From: redteam@all.net
Reply-to: redteam@all.net
Organization: Red Team Mailing List
Subject: RedTeam Mailing List 980426
<pre>---------------------------------------------

================================================================================
Openly published information from the Internet related to "Eligible Receiver"
================================================================================

Published in Washington, D.C. April 20 - 26, 1998 -- Edition

	Hackers disable military in exercise

By Bill Gertz
THE WASHINGTON TIMES

Senior Pentagon leaders were stunned by a military exercise showing how easy
it is for hackers to cripple U.S. military and civilian computer networks,
according to new details of the secret exercise. 

    Using software obtained easily from hacker sites on the Internet, a
group of National Security Agency officials could have shut down the U.S.
electric-power grid within days and rendered impotent the
command-and-control elements of the U.S. Pacific Command, said officials
familiar with the war game, known as Eligible Receiver.

    "The attack was actually run in a two-week period and the results were
frightening," said a defense official involved in the game. "This attack,
run by a set of people using standard Internet techniques, would have
basically shut down the command-and-control capability in the Pacific
theater for some considerable period of time."

    Pentagon spokesman Kenneth Bacon said, "Eligible Receiver was an
important and revealing exercise that taught us that we must be better
organized to deal with potential attacks against our computer systems and
information infrastructure."

    The secret exercise began last June after months of preparation by the
NSA computer specialists who, without warning, targeted computers used by
U.S. military forces in the Pacific and in the United States.

    The game was simple: Conduct information warfare attacks, or "infowar,"
on the Pacific Command and ultimately force the United States to soften its
policies toward the crumbling communist regime in Pyongyang. The "hackers"
posed as paid surrogates for North Korea.

    The NSA "Red Team" of make-believe hackers showed how easy it is for
foreign nations to wreak electronic havoc using computers, modems and
software technology widely available on the darker regions of the Internet:
network-scanning software, intrusion tools and password-breaking "log-in
scripts."

     According to U.S. officials who took part in the exercise, within days
the team of 50 to 75 NSA officials had inflicted crippling damage.

    They broke into computer networks and gained access to the systems that
control the electrical power grid for the entire country. If they had wanted
to, the hackers could have disabled the grid, leaving the United States in
the dark.

    Groups of NSA hackers based in Hawaii and other parts of the United
States floated effortlessly through global cyberspace, breaking into
unclassified military computer networks in Hawaii, the headquarters of the
U.S. Pacific Command, as well as in Washington, Chicago, St. Louis and parts
of Colorado.

    "The attacks were not actually run against the infrastructure components
because we don't want to do things like shut down the power grid," said a
defense official involved in the exercise. "But the referees were shown the
attacks and shown the structure of the power-grid control, and they agreed,
yeah, this attack would have shut down the power grid."

    Knocking out the electrical power throughout the United States was just a
sideline for the NSA cyberwarriors. Their main target was the U.S. Pacific
Command, which is in charge of the 100,000 troops that would be called on to
deal with wars in Korea or China.

    "The most telling thing for the Department of Defense, when all was said
and done, is that basically for a two-week period the command-and-control
capability in the Pacific theater would have been denied by the 'infowar'
attacks, and that was the period of the exercise," the official said.

    The attackers also foiled virtually all efforts to trace them. FBI
agents joined the Pentagon in trying to find the hackers, but for the most
part they failed. Only one of the several NSA groups, a unit based in the
United States, was uncovered. The rest operated without being located or
identified.

    The attackers breached the Pentagon's unclassified global computer
network using Internet service providers and dial-in connections that
allowed them to hop around the world.

    "It's a very, very difficult security environment when you go through
different hosts and different countries and then pop up on the doorstep of
Keesler Air Force Base [in Mississippi], and then go from there into
Cincpac," the official said, using the acronym for the Commander in Chief,
Pacific.

    The targets of the network attacks also made it easy. "They just were not
security-aware," said the official.

    A second official found that many military computers used the word
"password" for their confidential access word.

---------------------------------

Perillo@DOCKMASTER.NCSC.MIL
Posting on the Command-Control-Communications-Computers-Intelligence
Surveillance Reconnaissance (C4ISR) [c4i-pro] forum:

                   Monday December 22, 1997

Subject: Eligible Receiver

     The Administration and Congress have not taken seriously Information
Warfare (IW), But a wake-up call was sounded by the "Eligible Receiver"
exercise. Hopefully they will reconsider the refusal to include funding for
Information Warfare-Defense (IW-D) as part of the Quadrennial Defense Review
(QDR). And be prepared to commit substantial resources and funding for
critical infrastructure protection as part of the "Presidents Commission on
Critical Infrastructure Protection (PCCIP)" to both the public and private
sectors. Calls by the Defense Science Board IW-D task force to spend $3 to
$5 billion dollars over the next five years have gone unheeded by Congress
and DoD brass.

