OCR of the Document

View the Document >>

Federal Bureau of Investigation, Memo to Albuquerque and NSD/CID, "Solar Sunrise; CITA Matters; OO: HQ," February 23, 1998. Secret.

1 a 12 31 1995 LT Class1f1ca Elsi figm lw lg 7 DECLASSIFIED El FEDERAL BUREAU OF INVESTIGATION Precedence PRIORITY Date 02 23 1998 To Albuquerque Attn Las Cruces RA Roswell RA Attn 11887 From Albuquerque Squad 8 b6 Contact SAI I b c 7 Approved By I E g7lzakzgakgg Drafted By I-gmh Case ID 288 HQ 1242560 I nding Title WM SOLAR CITA 00 Synopsis U To set leads at Cruces RA and Roswell RA Single Source Document ection Classified By 4511 eclassify On 02 12 200 ReferenceHT-Ti-Cgf Serial 52 Detailszwi KX On 02 01 1998 the Department of Defense DOD began detecting computer intrusions into its unclassified computer systems at various facilities in the United States These intrusions are ongoing At least 11 DOD systems are known to have been compromised and recovery procedures have been initiated The intruder appears to have targeted domain name servers and obtained root status via exploitation of the statd vulnerability in the Solaris 2 4 operating system Hacker tools imported from a University of Maryland site were used to gain entry The intruder installed a sniffer program and then closed the vulnerability by transferring a patch from the University of North Carolina A backdoor was created to allow the intruder reentry to the system 1 I To Albuquerque From Albuquerque 288-HQ-1242560 02 23 1998 Whigj Intrusions or intrusion attempts were detected at Andrews Air Force Base AFB Columbus AFB Kirkland AFB Maxwell AFB Gunter Annex Kelly AFB Lackland AFB Shaw AFB MacDill AFB Naval Station Pearl Harbor and an Okinawa Marine Corps Base WICKX Numerous university computer sites in the U S appear to have been exploited in a similar fashion Internet service providers near those universities also appear to have been exploited to access or attempt to access DOD computer networks In the referenced communication FBIHQ requested all field of ices expeditiously contact all logical sources for any information pertaining to intrusions into Air Force domain name servers using the staui exploit on Solaris 2 4 operating systems I To Albuquerque From Albuquerque RequIQ 02 23 1998 LEAD S Set Lead 1 LAS CRUCES RA AT ALAMOGORDO NM cm igi Expeditiously contact the Office of Special Investigations OSI at Holloman AFB ALAMOGORDO New Mexico telephone numberl Ior Determine if b6 they have any information pertaining to intrusions into Air Force k c domain name servers using the stahf exploit on Solaris 2 4 operating systems Respond expeditiously with positive results to SSAI or SSAI FBIHQ CITAC telephone number I Set Lead 2 ROSWELL RA AT CLOVIS NM WICS Expeditiously contact the Office of Special Investigations OSI at Cannon AFB Clovis New Mexico telephone numberl IorI I Determine if they have -b6 any information pertaining to intrusions into Air Force domain 37c name servers using the statd exploit on Solaris 2 4 operating systems Respond expeditiously with positive results to SSA Ior SSAI FBIHQ CITAC telephone number I 96