The Solar Sunrise Attack
In February 1998, a number of Department of Defense networks were attacked using a well-known vulnerability in the Solaris (UNIX-based) computer system. The attackers probed Defense Department servers to see if the vulnerability existed; exploited the vulnerability and entered the system; planted a program to gather data; and then returned later to collect that data.
Some of the initial probe activities appeared to originate from Harvard University and the United Arab Emirates (UAE), moving on to Pearl Harbor and a number of Air Force bases: Kirtland, Lackland, Andrews, Columbus, Gunter, and Tyndall. Later intrusion activities were monitored from the UAE, Utah State University, and a commercial Internet website to some of the same Air Force bases. Further activity was monitored at dozens of other U.S. military sites and universities. International activity was monitored in Germany, France, Israel, UAE, and Taiwan. Over 500 computer systems were compromised, including military, commercial, and educational sites, by attackers using only moderately sophisticated tools.
In the end, two California High School students were arrested and pled guilty. Their mentor, an 18 year-old Israeli, was also arrested and indicted.
Although the Department of Defense called it "the most organized and systematic attack to date," many dismissed its seriousness because "the Justice Department claimed that no classified information was compromised."
Lessons some have drawn, however, are that Solar Sunrise confirmed the findings of Eligible Receiver: U.S. information systems are vulnerable. Additionally, others indicate that various legal issues remain unresolved (e.g., statutory restrictions and competing investigative needs and privacy concerns that hinder searches), there are no effective indications and warnings system in place, intrusion detection systems are insufficient, and there is too much government bureaucracy that hinders an effective and timely response.
Activities:
1. Research the Solar Sunrise Attack on the web and collect more information. Finally, watch the associated video.
2. Answer the following questions:
· How were the attacks detected?
· What was the standard method of attack?
· What did the DoD do to protect their computers once the attack was discovered?
· What lead allowed authorities to track down the culprit(s)?
· Who was deemed ultimately responsible?
· What happened to the culprit(s)?
· According to the CSI, what is the cost of internet hacks?
· What recommendations are made to prevent future attacks?