03.23.12

Wayback Machine: We demonstrated how to take down the grid, 1998

Posted in Culture of Lickspittle, Cyberterrorism at 1:03 pm by George Smith

From the archives of the old Crypt Newsletter, a collection of excerpts from the nation’s newspapers on Eligible Receiver, in 1999, collecting pieces spanning about three years. Eligible Receiver was an exercise, ostensibly done to test what could be done to hack the country’s infrastructure. It was actually only a set of simulations and musings. And it’s real purpose was to have a something upon which to build an alarming narrative on vulnerability to take the country’s news organs.

Contrast with recent news of exercise run to overawe congresspeople, mentioned here.


The meaning of Eligible Receiver

From the Crypt Newsletter (JOSEPH K) Guide To Tech Terminology:

Eligible Receiver: A Pentagon ghost story repeated ad nauseam to journalists and the easily frightened in which ludicrous or totally unsubstantiated claims about menaces from cyberspace are passed off as astonishing deeds of techno-legerdemain performed by cybersoldiers working within a highly classified wargame.

Usage: Author James Adams claimed in Techweek magazine that Pentagon hackers employed in Eligible Receiver “did more than the massed might of Saddam Hussein’s armies, than the Nazis in the Second World War.”

Since its first appearance in 1997, Eligible Receiver, like the phrase “electronic Pearl Harbor,” has become a good watermark for identification of uncritical, unsophisticated journalism addressing the potential for cyberterrorism to lay low the nation.

Although never substantiated with solid proof by Pentagon leadership, Eligible Receiver has become an article of faith in the mainstream newsmedia and still appears quite regularly since its genesis almost three years ago as prima facie evidence of what hackers could do to plunge the empire into chaos.

Characteristics of invocations of Eligible Receiver can include any or all of the following: there were 20, or 25, or 35, or 50 hackers; the hackers were from or hired by: [the Pentagon, the NSA, the Joint Staff], the national power grid was taken down, the 911 service was taken down, troop movements were disrupted, the hackers were more powerful than Nazi armies in World War II, laptops were bought, laptops were stolen, software was bought off-the-shelf, software was obtained from the Net, unspecified secret computer systems were compromised and/or unspecified public computer systems were compromised.

Here then, a selection of examples of Eligible Receiver in the news:

————-

On October 9, 1999, the Los Angeles Times published a story on the Pentagon’s Moonlight Maze hysteria entitled: “In Theory, Reality, US Open to Cyber-Attack — An NSA test exposed vulnerability of critical computer systems to hackers; Outside assault proved it.”

In paragraph seventeen, buried near the end of the Los Angeles Times piece, Drogin writes: “Indeed, the evidence suggests a certain amount of hype and hysteria have overshadowed the reality of cyberspace.”

It was an inadvertently telling choice of words, for in just the story’s second paragraph — one of the piece’s impact points — Drogin fell prey to the same phenomenon.

Drogin invoked the Pentagon ghost story of Eligible Receiver — the secret DoD wargame conducted two years ago which proponents of “electronic Pearl Harbor” insist demonstrated the nation could be flattened by cyberattack.

Drogin wrote: “The [Eligible Receiver] hackers broke into networks that direct 911 emergency systems.”

It was a clear and rather extravagant error.

Appearing in June of 1998 to testify before Congress, Ellie Padgett, deputy chief of the National Security Agency’s office of defensive information warfare spoke of how Eligible Receiver addressed the alleged vulnerability of the 911 phone system.

In a simulated exercise, Padgett said, “we scripted (an) Internet message (that) would be sent out to everybody saying there was a problem with the 911 system, understanding that human nature would result in people calling the 911 system to see if there was a problem.”

The working idea in this part of Eligible Receiver revolved around the hypothesis that many people viewing the message on the Internet in a newsgroup might panic and phone their local 911 trunk, causing a jam-up on the line.

“It can probably be done, this sort of an attack, by a handful of folks working together . . .” Padgett said.

This is an extremely far cry from Drogin’s assertion that the 911 system was broken into by alleged Eligible Receiver hackers. In fact, it has nothing at all to do with breaking into a 911 computer system, whatever that might be.

