Slashdot Log In
USAF Considers Creation of Military Botnet
Posted by
CmdrTaco
on Mon May 12, 2008 11:24 AM
from the all-to-steal-wow-gold dept.
from the all-to-steal-wow-gold dept.
sowjetarschbajazzo writes "Air Force Col. Charles W. Williamson III believes that the United States military should maintain its own botnet, both as a deterrent towards those who would attempt to DDoS government networks, and an offensive weapon to be used against the networks of unfriendly nations, criminal groups, or terrorist organizations.
"Some people would fear the possibility of botnet attacks on innocent parties. If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them." What does Slashdot think of this proposal?"
Related Stories
Submission: USAF Considering Creation of Military Botnet by Anonymous Coward
[+]
Air Force Aims for Control of 'Any and All' Computers 468 comments
Noah Shachtman on Wired.com's Danger Room reports that Monday, the Air Force Research Laboratory at Wright-Patterson AFB introduced a two-year, $11 million effort to put together hardware and software tools for 'Dominant Cyber Offensive Engagement.' 'Of interest are any and all techniques to enable user and/or root level access,' a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.' This isn't just some computer science study, mind you; 'research efforts under this program are expected to result in complete functional capabilities.' The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. How long before they slip a root kit on you?
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
We must defend ourselves (Score:4, Insightful)
Re:We must defend ourselves (Score:4, Insightful)
However, most botnets are assembled from compromised computers belonging to people who lack the sophistication to properly secure them. That's a more complex issue - Maybe we go ahead and nuke their computers anyway, but it deserves more consideration than stomping on a hostile ant.
Parent
Re:We must defend ourselves (Score:5, Insightful)
And most (real, not the jingoist xenophobic crap that passes for it now) threats to national security are surrounded by innocent civilians who lack the "sophistication" (or are just scared sh*tless) to overthrow an opressive regime themselves.
Now, since we're not talking about injuring or killing people--just essentially jamming their net connection for a little while, and maybe messing up their computers--I'm much less concerned about "civilian casualties" of a botnet war. (That is, until the botnets send the robots to come kill us).
A hostile ant isn't biting you because it's mean, it's instinct since you've been perceived as a threat to the colony. Hostile antbites also don't result in millions of dollars lost when mission critical infrastructure is brought down.
Parent
Re:We must defend ourselves (Score:5, Funny)
I can just hear the Pentagon tech-office now.
TECH GUY 1: "Hey, we go this guy here who WANTS us to infect his PC with that Botnet thingy"
TECH GUY 2: "Lemme check. [CLICKITY-CLICK] Nope, already got 'im"
Parent
I'm Suprised (Score:5, Interesting)
Re:I'm Suprised (Score:5, Insightful)
A botnet's great strength is that it is dispersed. House it only on military computers and you cripple it. Put it "out there" in some form, though, and you risk having the CNC reverse engineered and the botnet might suddenly "belong" to someone else.
Bad idea.
Parent
Re:I'm Suprised (Score:5, Interesting)
Only if you're stupid and use symmetric encryption. Such a problem would most certainly not manifest with a distributed public-key encrypted network. Obviously this is an area where even good organizations and intellient people have been known to have made utterly stupid mistakes.
But it is certainly possible to create an uncompromiseable botnet.
Actually, to be honest, I'm really surprised such a botnet doesn't exist already. Oh well, perhaps it's just one of the better hidden ones.
One thing bothers me about botnets though : they all seem to originate either in Russia or deep into China. Especially in China I find it very surprising that ip's closer to the command center of those botnets tend to trace deep inside China, and not to the coastal cities, where you'd expect the Chinese script kiddies to be.
So aren't we just kidding ourselves that other nations don't already have these ? Storm might very well be Putin's botnet.
Parent
Re:I'm Suprised (Score:5, Funny)
Parent
Re:I'm Suprised (Score:4, Insightful)
Disregarding all political and ethical concerns about such a project, looking just at the technical:
1) You have just made a military target for every would be hacker, script kiddie, federally funded cyber opp, etc... in the world to try to crack. Do you think China would just sit there and say "Eh, it's made by the US, it must be uncrackable, so we won't even bother". Of course not, they would set some serious resources aside to crack this thing.
