Here's a shocking section:
In November 2008, a Russian-origin piece of spyware began looking around cyberspace for dot-mil addresses, the unclassified NIPRNET. Once the spyware hacked into NIPRNET computers, it began looking for thumb drives and downloaded itself onto them. Then the "sneakernet effect" kicked in. Some of those thumb drives were then inserted by their users into classified computers on the SIPRNET.
[...] Because the secret network is not supposed to be connected to the Internet, it is no supposed to get viruses and worms. Therefore, most of the computers on the network had no antivirus protection, no desktop firewalls or similar security software. In short, computers on DoD's most important network had less protection than you probably have on your home computer.
Within hours, the spyware had infected thousands of secret-level US military computers in Afghanistan, Iraq, Qatar, and elsewhere in the Central Command.