However, it is consistent, thematically, with the flavor of the mythology propagated on Eligible Receiver …

In fact, during an interview with Crypt Newsletter in the summer of 1998 concerning Eligible Receiver, a Pentagon spokeswoman for the affair asserted “no actual switching systems” were broken into at any time during Eligible Receiver. She went on to say that Eligible Receiver had only simulated these attacks on NSA computer networks set up to emulate potential domestic national systems.

Nevertheless, Drogin also wrote in paragraph two of the Times piece: “In less than three months, the [Eligible Receiver hackers] secretly penetrated computers that control electrical grids in Los Angeles, Washington, and other major cities.”

The lead claims in the Los Angeles Times article are the framing points for a larger discussion on how Moonlight Maze has publicly proved what the Eligible Receiver exercise secretly demonstrated two years ago, which constitutes another rather extensive leap in linking the facts that are known about both.

Drogin quoted from counter-terrorist “czar” Richard Clarke:

“An enemy could systematically disrupt banking, transportation, utilities, finance, government functions and defense.”

The Clarke quotes are functionally identical to the same statements made for Signal magazine in August of this year when it was suggested that the Freedom of Information Act could be “modified” as part of a plan to help protect us from cyberattack. They add nothing to the actual body of knowledge on Moonlight Maze.

For the complete Clarke-uttered propaganda published in August see the “electronic Pearl Harbor” archive.

“It’s cheaper and easier than building a nuclear weapon,” said Clarke for the LA Times.

Buried in Drogin’s piece was comment by John Gilligan who “directs information technology and information systems at the [Department of Energy.]”

Gilligan, while talking about hacker attacks, “[also argued] that the danger is usually overstated,” according to the Times.

“To get access to the electricity grid computers, to start to shut some of the grid, you have to really work at it . . . To do a Pearl Harbor, you need a lot of inside information.”

————-

The September 19, 1999, issue of New Scientist magazine invoked the mythos as an example of what “cyberwar” could do in an article entitled: “To the virtual barricades.”

“[Electronic Pearl Harbor” can be done — as was demonstrated two years ago when the US Department of Defense conducted a ‘war game’ to test its defences against cyber attacks. In an operation dubbed Eligible Receiver, fifty hackers tried to infiltrate DoD systems using only the simplest of hacking tools.

“Their task was to simulate an attack from North Korea. Despite the best efforts of the DoD, intelligence and security agencies, and the private sector . . . the hackers reduced a virtual electricity grid to 50 per cent effectiveness in just seven days.”

————-

On June 26, 1999, the Christian Science Monitor featured a story entitled: “The hidden dangers of information warfare.”

The Monitor’s reporter cited the Pentagon’s secret exercise, Eligible Receiver, in the standard manner.

“. . . Operation Eligible Receiver demonstrated the potential vulnerability of the U.S. government’s information systems. The National Security Agency hired 35 hackers to launch simulated attacks on the national information structure. The hackers obtained ‘root access’ – the highest level of control – in 36 of the government’s 40,000 networks.

“If the exercise had been real, the attackers would have been able to create power outages across Los Angeles, Chicago, Washington, and New York. They could have disrupted the Department of Defense’s communication systems (taking out most of the Pacific Command) and gained access to computer systems aboard U.S. Navy vessels.

“It was a disturbing exercise. So much so, that several top White House officials have spoken of the possibility of an ‘electronic Pearl Harbor’ attack on the U.S. mainland. Added to these vulnerabilities is the fact that most Americans have no sense of how information warfare will affect them.”

Further along, the Monitor called upon James Adams, appearing here as CEO of IDefense — a firm that advertises its skill in preventing potential “Eligible Receivers,” to provide the pro forma warnings.

“It is a very serious problem,” said Adams for the Monitor.

————-

From the April 1999 issue of “Government Executive,” a reporter writes on the danger of cyberterror to the national networks:

“The liability posed by such dependence became clear when the Pentagon conducted an exercise known as Eligible Receiver in 1997. Using off-the-shelf technology and software downloaded from hacker Web sites, a team of about 20 employees from the National Security Agency hacked into unclassified Pentagon computer systems. The surprise exercise, designed to expose weaknesses in computer security, succeeded beyond the planners’ wildest expectations. Among other things, the exercise showed how hackers might disrupt troop deployments.