     The "Eligible Receiver" exercises revealed serious vulnerabilities in
U.S. Government Information Systems.  62% to 65% of all U.S. Federal
Computer systems have known security holes which can be exploited. Between
250 and 600 DoD systems were broken into by savvy hackers in 1996. Monitored
user access to a specific but unnamed DoD system detected 4,300 intrusion
attempts during a three month period. GAO investigators were informed that
more than 120 countries or foreign organizations have or are developing
formal programs that can be used to attack and disrupt critical Information
Systems Technology (IST) used by the U.S. . 

** "As this Subcommittee learned in classified intelligence briefings last
month, foreign capabilities to mount Information Warfare attacks against the
United States are real, and growing.  The threat of strategic information
warfare blurs the distinction between government and private sector systems.
The interconnectivity greatly complicates the complicates the challenges in
detecting an information attack, and developing a defense against it. We are
faced with the question, how can the government protect these key elements
of the U.S. information infrastructure, which it neither owns nor controls?

     It is far from clear that the Department of Defense (DoD) has the means
or authority to prepare peacetime defenses to detect or asses an Information
Warfare attack, or to direct and supply active defenses during an attack.
Nor does DoD have clear authority and capabilities for reconstitution and
recovery of our critical infrastructures. But one thing is clear. Key
national security assets are not within the range, power or current
responsibility of the armed forces to protect in the traditional manner in
which they would have defended the nation against conventional attack in
WWII or nuclear attack during the Cold War.

     We have just come from classified briefing on the results of a
no-notice exercise held earlier this year called "Eligible Receiver". While
much of the exercise remains classified, I believe it is fair to say that it
revealed some serious vulnerabilities in government information systems that
must be corrected. But it also revealed shortcomings of another sort.
Because of the ambiguous nature of information attacks, it can be extremely
difficult to know, even in the midst of an attack, what is really happening.
Are computer outages the result of equipment failure, or deliberate attack?
Are destructive incidents the work of criminals or an act of war? For
government personnel -- military, intelligence, law enforcement -- this
confusion can be fatal. Some means of assigning responsibility in the face of
imperfect knowledge will be essential to any strategy to protect critical
infrastructures, and to defend the nation." **

** Statements of Chairman Jon Kyl, Senate Judiciary Subcommittee on
Technology, Terrorism and Government Information, "Hearing on Critical
Infrastructure Protection", November 5, 1997, Public meeting - Public record.


Other References :

GAO report to congress, "Information Security, Computer Attacks
at Department of Defense Pose Increasing Risks", GAO/AIMD-96-84,
May 1996.

Dan Farmer, "Shall we Dust Moscow?, Security Survey of Key
Internet Hosts &amp; various semi-relevant reflections", 18-Dec-1996,
<a href="http://www.info-sec.com/internet/infosecx.html-ssi">http://www.info-sec.com/internet/infosecx.html-ssi</a>

Aviation Week &amp; Space Technology, "Tighter Security Urged for
Defense Computers", James T. McKenna, 20-Jan-1997.

Government Computer News (GCN), "QDR sidesteps request for more
cyber warfare funds", Gregory Slabodkin, 26-May-1997.

President's Commission on Critical Infrastructure Protection
(PCCIP), "Critical Foundations, Protecting America's
Infrastructure", October 1997, <a href="http://www.pccip.gov">http://www.pccip.gov</a>

Federal Computer Week, "Critical Infrastructure; Feds, industry
at odds over data, duties", Heather Harreld, 10-Nov-1997.

Government Computer News (GCN), "Cyberattacks on DoD networks are
rising fast", Gregory Slabodkin, 10-Nov-1997.


_________________________________________________________________________
Robert J. Perillo Jr. Principal Analyst
Certified Computing Professional (CCP)     Perillo @ dockmaster.ncsc.mil
 Richmond, VA   USA

Disclaimer: All comments or statements are solely my own, and do not reflect
            or represent any organization's that I may be associated with.

Quotation: "The Enemy is tricky and dangerous", Lt. Col. Philippe Mathieu,
           Film: 'The Battle of Algiers', Dir. Gillo Pontecorvo, 1967.
__________________________________________________________________________

>From CIWARS Digest:

'Infowar' game shutdown: Senior Pentagon leaders were stunned by a military
exercise showing how easy it would be for hackers to cripple US military and
civilian computer networks, according to a Washington Times report on the
secret exercise. Using software obtained easily from hacker sites on the
Internet, a group of National Security Agency officials convincingly
demonstrated that they could have shut down the US electric-power grid
within days and could have rendered impotent the command-and-control elements
of the US Pacific Command, said officials familiar with the war game, known
as Eligible Receiver. The secret exercise began last June after months of
preparation by the NSA computer specialists who, without warning, targeted
computers used by US military forces in the Pacific and in the United States.