Eligible Receiver 97
Eligible Receiver 97 was a U.S. government exercise conducted under what is known as the No-Notice Interoperability Exercise Program. The exercises were held June 9–13, 1997 and included participants such as the National Security Agency (which acted as the Red Team), Central Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation, National Reconnaissance Office, Defense Information Systems Agency, Department of State, Department of Justice, as well as critical civilian infrastructure providers such as power and communication companies.
The NSA Red Team used hacker techniques and software that was freely available on the Internet at that time. The Red Team was able to crack networks and do things such as deny services; change and manipulate emails to make them appear to come from a legitimate source; disrupt communications between the National Command Authority, intelligence agencies, and military commands. Common vulnerabilities were exploited which allowed the Red Team to gain root access to over 36 government networks which allowed them to change/add user accounts and reformat server hard drives.
National Security Agency Red Team had no inside information to work with, but by engaging in extensive preliminary electronic reconnaissance of target agencies and sites prior to the attacks, they were able to inflict considerable simulated damage. Although many aspects of Eligible Receiver remain classified, it is known that the Red Team was able to infiltrate and take control of U.S. Pacific Command computer systems as well as power grids and 911 systems in nine major U.S. Cities.
Quote
“ | Well, we do know that they were very successful in penetrating DOD computers. I mean, we physically got messages from the bad guys on our own computers. | ” |
—John Hamre, former Deputy Secretary of Defense 97-99, Frontline interview[1] |