“It was startling,” [Deputy Defense Secretary] John Hamre said. ‘We didn’t really let them take down the power system in the country, but we made them prove that they knew how to do it.'”

————-

From an April 22, 1999, issue of “Inside the Army:”

“Two years after Eligible Receiver, a joint exercise conducted by DOD in which virtual ‘terrorists’ used stolen hardware from a government facility to gain control over secret computer systems without being detected, the military finds itself ‘in full-scale conflict,’ [Deputy Secretary of Defense] John Hamre said. Important lessons learned over this period include ‘that cyperspace ain’t for geeks, it’s for warriors,’ he said.”

————-

From a March 22, 1999 report by Associated Press writer Laura Myers entitled “Study Finds Hacker Threat a Real Danger.” Reporter Myers appears to be only vaguely familiar with the Pentagon claim and gets a figure wrong.

This is hardly a liability for the mythos. Even Pentagon proponents of “Eligible Receiver” can’t seem to agree on the number of people involved.

Myers nevertheless passes on the growing legend as proof of national danger:

“In 1997, a national security team of about 20 people, in a cyberwar game [Eligible Receiver] lasting three months, gained access to unclassified Pentagon computers, giving the team the ability to disrupt troops movements.”

————-

From an interview on cyberterrorism conducted with Senator John Kyl by the United States Information Agency (USIA), published in November 1998:

Kyl: Well, [cyberterrorism is] surprisingly easy. It’s hard to quantify that in words, but there have been some exercises run recently. One that’s been in the media, called Eligible Receiver, demonstrated in real terms how vulnerable the transportation grid, the electricity grid, and others are to an attack by, literally, hackers — people using conventional equipment, no “spook” stuff in other words.

————-

From the Fall 1998 issue of the University of Southern California’s “Networker” magazine:

“Operating under the code-name Eligible Receiver, 35 people working for the National Security Agency targeted unclassified computer systems across the country. Employing only hacking tools downloaded from the Net and standard-issue computers, the team reportedly accessed the U.S. Pacific Command in Hawaii – in charge of 100,000 troops – among other targets.

“‘We didn’t really let them take down the power system in the country, but we made them prove that they knew how to do it,’ Deputy Secretary of Defense John Hamre told the press.

“Before Eligible Receiver, what you had was a bunch of driven geeks and a few admirals and generals dotted around who said that ‘this is really important stuff’ and a bunch of traditionalists who were saying ‘yeah, right. It’s all just rubbish, really,’ says Adams. ‘Well, Eligible Receiver gave everyone a very nasty shock because it showed that the whole system could be devastated,’ he adds.”

Editor’s note: James Adams wrote a book called “The Next World War,” published in 1998, that based most of its premises that computers would fight all future wars on Pentagon claims like “Eligible Receiver.” The book was pilloried for passing on myths and April Fool’s jokes, such as the Gulf War virus hoax, as fact. [Adams also founded a computer security company called iDefense. Many years ago it declared bankruptcy and faded away.]

“[Eligible Receiver] resonated at the Department of Defense, which has 2.1 million computers, 100,000 local area networks, and more than 100 long-distance networks. Eligible Receiver was ‘a very telling example for all of the senior leadership here,’ says Susan Hansen, a [Pentagon flack] for Secretary of Defense William Cohen.

————-

From a USIA interview (published in November 1998) with reporter James Adams, here advertised as the CEO of “Infrastructure Defense,” a firm started to help protect from potential Eligible Receivers:

“The ‘hackers’ taking part in the exercise — called Eligible Receiver — were, in fact, U.S.government employees. They were given no advance intelligence. They bought their laptops from a local computer store.

“The hackers successfully demonstrated that they could with ease break into the power grids of all the major U.S. cities — from Los Angeles to Chicago to Washington, D.C., to New York — that were linked to the U.S. capability to deploy forces. At the same time they were able to break into the -911- emergency telephone system and could comfortably have taken both of those networks down . . .”

————-

From a September 2, 1998, Jane’s Defense Weekly piece on information warfare and the Department of Defense:

“In one Joint Chiefs of Staff simulation, known as Eligible Receiver, US officials posing as terrorists were able to shut down key command and control systems at US Pacific Command headquarters.”

