1 a 12 31 1995 U 61assifrca DECLASSIFIED EDEEQEUEIhaw sahfas BE gm leUlE 7 FEDERAL BUREAU OF INVESTIGATION Precedence PRIORITY Date 02 23 1998 To Albuquerque Attn Las Cruces RA Roswell RA Attn 11887 From Albuquerque Squad 8 be Contact SAI I b c Approved By I sz ze y Drafted By Lth Case ID 288 HQ 1242560 I nding Title WM SOLAR CITA 00 Synopsis U To set leads at Las Cruces RA and Roswell RA Single Source Document 'fi ority Reference - ection Classified By 4511 eclassify On 02 12 200 Serial 52 Reference Wth Detailszwi KX On 02 01 1998 the Department of Defense DOD began detecting computer intrusions into its unclassified computer systems at various facilities in the United States These intrusions are ongoing At least 11 DOD systems are known to have been compromised and recovery procedures have been initiated The intruder appears to have targeted domain name servers and obtained root status via exploitation of the statd vulnerability in the Solaris 2 4 operating system Hacker tools imported from a University of Maryland site were used to gain entry The intruder installed a sniffer program and then closed the vulnerability by transferring a patch from the University of North Carolina A backdoorm was created to allow the intruder reentry to the system 1 I To Albuquerque From Albuquerque 288-HQ-1242560 02 23 1998 wiigj Intrusions or intrusion attempts were detected at Andrews Air Force Base AFB Columbus AFB Kirkland AFB Maxwell AFB Gunter Annex Kelly AFB Lackland AFB Shaw AFB MacDill AFB Naval Station Pearl Harbor and an Okinawa Marine Corps Base WICKX Numerous university computer sites in the U S appear to have been exploited in a similar fashion Internet service providers near those universities also appear to have been exploited to access or attempt to access DOD computer networks In the referenced communication FBIHQ requested all field of ices expeditiously contact all logical sources for any information pertaining to intrusions into Air Force domain name servers using the staui exploit on Solaris 2 4 operating systems
OCR of the Document
View the Document >>