead from which data could be transferred to servers under foreign control," Lynn wrote in an article for Foreign Affairs magazine published on Wednesday.

"This previously classified incident was the most significant breach of U.S. military computers ever."

Lynn did not say which country's spy agency was behind the attack. But he said that more than 100 foreign intelligence organizations were trying to break into U.S. networks.

"Some governments already have the capacity to disrupt elements of the U.S. information infrastructure," he wrote.

Every year, he said, hackers steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over.

When it comes to attacks on the military, the difficulty identifying culprits behind attacks make them very hard to respond to and alluring for hostile governments, he said.

"Cyber attacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace," he wrote.

Counterfeit hardware had already been detected in systems that had been procured by the Defense Department, Lynn said -- a danger since computer chips can be written with remotely operated "kill switches" and hidden backdoors.

"The risk of compromise in the manufacturing process if very real and is perhaps the least understood cyber threat," Lynn wrote.

Rogue code, including so-called "logic bombs" that cause malfunctions, can also be inserted into software as its being developed, he said.

Lynn said the attack was a wake-up call for the Pentagon, which has since launched a Cyber Command and taken measures to bolster defenses.

Policymakers now need to consider whether Pentagon capabilities should be extended to shield civilian infrastructure from attack, Lynn said. He noted that U.S. defense contractors have already been targeted "and sensitive weapons systems have been compromised."

"The U.S. government has only just begun to broach the larger question of whether it is necessary and appropriate to use national resources, such as defenses that now guard military networks, to protect civilian infrastructure," he said.

(Editing Xavier Briand)