In the throes of a military action, everything is heightened. In February 1998, the U.S. and President Bill Clinton were preparing to bomb Iraq, as the country’s then-President Sadaam Hussein refused to comply with United Nations Security Council inspectors who were searching for weapons of mass destruction. Just as tensions in the Gulf were coming to a head, a systematic cyberattack, which would come to be known as Solar Sunrise, was launched against the U.S.
In all, this attack — which was called “the most organized and systematic attack the Pentagon has seen to date” by Deputy Secretary of Defense John Hamre — took control of more than 500 government and private computer systems. Institutions like NASA, the Air Force, the Navy and MIT were all impacted. Because of the lingering tensions in the Middle East, it was immediately assumed that this highly professional looking attack was coordinated by Iraqi operatives looking to strike back at the U.S. But, that couldn’t have been farther from the truth.
The Solar Sunrise attack
Alarm bells were raised in early 1998 when several Department of Defense (DoD) networks were attacked, exploiting a well-known vulnerability in the Sun Solaris — thus the name Solar Sunrise — computer system, a UNIX-based operating system from Sun Microsystems.
Ultimately, what the attackers did wasn’t overly complicated; they probed DoD systems to look for a vulnerability, found one, exploited it, planted a sniffer program to mine data and then came back later to collect that data. In the process, they accessed military defense networks, where they were able to steal sensitive passwords and other confidential information.
Once the military detected the intrusion, the U.S. government mobilized quickly, assembling the FBI, CIA, U.S. Department of Justice, National Security Agency and others to investigate the digital assault. According to the Washington Post, the U.S. Central Command out of Tampa, Florida, also called in a new defense system. It “had just tested a new Defensive Information Operations (DIO) plan in a mock military exercise called Internal Look 98 when it discovered the intrusion. Gen. Anthony Zinni ordered the DIO plan into effect for real. The Air Force’s 609th Information Warfare Squadron saw first combat, erecting a complex cyber intrusion detection system.”
The government had long known that cyberattacks could be one of the next frontiers in modern warfare, and this hit confirmed many of their fears about impending information warfare. While the intrusion also impacted private computer systems, including commercial and educational sites, it seemed “systematic” and targeted toward the U.S. government and military.
“For days, critical days, as we were trying to get forces to the Gulf, we didn’t know who was doing it. We assumed, therefore, it was Iraq,” said Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism in the White House, in the same Washington Post article.
Think local, act global
As it turns out, the real threat was much smaller and much more local. Iraqi operatives were not involved; nor was any nation-state out to steal U.S. government secrets. Within a few weeks of the attack, the FBI raided the homes of two high school students from Cloverdale, California, who were arrested and pled guilty to the crime.
Then-Attorney General Janet Reno said the arrests “should send a message to would-be computer hackers all over the world that the United States will treat computer intrusions as serious crimes.”
The two California teens did have some help, however. In March 1998, a third teen, 18-year-old Israeli hacker Ehud Tenenbaum, was arrested by Israeli police after they were given evidence of his activities by U.S. authorities. Tenenbaum, who goes by the hacker name The Analyzer, pled guilty in 2001, but claimed he was not after government secrets and only wanted to prove how insecure the systems were. He eventually went on to form his own security company but was arrested again in 2008 for credit card fraud.
More than a prank
This was, of course, not the first or last time major institutions harboring classified information have been hacked by teenagers. Shortly after Solar Sunrise made headlines, in 1999, a Florida teen made a name for himself when he infiltrated DoD and NASA computers.
While it’s easy to dismiss attacks like these as the work of idle youth, especially since the Justice Department claimed no classified information was compromised, they should serve as a warning as to how vulnerable even major networks are to motivated threat actors. Government bureaucracy often impedes a quick and effective response. In this case, the teens were able to take advantage of a well-known and unpatched vulnerability.
In the wake of this attack, the Clinton administration established several new agencies to defend against cyber warfare. But the defenders are often playing catch-up to the attackers, and critical infrastructure continues to find itself in the crosshairs of motivated hacking groups and nation-state adversaries to this day.