U.S. officials have worried in recent years about the possibility of cyber-attacks from other countries, especially China and Russia, whether sponsored by governments of those countries or launched by individual computer experts.
An electronic attack from Russia shut down government computers in Estonia in 2007. And officials believe that a series of electronic attacks were launched against Georgia at the same time that hostilities erupted between Moscow and Tbilisi last summer. Russia has denied official involvement in the Georgia attacks.
The first indication that the Pentagon was dealing with a computer problem came last week, when officials banned the use of external computer flash drives. At the time, officials did not indicate the extent of the attack or the fact that it may have targeted defense systems or posed national security concerns.
The invasive software, known as agent.btz, has circulated among nongovernmental U.S. computers for months. But only recently has it affected the Pentagon's networks. It is not clear whether the version responsible for the cyber-intrusion of classified networks is the same as the one affecting other computer systems.
The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the drives.
Defense officials acknowledged that the worldwide ban on external drives was a drastic move. Flash drives are used constantly in Iraq and Afghanistan, and many officers keep them loaded with crucial information on lanyards around their necks.
Banning their use made sharing information in the war theaters more difficult and reflected the severity of the intrusion and the threat from agent.btz, a second official said.
Officials would not describe the exact threat from agent.btz, or say whether it could shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.
In response to the attack, the U.S. Strategic Command, which oversees the military's cyberspace defenses, has raised the security level for its so-called information operations condition, or "INFOCON," initiating enhanced security measures on military networks.
