Dark Territory by Fred Kaplan

penetrating vital and vulnerable networks; the threat wasn’t hypothetical.
    Even without this tidbit, the commissioners were stunned. Marsh asked what could be done to fix the problem. Minihan replied, “Change the law, give me the power, I’ll protect the nation.”
    No one quite knew what he meant. Or, if he meant what they thought he meant, nobody took it seriously: nobody was going to revive Reagan’s NSDD-145 or anything like it.
    On October 13, the Marsh Commission published its report. Titled Critical Foundations ,it only briefly alluded to Eligible Receiver. Its recommendations focused mainly on the need for the government and private industry to share information and solve problems jointly. It said nothing about giving the NSA more money or power.
    Four months later, another attack on defense networks occurred—something that looked like Eligible Receiver, but coming from real, unknown hackers in the real, outside world.

CHAPTER 5
----
SOLAR SUNRISE, MOONLIGHT MAZE
    O N February 3, 1998, the network monitors at the Air Force Information Warfare Center in San Antonio sounded the alarm: someone was hacking into a National Guard computer at Andrews Air Force Base on the outskirts of Washington, D.C.
    Within twenty-four hours, the center’s Computer Emergency Response Team, probing the networks more deeply, detected intrusions at three other bases. Tracing the hacker’s moves, the team found that he’d broken into the network through an MIT computer server. Once inside the military sites, he installed a “packet sniffer,” which collected the directories of usernames and passwords, allowing him to roam the entire network. He then created a back door, which let him enter and exit the site at will, downloading, erasing, or distorting whatever data he wished.
    The hacker was able to do all this because of a well-known vulnerability in a widely used UNIX operating system. The computer specialists in San Antonio had been warning senior officers of thisvulnerability—Ken Minihan had personally repeated these warnings to generals in the Pentagon—but no one paid attention.
    When President Clinton signed the executive order on “Critical Infrastructure Protection,” back in July 1996, one consequence was the formation of the Marsh Commission, but another—less noticed at the time—was the creation of the Infrastructure Protection Task Force inside the Justice Department, to include personnel from the FBI, the Pentagon (the Joint Staff and the Defense Information Systems Agency), and, of course, the National Security Agency.
    By February 6, three days after the intrusion at Andrews Air Force Base was spotted, this task force was on the case, with computer forensics handled by analysts at NSA, DISA, and a unit in the Joint Staff called the Information Operations Response Cell, which had been set up just a week earlier as a result of Eligible Receiver. They found that the hacker had exploited a specific vulnerability in the UNIX systems, known as Sun Solaris 2.4 and 2.6. And so, the task force code-named its investigation Solar Sunrise.
    John Hamre, the deputy secretary of defense who’d seen the Eligible Receiver exercise eight months earlier as the wake-up call to a new kind of threat, now saw Solar Sunrise as the threat’s fulfillment. Briefing President Clinton on the intrusion, Hamre warned that Solar Sunrise might be“the first shots of a genuine cyber war,” adding that they may have been fired by Iraq.
    It wasn’t a half-baked suspicion. Saddam Hussein had recently expelled United Nations inspectors who’d been in Iraq for six years to ensure his compliance with the peace terms that ended Operation Desert Storm—especially the clause that barred him from developing weapons of mass destruction. Many feared that Saddam’s ouster of the inspectors was the prelude to resuming his WMD program. Clinton had ordered his generals to