Buckshot Yankee

Then-U.S.
Deputy Secretary of Defense William J. Lynn III called it “the most significant
breach of U.S. military computers ever
” and “a network administrator’s worst
fear” when, in 2008, a silently operating, rogue program infiltrated classified
U.S. military networks.

Then-U.S.
Deputy Secretary of Defense William J. Lynn III called it “the most significant
breach of U.S. military computers ever
” and “a network administrator’s worst
fear” when, in 2008, a silently operating, rogue program infiltrated classified
U.S. military networks. The infection began at a base in the Middle East when
an infected flash drive was inserted into a military laptop and subsequently
uploaded malware onto a network controlled by U.S. Central Command. The Trojan,
dubbed “agent.btz,” was reportedly a variant of the older and better known
SillyFDC‘ worm that was coded to replicate itself when the media storage
device it was stored on was plugged into a computer. It created what Lynn said amounted
to a ‘digital beachhead,’ from which classified and unclassified data was then
transferred to foreign controlled servers. The response to this incident,
codenamed “Buckshot Yankee,” included an initial all-out ban on removable
storage devices (that was eventually lifted) and the creation of the U.S. Cyber
Command. It took more than a year to completely remove all infections from the
network. The source of the attack is still unknown.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.