Skip navigation

Case Study #1 - The Eligible Receiver Exercise

The Eligible Receiver Exercise

Back in the spring of 1997, a cadre of hackers from the National Security Agency (NSA) was busy conducting reconnaissance for an attack against US government networks. Unbeknownst to much of the DoD, the NSA team had been authorized by high-ranking DoD officials to infiltrate military networks while posing as enemies and simulate attacks against civilian critical infrastructures. The NSA hackers were given a few rules: to only use readily available off-the-shelf equipment and, above all, to keep the impending attack a secret from their colleagues. After months of preparations, on June 9th, 1997 they launched their assault.

After only four days, their mission was complete. They had compromised the DoD.

Following the exercise—codenamed Eligible Receiver 97 (ER97)—members of the NSA team were interviewed in the still redacted video excerpted in the case study’s extra material. Their vocabulary is bureaucratic and their tone is solemn. The Chief Targeting Officer notes that by the third day, they had military systems administrators “on the run,” despite having only deployed “about 30%” of possible attacks. The team successfully exfiltrated data and manipulated sensitive military systems. It also simulated how civilian communication networks could be brought down. In a separate and still classified operation, the team engaged in a mock hijacking of a ship. The exercise’s takeaway, the officer emphasizes, is that the attack “could have been a lot worse.” The team’s leader also reports that they came to “know quite clearly how to take the [DoD’s information infrastructure] down and how to attack the United States in an information warfare campaign”—and that potential enemies could exploit the same vulnerabilities.

Activities:

1. Read the analysis of ER97 made in this website, along with the declassified documents provided in this page. Finally, watch the video of ER97  after action report.

2. Answer the following questions:

·         What were the implications of ER97?

·         What measures need to be taken to avoid incidents like ER97?

·         Do you think that your country has implemented such measures?

·         How important is to avoid such situations in the military domain?