Deputy Defense Secretary William Lynn is concerned that “toxic malware” payloads aimed at specific targets or networks could break free and spread throughout the Internet. Although Lynn chose not to name any specific examples, many interpreted his statement as a warning to the developers of the Stuxnet worm which reportedly disabled thousands of Iranian centrifuges.
“A destructive tool could inadvertently escape its creator and be let loose in the wild,” the Deputy Defense Secretary told RSA security conference attendees.
“We have to take the accidental release scenario very seriously, to prevent something as trivial as a thumb drive stuck in the wrong computer from having a calamitous effect on the global economy.”
Lynn also reiterated that an unnamed foreign intelligence agency was able to “penetrate the most classified computer networks” during a 2008 thumb-drive malware campaign against U.S. Central Command (CENTCOM), “something we thought until that point wasn’t possible.”
According to Lynn, the attack was the Pentagon’s “worst” fear, as it entailed a “rogue program operating silently on our system, poised to deliver operational plans into the hands of an enemy.”
Still, Lynn warned that 2008 malware infiltration was likely not as bad as it could have been.
“It is [certainly] possible to imagine attacks on military networks, or critical infrastructure like our transportation system and energy sector, that could cause severe economic damage, physical destruction or even loss of life.
“As you all know better than I, a couple dozen programmers wearing flip-flops and drinking Red Bull can do a lot of damage.”
(Via Navy Times)