The most trusted source for computer security training, certification and research.


Intrusion Detection FAQ
What is Solar Sunrise?
TSW 1.1.1.1-Analyzer

In February 1998, hackers launched an attack against the Pentagon and MIT in what the Department of Defense called "the most organized and systematic attack to date." Ironically, the announcement by deputy secretary of defense John Hamre was dismissed as "politically motivated scaremongering or evidence of technical ignorance." The investigation involved five US federal agencies and at least thirty FBI agents. The justice department claimed that no classified information was compromised. While this writer exhaustively searched for details of what the hackers did during the attack, no details were available.

The computer affected at MIT was in the Plasma Science and Fusion Center and was used primarily as an email and web server. The computer was running an old version of Linux, the vulnerability which facilitated intrusion. After gaining access to an account, the hackers took advantage of other security holes and installed a packet-sniffer. The hackers were able to collect user names and passwords to computers outside the network. The intrusion prompted MIT to shut down the node and move its services to a more secure node.1

The legendary honor amongst thieves apparently translated to loyalty amongst hackers. In March 1998, the hands of justice seized two Northern California high school students suspected of being involved in the February attack.1 Their mentor, an internationally sought hacker self-named the Analyzer, cracked an ISP in Northern California "in order to make things right" for his student Makaveli who had been arrested. Analyzer had accepted apprentices because he was planning to retire from hacking. He "needed someone to follow me. I felt it was a waste to let all my knowledge go." Loyalty aside, he insulted the students that followed him by challenging the FBI
Makaveli did not hack any of those [Department of Defense] systems. [H]e don't even know how to Trojan a system. [I]f [you are] searching [for] anyone, [you] search for me.4
The next day, Analyzer granted an interview with AntiOnline founder John Vranesevich. (Despite repeated requests, Vranesevich would not give a transcript of the interview to this writer). A self proclaimed idealistic anarchist who loves chaos and hates big governmental organizations, Analyzer told Vranesevich he hacked everything.4 In interviews he granted before being caught, the Analyzer boasted to have administrator level access to more than 400 military computer systems,4 1,000 internet servers including 120,000 accounts on those servers.5

Offers to "cross the border" from being a hacker to working in system security apparently fueled Analyzer's decision to retire from hacking at the ripe 'ole age of eighteen. His heir apparent Makaveli was caught because he didn't take corrective measures after Analyzer told him that his IP was "bare open." Had Makaveli been as diligent in following Analyzer's teachings as he was in pursuing the Analyzer mentor him4, he could have possibly hacked longer without being caught.5

Analyzer claims that he blocked all of the security holes he found in the systems he hacked. When the Israeli Internet Underground, a six member group he founded, hacked into the Israeli Parliament server, Analyzer claims to have found and blocked 19 security holes.5

Ironically, as US investigators were presenting evidence to the Israeli government officials about how the Analyzer hacked into US military computers they also offered evidence of crimes against Israeli computer systems. Before seeing that evidence, a source in the Israeli Parliament told Walla! News that the Analyzer's story looked like a hoax and that he was trying to claim the real hacker's glory.5

In March 1998, the Analyzer was revealed to be Israeli citizen Ehud Tenebaum and he was arrested.3 A police investigation reportedly found sniffer ant Trojan programs in his possession. Those tools allowed him to illegally obtain computer passwords and credit card information, to shadow the activities of remote computer users and to plant viruses.7

Tenebaum pleaded not guilty to the charges of breaking into US computer systems. Systems he was charged with penetrating include NASA, the Pentagon, MIT, Harvard, Yale, Cornell and Stanford universities. Tenebaum was also accused of cracking the Israeli Parliament system and Internet accounts held by two Israeli ISPs.3

In addition to the Northern California teens, Tenebaum had four 20 year old Israeli apprentices who were indicted along with him about one year after the well orchestrated assault on sensitive US systems. Defying hacker loyalty, one of the four Israelis indicted with Tenebaum agreed to testify against him in exchange for a reduced sentence. Tenebaum claimed to have expected the plea bargain.3 All five of them were charged with conspiracy and harming computer systems; three of the five were charged with destroying evidence. NASA, Pentagon, Harvard, Yale, Cornell, Stanford, MIT and the Israeli Parliament systems were included in the charge. The five were also charged with breaking into the Internet accounts of individuals and companies held by two Israeli ISP's.7

Despite US Attorney General Janet Reno's bold statement at the time of Tenebaum's arrest, no trial was scheduled 18 months later. Reno said
(The) arrest should send a message to would-be computer hackers all over the world that the United States will treat computer intrusions as serious crimes. We will work around the world, and in the depths of cyberspace, to investigate and prosecute those who attack computer networks.6
In fact, Tenebaum has appeared in computer advertisements and has been approached about deals for a movie and books.8

-Virginia Key

There is a video about the case that is available at: http://www.nacic.gov/pubs/solar.html
  1. MIT News Office. "Two boys in California break into PSFC computer." MIT Tech Talk. 4 March 1998. http://web.mit.edu/newsoffice/tt/1998/mar04/hack.html (8 November, 1999).
  2. Glave, James. "Getting to the Bottom of 'Cyber Attacks.'" WiredNews. 26 February 1998. http://www.wired.com/news/news/technology/story/10557.html
  3. Hershman, Tania. "Cracker Pal Turns on Analyzer." WiredNews. 24 May 1999. http://www.wired.com/news/politics/story/1984l.html (8 November, 1999).
  4. Cahill, Greg and Harris, Paula. "Pentagon Hackers Speak Online." MetroActive News & Issues. 5 March 1998. http://www.metroactive.com/papers/sonoma/03.05.98/hackers-9809.html (9 November, 1999).
  5. Shimshon, Gadi. "Over forty FBI agents are on the chase after an Israeli Hacker." Walla! News. Date unknown. http://www.walla.co.il/news/special/hacker/eindex.html (9 November, 1999).
  6. Department of Justice. "Israeli Citizen Arrested in Israel for Hacking United States and Israeli Government Computers." 8 March 1998. http://www.usdoj.gov/criminal/cybercrime/ehudpr.htm (8 November, 1999).
  7. Hershman, Tania. "Cracker Indicted: Surprise!" WiredNews. 10 February 1999. http://www.wired.com/news/news/politics/story/17850.html (8 November, 1999).
  8. Wired News Staff. "Analyzer Takes Notoriety to the Bank." WiredNews. 7 April 1998. http://www.wired.com/news/news/technology/story/11534.html (8 November, 1999).



Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT