Malware attack leaves Pentagon scrambling for answers
After acknowleding that the malware known as Agent.btz affected some Defense Department systems, Pentagon officials were left scrambling to clean infected systems, institute new policy and security measures to thwart future incidents, and perform forensics to discover the source of the attack.
Pentagon officials have acknowledged that the malware known as Agent.btz recently affected some Defense Department systems. Although it has been in circulation for several months, the malware was not yet known to have penetrated military networks.
The incident has left DOD officials scrambling to clean infected systems, institute new policy and security measures to thwart future incidents, and perform forensics to discover the source of the attack.
The issue was serious enough to prompt Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, to brief President Bush and Defense Secretary Robert Gates last week on the incident.
DOD has not provided many details on the extent of the incident or whether the malware could have harmed systems that are critical to national security. Reports have indicated that the malware infected Central Command computers used by U.S. forces in Iraq and Afghanistan. According to one report, nearly three-quarters of the computers at the largest U.S. military base in Afghanistan were affected. Other computers and networks were apparently affected as well.
Pentagon officials responded by implementing a policy that prohibits the use of most types of portable data-storage media on government computers, particularly USB-based thumb or flash drives, memory sticks, and camera flash memory cards. Malware, viruses and other attack software can propagate via the thumb drives from one machine to another.
Although warranted, the policy creates a hardship for warfighters in the field, who often carry critical data on flash drives in areas in which conditions do not allow for reliable wireless computer communications. The new policy makes it more difficult to share information within a war theater.
Implementing such a policy requires a combination of technical measures and education.
Whether state-sponsored or otherwise, hackers who use malware, viruses and other methods to shut down computers, compromise data or steal information frequently target military computers and networks. The Agent.btz malware is a variation of a worm that surfaced in 2005, but the latest iteration appears to have been designed specifically to target military networks.