Russian hackers penetrate Pentagon computer system

Senior military leaders took the exceptional step of briefing President George W. Bush this week on a severe and widespread electronic attack on Defense Department computers that might have originated in Russia, posing unusual concern among commanders and potential implications for national security.

Defense officials would not describe the extent of damage inflicted on military networks. But they said the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones.The attack also penetrated at least one highly protected classified network.

Military computers are regularly beset by outside hackers, computer viruses and worms. But Defense officials said the most recent attack involves an intrusive piece of malicious software, or “malware,” apparently designed specifically to target military networks.

“This one was significant; this one got our attention,” said one Defense official, speaking on anonymity when discussing internal assessments.

Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary.

Bush was briefed this week on the threat by Navy Adm. Michael G. Mullen, chairman of the Joint Chiefs of Staff. Mullen also briefed Defense Secretary Robert M. Gates.

Military electronics experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether it had Russian government sponsorship. Defense experts might never be able to answer such questions, officials said.

The Defense official said the military has also not learned whether the software’s designers might have been specifically targeting computers used by troops in Afghanistan and Iraq.

However, suspicions of Russian involvement come at an especially delicate time because of sagging relations between Washington and Moscow and growing tension over U.S. plans to develop a missile defense system in Eastern Europe. The two governments have also traded charges of regional meddling after U.S. support for democratic elections in former Soviet states and recent Russian overtures in Latin America.

U.S. officials have worried in recent years about the possibility of cyberattacks from other countries, especially those originating in China or Russia, whether sponsored by governments of those countries or launched by individual computer experts.
An electronic attack from Russia shut down government computers in Estonia last year. And officials believe that a series of electronic attacks were launched against Georgia at the same time as hostilities erupted between Moscow and Tbilisi last summer. Russia has denied official involvement in the Georgia attacks.

The first indication of a problem in the Pentagon’s computers came last week, when officials banned the use of external computer flash drives. However, officials at the time did not indicate the extent of the attack or the fact that it might have targeted Defense systems or posed national security concerns.

The invasive software, known as agent.btz, has circulated among nongovernmental U.S. computers for months. But only recently has it affected the Pentagon’s networks. It is not clear if the version responsible for the cyber intrusion of classified networks is the same as the one affecting other computer systems.

The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the flash drives.

Defense officials acknowledged that the worldwide ban on external drives was a drastic move. Such drives are used constantly in Iraq and Afghanistan, and many officers keep flash drives loaded with critical information on lanyards around their neck.

Banning their use made sharing information in the war theaters more difficult and reflected the severity of the cyber intrusion and the threat from agent.btz, a second official said.

Officials would not describe the exact threat from agent.btz, or say whether it can shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.