2) WHEN it gets cracked, and it will get cracked, you have just handed off control of your military owned botnet to the attacker. Depending on the nature of the botnet, and its deployment, you may have just handed over access to hardware on your networks.
3) All security is vulnerable given a sufficient amount of time and money, and in this case it's not like people are going to be jumping up and down warning you that your security has been cracked (except perhaps a few MIT guys who are promptly arrested and shipped to GITMO as enemy cyber combatants). The only way to fight against this is constant development and deployment, continuous improvement and rotation ensuring minimal windows for any given attack vector. In addition to the pure strain on your development team such a challenge would present you also have the logistical nightmare of trying to keep all of your infected machines up to date, and the constant risk that every code change represents the opportunity for an untested bug to be released.
This is one huge stinking pile of BAD IDEA. If the military really wants access to such a thing, their best option would be to find an existing bot-net operator out of Russia, or a disgruntled Chinese hacker and purchase attack time off of their bot-nets.
Same reward, lower cost, lower risk, better option.
-Rick
Parent
Re:I'm Suprised (Score:5, Insightful)
Parent
Re:I'm Suprised (Score:5, Insightful)
Or, they could just take every computer that is upgraded/rotated out of a federal government facility and set it aside for this job.
Or the US Gov't could just add a program to all of their active computers that relinquishes their idle time to the botnet. Sort of a militant version of Folding@home. (Civilians could even opt into this one.)
Or they could do all of the above. They wouldn't need to touch a civilian PC to get a formidable botnet.
Parent
Re:I'm Suprised (Score:5, Informative)
Parent
Re: (Score:3, Insightful)
If you linked up the FBI, CIA,and DHS windows computers you would have a pretty wide network. your not talking about a single point, your talking tens of thousands.
Re:I'm Suprised (Score:4, Insightful)
Parent
Re:I'm Suprised (Score:5, Interesting)
Would that be enough?
Parent
Re:I'm Suprised (Score:5, Informative)
Part of the strength - and 100% of the resilience - of a bot net lies in compromising trusted computers and networks. A bot net built on every army base in the nation would be within the governments military domain space, which would be really only trusted by those within the United States government itself.
Overflowing computers in other countries via DDoS attacks could easily be thwarted by simply blocking incoming packets from those military bases - or all incoming requests from any US domain. If you tried to avoid this block by bouncing these packets somewhere along the way to the attacked computer from the US, then you are involving civilian computers somehow, foreign or US. So you risk bombing either a) US civilian computers , or b) foreign innocent civilian computers, since the military's traffic would have to go through some civilian computer at some point even if it was originally funneled through dark fiber (like Internet 2), and its well within the realm of possibility that the civilian computer would not be able to handle the incoming storm of packets before said storm got to it's intended target, so you would completely miss your objective while simultaneously tanking a potentially friendly system.
You could build it without using a civilian computer, but you couldn't use it without effecting a civilian computer, and the odds of hitting an innocent would be huge. It sounds like they are considering "Counter DDoSing" people that attempt too "DDoS", which personally sounds like a really, really dumb idea. It could potentially cause a lot of collateral damage. Conventional military thinking does not apply analogously to the internet; you can return fire in real life, but returning fire on the internet isn't always a smart decision.
Parent
Re:I'm Suprised (Score:5, Funny)
Parent
Re:I'm Suprised (Score:5, Insightful)
And it makes the civilian population a legitimate military target. A little like hiding the missiles in the churches.
Parent
Re:I'm Suprised (Score:4, Interesting)
Your premises get "upgraded" from being "civilian" to "dual use", but none of America's real enemies today care for that fancy legal distinction anyway.
This is a shocking statement, not only in its ignorance of current affairs, but also its shortsightedness. Read some military history and find out what happens to countries that declare that jus belli no longer applies to them. The US has always (until recently) adhered to international laws of war for very good reasons; this recent call to abaondon them is a terrifying development, because it invites atrocities against our soldiers as well as our civilian populations. This may not make a difference to terrorist groups who already ignore these distinctions, but if you think those are the only forces the US will face in the next 30 years, you are an idiot.
The previous post was exactly right: when you recruit civilian computers to carry out military attacks, those computers and their operators become legitimate military targets. This is a terrible idea.
