The Moonlight Maze Attack
In September 1999 Newsweek broke the story that the United States was under a sustained cyber attack. They claimed that thousands of sensitive but unclassified documents relating to technologies with military applications had been stolen. Further reports at the time pointed the finger at the Russian government as a possible source of the attack, but details were limited.
In 1998 a technician at a specialist materials company “ATI-Corp” identified a connection from their network to Wright Patterson Air Force Base. He noticed the user was connecting at 3 AM on a Sunday, and the owner of the account confirmed that they weren’t using the account at that time. He raised the alarm to a number of CERTs (Computer Emergency Response Teams) - the Air Force were the first to respond.
They identified it was an attacker, and found they had made further connections to Wright Patterson Air Force Base from the University of South Carolina, Wright University and the University of Cincinnati. In one instance it appeared the attackers had made a mistake — they had connected (possibly directly) from a machine in Moscow.
As the FBI commenced an investigation, code named “Moonlight Maze”, it became clear that this wasn’t an isolated case. It was a coordinated attack on an unprecedented scale.
Activities:
1. Read through the information given for Moonlight Maze in this site and watch the associated video.
2. Write a report with the following information:
· Summary of what happened
· Analyze the methods used
· Analyze the cybercriminals
o who are they
o summary of their history
o typical attacks
· Consequences of the cyber attack
· Victims of the cyber attack
o psychological aspect
o Measures to recover the victims
· Consequences for the business