penetrating vital and vulnerable networks; the threat wasnât hypothetical.
Even without this tidbit, the commissioners were stunned. Marsh asked what could be done to fix the problem. Minihan replied, âChange the law, give me the power, Iâll protect the nation.â
No one quite knew what he meant. Or, if he meant what they thought he meant, nobody took it seriously: nobody was going to revive Reaganâs NSDD-145 or anything like it.
On October 13, the Marsh Commission published its report. Titled Critical Foundations ,it only briefly alluded to Eligible Receiver. Its recommendations focused mainly on the need for the government and private industry to share information and solve problems jointly. It said nothing about giving the NSA more money or power.
Four months later, another attack on defense networks occurredâsomething that looked like Eligible Receiver, but coming from real, unknown hackers in the real, outside world.
CHAPTER 5
----
SOLAR SUNRISE, MOONLIGHT MAZE
O N February 3, 1998, the network monitors at the Air Force Information Warfare Center in San Antonio sounded the alarm: someone was hacking into a National Guard computer at Andrews Air Force Base on the outskirts of Washington, D.C.
Within twenty-four hours, the centerâs Computer Emergency Response Team, probing the networks more deeply, detected intrusions at three other bases. Tracing the hackerâs moves, the team found that heâd broken into the network through an MIT computer server. Once inside the military sites, he installed a âpacket sniffer,â which collected the directories of usernames and passwords, allowing him to roam the entire network. He then created a back door, which let him enter and exit the site at will, downloading, erasing, or distorting whatever data he wished.
The hacker was able to do all this because of a well-known vulnerability in a widely used UNIX operating system. The computer specialists in San Antonio had been warning senior officers of thisvulnerabilityâKen Minihan had personally repeated these warnings to generals in the Pentagonâbut no one paid attention.
When President Clinton signed the executive order on âCritical Infrastructure Protection,â back in July 1996, one consequence was the formation of the Marsh Commission, but anotherâless noticed at the timeâwas the creation of the Infrastructure Protection Task Force inside the Justice Department, to include personnel from the FBI, the Pentagon (the Joint Staff and the Defense Information Systems Agency), and, of course, the National Security Agency.
By February 6, three days after the intrusion at Andrews Air Force Base was spotted, this task force was on the case, with computer forensics handled by analysts at NSA, DISA, and a unit in the Joint Staff called the Information Operations Response Cell, which had been set up just a week earlier as a result of Eligible Receiver. They found that the hacker had exploited a specific vulnerability in the UNIX systems, known as Sun Solaris 2.4 and 2.6. And so, the task force code-named its investigation Solar Sunrise.
John Hamre, the deputy secretary of defense whoâd seen the Eligible Receiver exercise eight months earlier as the wake-up call to a new kind of threat, now saw Solar Sunrise as the threatâs fulfillment. Briefing President Clinton on the intrusion, Hamre warned that Solar Sunrise might beâthe first shots of a genuine cyber war,â adding that they may have been fired by Iraq.
It wasnât a half-baked suspicion. Saddam Hussein had recently expelled United Nations inspectors whoâd been in Iraq for six years to ensure his compliance with the peace terms that ended Operation Desert Stormâespecially the clause that barred him from developing weapons of mass destruction. Many feared that Saddamâs ouster of the inspectors was the prelude to resuming his WMD program. Clinton had ordered his generals to