SYNOPSIS OF THE 3 NOVEMBER COMPUTER VIRUS ARPANET PROPAGATION - INFORMATION MEMORANDUM

Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 : CIA-RDP90M00551R001800960006-1 STA IC STAFF Routing Slip TO: ACTION COORD INFO EO/ICS D/ICS DO/ICS DD/RE EA-D/ICS SA-D/ICS SA-D/ICS-EP REO X COMIREX X SIGINT X HUMINT X MASINT X IPC K P80 )( PPO X CCISCMO X IHC X RDCO X U. )( SECRETARIAT X ADMIN )( i REGISTRY SUSPENSE. Date REMARKS: Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 CIA-RDP90M00551R001800960006-1 Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 : CIA-RDP90M00551R001800960006-1 ILA 7 / )c- S TAT NATIONAL SECURITY AGENCY FORT GEORGE G. MEADE. MARYLAND 20755 -6000 MEMORANDUM FOR THE SECRETARY OF DEFENSE Serial: J-1005-81 7 November 1988 sada SUBJECT: Synopsis of the 3 November Computer Virus ARPANET Propagation - INFORMATION MEMORANDUM tritti f) IT The National Computer Security Center learned of the virus attack shortly after the first reports on Wednesday evening and has been in nearly continuous contact with the major members of the network ever since. The Center obtained a copy of the offending software on Thursday morning, 3 November, and is examining the sizeable and sophisticated software line by line to determine exactly how it works and what specific system vulnerabilities it exploits. STAT The major impact on those systems operating within the network was loss of computer time.- To the best of our knowledge no computers containing classified information were affected. The virus managed to replicate and place into execution enought copies of itself to consume all or nearly all of the available computer time. The effects of the ARPANET/MILNET virus attack can be described, in terms of the Department of Defense Trusted Computer Criteria as a "denial of service." Certain ARPANET and MILNET subscribers simply disconnected their computers from the net; DDN operations shut down the ARPANET-MILNET mail gateways once they were aware of the attack. Packet-switches, terminal access controllers, and monitoring centers were not affected because the attack took advantage of vulnerabilities of the Berkeley UNIX 4.3 operating system which is only used on host computers. A meeting of representatives from DCA, NIST, DOE, FBI, and Lawrence Livermore Labs, among others, will be convened on Tuesday, 8 November, to exchange information on the nature of the attack and what can be done to preclude further attacks. ???-? ? ? ? I-. ? I. ? ... . Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 : CIA-RDP90M00551R001800960006-1 Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 : CIA-RDP90M00551R001800960006-1 STAT Serial: J-1005-88 I will continue to keep you advised as this matter develops. Copy Furnished: D/SECDEF DTR ICAStaff DIR DARPA ASD (C3I) PREPARED BY: 4142 . U G Deputy Director 2 FOR C:TICI,L USE ONLY 6_ Declassified in Part - Sanitized Copy Approved for Release 2013/07/22 : CIA-RDP90M00551R001800960006-1