 Once you have completed the readings, lecture, activity, and assessment, you will be able to describe the Russian cyber espionage operation known as Moonlight Maze, describe the diplomatic relations and events between Russia and Estonia prior to the outbreak of Russia's cyber attack on Estonia. Welcome to Cyber Conflict Module 6. In the first module of this course, you discovered that computer hacking has a much longer history than many people realize. In this module, we will focus specifically on the cyber hacking operations that the Soviet Union and then Russia invoked of the past half century. Recall that one of the first unauthorized computer intrusions occurred in 1967 when East German spies penetrated and stole sensitive data from IBM computer systems in West Germany. Given that East Germany was no more than a Soviet proxy at that time, the data would have clearly ended up in the hands of Soviet spies. Two decades later, the Soviets were added again in the Cuckoo's Egg operation. In that operation, the Soviet Union used East German spies to steal sensitive information about President Reagan's Strategic Defense Initiative from a handful of U.S. governmental and university computers. These cyber espionage operations never seemed to wane, even after the Soviet Union dissolved and Russian became a Democratic Republic. In early 1998, a hacker was detected intruding into unclassified computer systems at Wright Patterson Air Force Base in Ohio. After obtaining stolen user names and passwords, the hacker would log into a computer system, snoop for specific files, and exit after erasing the logs recording his access. The intrusion set was named Moonlight Maze, as the hacker generally accessed the computers during the evening hours. Subsequent analyses soon revealed that the hacker, or a set of hackers, had intruded into other military installations and a few major research universities. One U.S. Air Force investigator decrypted several of the hacker's commands and determined that they were originally written in Cyrillic, concluding that Moonlight Maze was most likely a Russian operation. Soon after, intelligence analysts assessed many of the intrusions involving computers associated with military research programs. Investigators working with the NSA decided that the hackers were likely interested in obtaining information on sensitive military technology. The investigators created a fake website for an American Stealth Aircraft program and uploaded several files with names that seemed sensitive in nature. Such a honeypot operation was intended as bait for the hackers. If the hackers took the bait, a digital tracking beacon within the files would allow investigators to track the files to the hacking source. The hackers did steal the files, and investigators tracked them to a command and control computer owned by a small nonprofit organization in London. When police questioned the nonprofit's owners, they realized that the computer had been exploited by the hackers to temporarily store the information and move it to another server. Additional analysis revealed that the files were being forwarded to an IP address of the Russian Academy of Sciences in Moscow. President Clinton sent an FBI-led delegation to Moscow to identify the hackers and determine their motivations. Staffers of both Russian President Boris Yeltsin and his Minister of Interior initially assisted the delegation, but the assistance ended abruptly on its third day. The Moonlight Maze hacks had apparently been a secret operation carried out by Russia's Federal Security Service or its Military Intelligence Service, and President Yeltsin likely was not even aware of the operation. We still do not know which agency was responsible for conducting Moonlight Maze, but the operation is estimated to have given Russia more than 5 gigabytes of data equal to about 13 million sheets of paper. As earlier modules have shown, Russia is a master of employing propaganda and theories of reflexive control to manipulate adversaries. As Moonlight Maze illustrates, the country is also quite competent in engineering and using more traditional hacking tools. A combination of these skills is extremely powerful. We are likely to see Russia's cyber tradecraft repeat itself in future U.S. executive and legislative elections, given its success during the 2016 presidential election. Quiz Question 1. True or False Moonlight Maze was a Russian cyber operation that targeted U.S. diplomatic facilities in South America. The answer is false. Quiz Question 2. Which of the following is believed to be the incident that initiated Russia's cyber attack against Estonia in 2007? A. Estonia signaled that it wanted to join NATO. B. Estonia had recently signed a major economic trade agreement with Finland. C. Estonia moved the Braun soldier statue commemorating falling Soviet soldiers. D. Estonia refused to sign a major economic integration agreement with Russia. Answer C is correct. Estonia moved the Braun soldier statue commemorating falling Soviet soldiers. The activity for this module asks that, using free mapping software such as Google Earth, locate the original location of the Braun soldier of Tallinn statue, then locate the location to which it was moved. How many miles from the original location was the statue moved? Could other possibilities other than moving the statue have allowed the Estonians to avoid Russia's ire?