Eligible Receiver 97

Eligible Receiver 97 was a U.S. Department of Defense exercise conducted under what is known as the No-Notice Interoperability Exercise Program. The exercises were held June 9–13, 1997 and included participants such as the National Security Agency (which acted as the red team), Central Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation, National Reconnaissance Office, Defense Information Systems Agency, Department of State, Department of Justice, as well as critical civilian infrastructure providers such as power and communication companies. The simulated cyber attack led directly to the formation of the United States Cyber Command.

Eligible Receiver 97 featured mock cyber attacks, hostage seizures, and special operations raids that sought to demonstrate potential national security threats that could be posed through the cyber domain. The joint exercise involved a National Security Agency red team which played the role of North Korea, Iran, and Cuba attempting to cause critical civilian infrastructural damage, as well as gain control over the military's command-and-control capabilities. The NSA red team used hacker techniques and software that was freely available on the Internet at that time. The red team was able to crack networks and do things such as deny services; change and manipulate emails to make them appear to come from a legitimate source; disrupt communications between the National Command Authority, intelligence agencies, and military commands. Common vulnerabilities were exploited which allowed the red team to gain root access to over 36 government networks which allowed them to change/add user accounts and reformat server hard drives.

The National Security Agency red team had no inside information to work with, but by engaging in extensive preliminary electronic reconnaissance of target agencies and sites prior to the attacks, they were able to inflict considerable simulated damage. Although many aspects of Eligible Receiver remain classified, it is known that the red team was able to infiltrate and take control of U.S. Pacific Command computer systems as well as power grids and 911 systems in nine major U.S. cities.

The mock attack featured three phases. The first two phases were concerned with computer network penetration of civilian infrastructure and military command and control. Recently declassified documents show that the last phase of Eligible Receiver connected cyber attacks to operations in physical domains. Specifically, the mock attack included a hijacking-at-sea of the ship MV National Pride. Documents detailing the last phase of Eligible Receiver remained classified until they were obtained through a Freedom of Information Act request by the nongovernmental National Security Archives at George Washington University.

Quote
Well, we do know that they were very successful in penetrating DOD computers. I mean, we physically got messages from the bad guys on our own computers.