————-

In an August 2, 1998 story by Cox Newspapers’ by Andrew Glass entitled: “Target America: Computer Warfare,” the Pentagon grail is credited with turning off all operations of the DoD’s Pacific Ocean/Asian command as well as the 911 system.

Sun Tzu — an ancient and quite dead Chinese military philosopher — is credited with the germ of the idea, too, somehow.

“Last June, the National Security Agency staged a ‘red team’ exercise, code-named Eligible Receiver, in which agents pretending to be North Koreans infiltrated the command-and-control facilities of the U.S. Pacific Command in Honolulu — demonstrating their ability to neutralize most U.S. armed forces from Okinawa to San Diego for many hours without firing a shot.

“Attaining 100 victories in 100 battles is not the pinnacle of excellence,” [Sun Tzu] wrote in ‘The Art of War,’ the earliest known treatise on military science. ‘Subjugating the enemy’s army without fighting is the true pinnacle of excellence.'”

And, further on:

“Appearing last June before the Senate Judiciary subcommittee on technology, terrorism and government information, Ellie Padgett, deputy chief of the NSA’s office of defensive information warfare, told of one aspect of the worrisome success in Eligible Receiver.

In a phase of the exercise that simulated attacks, she said, ‘we scripted (an) Internet message (that) would be sent out to everybody saying there was a problem with the 911 system, understanding that human nature would result in people calling the 911 system to see if there was a problem’ — thus causing the overloaded phone system to crash.”

————-

In a speech in Aspen, Colorado, in late July 1998, the Pentagon’s John Hamre said of Eligible Receiver: “A year ago, concerned for this, the department undertook the first systematic exercise to determine the nation’s vulnerability and the department’s vulnerability to cyber war. And it was startling, frankly. We got about 30, 35 folks who became the attackers, the red team . . . We didn’t really let them take down the power system in the country, but we made them prove that they knew how to do it.”

————-

From a June 1998 Congressional Governmental Affairs Committee meeting chaired by Congressman and former actor Fred Thompson who played a naval commander in the movie adaptation of Tom Clancy’s “The Hunt for Red October”:

“Lt. General Minihan, the Director of the National Security Agency, will identify in greater detail the nation’s vulnerability as revealed in a recent war game known as Eligible Receiver. The Committee also will explore whether the [Y2K] problem will increase America’s vulnerability to attack. As we approach the 21st century, will terrorists and rogue nations test their information warfare weapons without fear of being caught and insert data smart bombs into the nation’s computers for use at a later date?”

————-

From a May 24, 1998 story in the Washington Post written by Bradley Graham:

“Many details of the exercise, dubbed Eligible Receiver, remain closely held. But according to official sources, a group of 35 NSA specialists simulated a series of rolling power outages and 911 emergency phone overloads in Washington and a handful of other cities. They showed that large-scale blackouts could be caused by targeting computerized sensing and control devices known as Supervisory Control and Data Acquisition systems, which have become common substitutes for human monitors in operating electrical, oil, gas, transportation and water treatment systems.”

————-

From an April 23, 1998 press conference led by Kenneth Bacon, the Pentagon’s head flack:

“And that was one of the, as I said, one of the signal achievements of the exercise the Joint Staff ran, ELIGIBLE RECEIVER, to improve the awareness of people within the Department of what the computer security issue is.”


The archives of the old Crypt Newsletter.

2 Comments

  1. Mikey said,

    March 24, 2012 at 10:23 pm

    The Joseph K Guide lives again! I used to copy and paste those gems into a text file to keep. I still have it.

    Now that you have me thoroughly aroused, I am waiting for Victor von Doom to make an appearance.

    Funny thing (I’m sure you quoted it somewhere in an article that I can’t find right now) but a quote from Kafka’s “The Trial” is in the same file:

    “I am here to whip people, and whip them I shall.”

  2. George Smith said,

    March 25, 2012 at 10:44 am

    Yep, that was one of the capstone quotes I put into the long list. It’s on the wayback machine site somewhere and I’ll recapture it for the index here, I suppose.

    It’s really dated now. So many of the things in it were part of a time that no one has any idea about anymore. And I suspect if I were to re-float the idea even fewer people would get the humor, progress being what it is today.