The most serious cyber attack on the US military’s networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, according to a top US defence official.

The thumb drive, which was inserted in a military laptop in the Mideast, contained malicious code that “spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Deputy Defence Secretary William Lynn wrote in the journal Foreign Affairs.

The code was placed on the drive by “a foreign intelligence agency,” Mr Lynn wrote.

“It was a network administrator’s worst fear: a rogue programme operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

Previous media reports speculated that the attack may have originated from Russia.

The Pentagon had never openly discussed the inci-dent, but Mr Lynn chose to re-veal the details of the attack as officials try to raise public awareness of the growing threat posed to government computer networks.

The incident served as a wake-up call for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command, Mr Lynn said.

After the 2008 assault, the Pentagon banned its work force from using flash drives, but recently eased the prohibition.

Since the attack, the military has developed methods to uncover intruders inside its network, or so-called “active defence systems”, according to Mr Lynn.

But he added that drafting rules of engagement for defending against cyber attack was “not easy”, as the laws of war were written before the advent of a digital battlefield.