Eligible Receiver is the code name of a 1997 internal exercise initiated by the Department of Defense. A "red team" of hackers from the National Security Agency (NSA) was organized to infiltrate the Pentagon systems. The red team was only allowed to use publicly available computer equipment and hacking software. Although many details about Eligible Receiver are still classified, it is known that the red team was able to infiltrate and take control of the Pacific command center computers, as well as power grids and 911 systems in nine major U.S. cities.
Moonlight Maze refers to a highly classified incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at the Pentagon, NASA, Energy Department, private universities, and research labs that had begun in March 1998 and had been going on for nearly two years. Highly placed sources told FRONTLINE that the invaders were systematically marauding through tens of thousands of files -- including maps of military installations, troop configurations and military hardware designs. The Defense Department traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement. Moonlight Maze is still being actively investigated by U.S. intelligence.
Code Red was a worm with multiple variants that first appeared in July 2001 and ultimately affected nearly 300,000 computers in the U.S. Exploiting a hole in Microsoft's IIS Web servers, it was time sensitive based on the date: From days 1-19 of the month the worm would propagate; from days 20-27 it would launch a denial of service attack against a particular site, and from day 27 through the end of the month the worm would "sleep," dormant in the computer. In Code Red's first variation, the affected computers were programmed to launch a denial of service attack against the White House Web site at a certain date and time. If the assault worked, the hundreds of thousands of pings would have overwhelmed the Internet in nanoseconds. Richard Clarke, the president's adviser for cyberspace security, worked with the nation's Internet providers to thwart the attack by blocking traffic to the White House site. Other Web sites were shut down, however, and replaced by a message that read "Hacked by Chinese."
In the summer of 2001, the coordinator for the city of Mountain View, Calif.'s Web site noticed a suspicious pattern of intrusions. The FBI investigated and found similar "multiple casings of sites" in other cities throughout the U.S. The probes were seemingly emanating from the Middle East and South Asia, and the visitors were looking up information about the cities' utilities, government offices, and emergency systems. This information took on a new significance when U.S. intelligence officials examined computers seized from Al Qaeda operatives after the Sept. 11 attacks and discovered what appeared to be a broad pattern of surveillance of U.S. infrastructure.
The Nimda worm ripped through the U.S. financial sector one week after the Sept. 11, 2001 terrorist attacks. Nimda, which is "admin" spelled backwards, was a mass-mailing worm that exploited vulnerabilities in Microsoft software. It was notable because of its sophistication. It could replicate itself several ways -- by infecting e-mail programs, copying itself onto computer servers, or afflicting users who downloaded infected Web pages. Nimda was also significant for its speed and potency -- it affected millions of computers and slowed the Internet. Officials do not believe it was related to the Sept. 11 attacks.
The Slammer worm, also known as the Sapphire worm, hit at 5:30 a.m. GMT on Jan. 25, 2003 -- Superbowl weekend. Exploiting a vulnerability in servers running Microsoft SQL Server 2000 software, Slammer was the fastest cyber attack in history. According to a team of researchers from the University of California at San Diego, Lawrence Berkeley National Labs, and Silicon Defense, the number of infections doubled every 8.5 seconds and Slammer did 90 percent of its damage in the first 10 minutes of its release. Among other things, the worm took down parts of the Internet in South Korea and Japan, disrupted phone service in Finland, and slowed airline reservation systems, credit card networks, and automatic teller machines in the U.S.