plan for military action; a second aircraft carrier was steaming to the Persian Gulf; American troops were prepared for possible deployment.
So when the Solar Sunrise hack expanded to more than a dozen military bases, it struck some, especially inside the Joint Staff, as a pattern. The targets included bases in Charleston, Norfolk, Dover, and Hawaiiâkey deployment centers for U.S. armed forces. Only unclassified servers were hacked, but some of the militaryâs vital support elementsâtransportation, logistics, medical teams, and the defense finance systemâran on unclassified networks. If the hacker corrupted or shut down these networks, he could impede, maybe block, an American military response.
Then came another unsettling report: NSA and DISA forensics analysts traced the hackerâs path to an address on Emirnet, an Internet service provider in the United Arab Emiratesâlending weight to fears that Saddam, or some proxy in the region, might be behind the attacks.
The FBIâs national intelligence director sent a cable to all his field agents, citingâconcern that the intrusions may be related to current U.S. military actions in the Persian Gulf.â At Fort Meade, Ken Minihan came down firmer still, telling aides that the hacker seemed to be âa Middle Eastern entity.â
Some were skeptical. Neal Pollard, a young DISA consultant whoâd studied cryptology and international relations in college, was planning a follow-on exercise to Eligible Receiver when Solar Sunrise, a real attack, took everyone by surprise. As the intrusions spread, Pollard downloaded the logs, drafted briefings, tried to figure out the hackerâs intentionsâand, the more he examined the data, the more he doubted that this was the work of serious bad guys.
In the exercise that heâd been planning, a Red Team was going to penetrate an unclassified military network, find a way in to its classified network (which, Pollard knew from advance probing, wasnât very secure), hop on it, and crash it. By contrast, the Solar Sunrise hacker wasnât doing anything remotely as elaborate: this guy would poke around briefly in one unclassified system after another, then getout, leaving behind no malware, no back door, nothing. And while some of the servers he attacked were precisely where a hacker would go to undermine the network of a military on the verge of deployment, most of the targets seemed selected at random, bearing no significance whatever.
Still, an international crisis was brewing, war might be in the offing; so worst-case assumptions came naturally. Whatever the hackerâs identity or motive, his work was throwing commanders off balance. They remembered Eligible Receiver, when they didnât know theyâd been hacked; the NSA Red Team had fed some of them false messages, which theyâd assumed were real. This time around, they knew they were being hacked, and it wasnât a game. They didnât detect any damage, but how could they be sure ? When they read a message or looked at a screen, could they trustâ should they trustâwhat they were seeing?
This was the desired effect of what Perry had called counter command-control warfare: just knowing that youâd been hacked, regardless of its tangible effects, was disorienting, disrupting.
Meanwhile, the Justice Department task force was tracking the hacker twenty-four hours a day. It was a laborious process. The hacker was hopping from one server to another to obscure his identity and origins; the NSA had to report all these hops to the FBI, which took a day or so to investigate each report. At this point, no one knew whether Emirnet, the Internet service provider in the United Arab Emirates, was the source of the attacks or simply one of several landing points along the hackerâs hops.
Some analysts in the Joint Staffâs new Information Operations Response Cell noticed one pattern in the intrusions: they
So when the Solar Sunrise hack expanded to more than a dozen military bases, it struck some, especially inside the Joint Staff, as a pattern. The targets included bases in Charleston, Norfolk, Dover, and Hawaiiâkey deployment centers for U.S. armed forces. Only unclassified servers were hacked, but some of the militaryâs vital support elementsâtransportation, logistics, medical teams, and the defense finance systemâran on unclassified networks. If the hacker corrupted or shut down these networks, he could impede, maybe block, an American military response.
Then came another unsettling report: NSA and DISA forensics analysts traced the hackerâs path to an address on Emirnet, an Internet service provider in the United Arab Emiratesâlending weight to fears that Saddam, or some proxy in the region, might be behind the attacks.
The FBIâs national intelligence director sent a cable to all his field agents, citingâconcern that the intrusions may be related to current U.S. military actions in the Persian Gulf.â At Fort Meade, Ken Minihan came down firmer still, telling aides that the hacker seemed to be âa Middle Eastern entity.â
Some were skeptical. Neal Pollard, a young DISA consultant whoâd studied cryptology and international relations in college, was planning a follow-on exercise to Eligible Receiver when Solar Sunrise, a real attack, took everyone by surprise. As the intrusions spread, Pollard downloaded the logs, drafted briefings, tried to figure out the hackerâs intentionsâand, the more he examined the data, the more he doubted that this was the work of serious bad guys.
In the exercise that heâd been planning, a Red Team was going to penetrate an unclassified military network, find a way in to its classified network (which, Pollard knew from advance probing, wasnât very secure), hop on it, and crash it. By contrast, the Solar Sunrise hacker wasnât doing anything remotely as elaborate: this guy would poke around briefly in one unclassified system after another, then getout, leaving behind no malware, no back door, nothing. And while some of the servers he attacked were precisely where a hacker would go to undermine the network of a military on the verge of deployment, most of the targets seemed selected at random, bearing no significance whatever.
Still, an international crisis was brewing, war might be in the offing; so worst-case assumptions came naturally. Whatever the hackerâs identity or motive, his work was throwing commanders off balance. They remembered Eligible Receiver, when they didnât know theyâd been hacked; the NSA Red Team had fed some of them false messages, which theyâd assumed were real. This time around, they knew they were being hacked, and it wasnât a game. They didnât detect any damage, but how could they be sure ? When they read a message or looked at a screen, could they trustâ should they trustâwhat they were seeing?
This was the desired effect of what Perry had called counter command-control warfare: just knowing that youâd been hacked, regardless of its tangible effects, was disorienting, disrupting.
Meanwhile, the Justice Department task force was tracking the hacker twenty-four hours a day. It was a laborious process. The hacker was hopping from one server to another to obscure his identity and origins; the NSA had to report all these hops to the FBI, which took a day or so to investigate each report. At this point, no one knew whether Emirnet, the Internet service provider in the United Arab Emirates, was the source of the attacks or simply one of several landing points along the hackerâs hops.
Some analysts in the Joint Staffâs new Information Operations Response Cell noticed one pattern in the intrusions: they
Similar Books
