OCR of the Document

View the Document >>

Federal Bureau of Investigation, "Memo to All Field Offices, 'Solar Sunrise; CITA Matters; OO: HQ," February 12, 1998. Secret.

12 31 1995 DEFE 31 ALL FBI INFDFEIEATIUH Precedence PRIORITY Date 02 12 1998 To All Field Offices Attn CITA Supervisors From 11887 Contact SSAI Approved By I I Geide Kenneth Drafted By I Idaf Case ID 288 HQ 1242550'5ipending CHANGED TITLE SOLAR CITA 00 Synopsis U To provide a synopsis of investigative matter and set forth leads for each Field Office tuwris Administrative iig3 Reference Bureau teletype dated 2 6 1998 to all field offices captioned A1220460 and Bureau EC to all field offices dated 2 9 1998 captioned MULTIPLE INTRUSIONS INTO DOD CITA 00 By way of background on February 1 1998 DOD began detecting computer intrusions into its unclassified computer systems at Various facilities in the United States U S These intrusions are ongoing At least 11 DOD systems are known to have been compromised and recovery procedures have W0 2620 1 6 31 3% I b 0 To All Field Offices From Re U K 02 12 1998 been initiated The intruder appears to have targeted domain name servers and obtained root status via exploitation of the statd vulnerability in the Solaris 2 4 operating system Hacker tools imported from a University of Maryland site were used to gain entry The intruder installed a sniffer program and then closed the vulnerability by transferring a patch from the University of North Carolina A backdoor was created toiallow the intruder reentry to the system 1% erm fConm higf Numerous university computer sites in the U S appear to have been exploited in similar fashion Internet service providers near those universities also appear to have been exploited to access or attempt to access DOD computer networks - Referral Consult Referral Consult Sm To All Field Offices From Re 02 12 1998 U The following leads are being set forth SECRET To All Field Offices From 02 12 1998 LEAD 5 Set Lead 1 ALL RECEIVING OFFICES 1 Will expeditiously contact all logical sources for any information pertaining to intrusions into Air b6 Force domain name severs using the statd exploit on Solaris 2 4 b c operating system Will respond expeditiously with positive results to SSAI Ior SSA telephone Set Lead 2 WASHINGTON FIELD OFFICE NVRA UP $33 1 Will conduct appropriate investigation at the University of Maryland to determine source of hacker tools b6 associated with Air Force DNS intrusions Contact should be made b7C with IUniversity of Maryland WFO will obtain all necessary orders form DOJ to gain access to files and log data Referral Consult Uimjx Thereafter conduct appropriate follow up investigation 3 WFO National Computer Crimes Squad Will open a se arate investi at101 intol I be I date of birthl Ifocusing on b7C intrusions occurring at U S Naval bases Will establish contacts and coordinate investigation with NCIS Esq 4 eag To All Field Offices From Re Wig 02 12 1998 CC Mr Geide be I337C 99 s mgi