The Defense Department lost 24,000 files to “foreign intruders” in the spring in what appears to be one of the most damaging cyberattacks to date on the U.S. military, a top Pentagon official acknowledged Thursday.
Deputy Defense Secretary William J. Lynn III, who disclosed the March breach during a speech to roll out the Pentagon’s new cyber strategy, said the files were taken from a defense contractor. He did not say who was believed to be behind the attack or describe the nature of the files that were stolen.
But Lynn said that, over the past few years, all manner of data has been stolen, some of it mundane, some of it concerning “our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.”
“It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.
Last August, the Pentagon acknowledged for the first time that the U.S. military had suffered a major cyberattack in 2008 after malicious code was placed on a flash drive inserted into a U.S. military laptop. The code spread undetected on both classified and unclassified systems, “establishing what amounted to a digital beachhead,” Lynn wrote last year in an article for Foreign AffairsThe Pentagon’s vast networks are believed to be the subject of malicious probing every day, but it is often difficult if not impossible to determine the identity of an attacker.
In a statement Thursday, Defense Secretary Leon Panetta said more than 60,000 “new malicious software programs or variations are identified every day threatening our security, our economy and our citizens.”