Persistent BadUSB-style attacks are nothing new. The spread of malware via USB once caught the U.S. military by surprise, leading to a temporary Army ban on the use of external drives and ultimately the creation of Cyber Command to protect the military’s network infrastructure.
The virus in question was agent.btz, a piece of “autorun” malware. In 2008, agent.btz infected U.S. Central Command, which was running the wars in Iraq and Afghanistan. The malware reportedly infected the miltary’s networks through a flash drive inserted in a computer at a base in the Middle East. Before the post-agent.btz ban on USB devices, external drives were frequently used in war zones where internet access was often unreliable. The attack led to a 14-month counterattack called Buckshot Yankee to rid the military’s network of the virus. A variation of the SillyFDC worm, agent.btz ultimately carried a low-level threat for the military. The USB ban was effective at stopping its spread. Agent.btz could also be stopped in its tracks by disabling the autorun feature on Windows. Plus, the military’s secret networks SIPRNet and JWICS had little connection to the public internet—making it difficult for hackers to create a backdoor for information.
So who was responsible for this ultimately mild threat? That has not been confirmed, though U.S. officials have pointed to a foreign spy agency, and some unnamed sources have said the Russian government was the top suspect. But wouldn’t a foreign spy agency have a created a more productive virus?
We will likely never know. What is for sure, however, is that you shouldn’t plug an unknown USB into your computer just to see if it works.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: monte_a / Shutterstock