Parent
Re:I'm Suprised (Score:5, Insightful)
Parent
They probably are. (Score:5, Interesting)
But - and this is the important part - it is extremely unclear as to who the "they" are. The US Government is big, different departments have different policies and philosophies, what holds true for some branch A may not hold true for some other branch B, and so on. For example, I can't really imagine the regular US Army or Navy using a botnet. That's not, as a whole, their style. Remember, the US Navy is looking at semi-robotic next-generation Ironclads/Battleships with hundreds of missile launchers on each side. There is nothing subtle or stealthy about the Navy. Their sneers and jeers at Sweeden examining stealth ships is further evidence that these guys are about as subtle as a rocket-propelled 2x4.
Now, what about other departments? We already know that there are departments that indulge in signals intelligence, electronic and cyber warfare, covert operations, and so on. By definition, we do not know what those departments are involved in, and by definition they would be unable to tell us honestly if they were - or if they weren't. That makes it easy to be paranoid, as there is no way of testing any speculation as to what they are doing. We might know in 50 years time, some secrets may be held back for 100, some secrets may never be known (documents lost or destroyed, for example, as happened in the My Lai warcrimes investigations). Paranoia is the antitheses of rational thought, and in matters in which limited (or zero) information exist, rational thought should be of paramount importance. Insanity helps nobody, least of all yourself.
The evidence is slender, but is strongly suggestive one department already has backdoors on vulnerable boxes. After cyber-attacks elsewhere in the world, protective measures by the US will have increased, not decreased. Ethics aside, at least one military botnet under US control probably exists, as it probably does for Russia, China and probably other nations. I imagine, given the advanced education and the perceived need (it may also be a real need, but nobody acts on real needs they don't perceive as such) by Israel and India that they also have botnets. Britain's brain-drain has probably deprived it of too much talent at this point, but GCHQ and the various clandestine intelligence departments (we don't even know what departments there are - only two officially even exist, but at least one other has been officially mentioned) might have such a system in place, but more likely for intelligence purposes than for attack.
But what about the ethical standpoint? Well, ethics covers a multitude of sins, and most people have different ethics, making any kind of rational ethical argument difficult. I will stick to one point alone, then, and it's not the obvious one concerning those running the botnets. It's the ethical consideration of running an insecure machine. If you are a patriot, is it not your duty to secure your computer? If you do not, then any (and possibly every) hostile power could - and probably eventually will - run a node of the botnet on your machine. If you are a sympathizer of a foreign power, is it not your duty to secure your computer? If you do not, then your country could - and probably eventually will - run a node of a defensive botnet on your machine. If you are apolitical, then is it not your moral duty to secure your machine, so that nobody can abuse your facilities for their political purposes? If you're an anarchist, isn't it politically unacceptable to allow a government to maintain/impose order through you?
In short, it is unethical to leave your machine insecure, no matter what your political stance. No matter w
Parent
Re:I'm Suprised (Score:5, Insightful)
1. DDoS
2. mail relays
The value of a DDoS network is proportional to the total bandwidth of syn packets it can send. Why would the military need to take over smaller hosts when they have direct access to routers high up on the backbone of the internet?
As for number 2, I doubt the military has much need for mail relays.
What they really need is not a botnet. They need a list of foreign machines that they can bounce attacks through. It's been shown that titan rain was using compromised machines in Korea when they pulled the data from Germany (whether titan rain is considered a military unit is still up in the air).
Parent
Re:I'm Suprised (Score:4, Interesting)
My guess would be that they already do, and have been doing, this for years.
And if they're not, do you know how much many computers $1 Billion buys? Now just a few of them in every data center you can find and slap a copy of the Patriot Act on the front. Tell anyone that if they go near them, or question what they are for you will shoot them on the spot. Also tell verizon, qwest, etc. that they have to provide you with bandwidth free of charge.
Parent
Re:Using bots in S.American countries (Score:5, Informative)
Did you know that they really don't protect civilians under "contemporary" conditions ? It specifically states that if "the enemy" (anyone whom you're at war with) does not clearly identify itself (which is defined to mean military bases OUTSIDE of population centers and CLEARLY uniformed troops) that civilians, enemy troops AND casualties are fair game ?
As in, if there is a faction using people as human shields, any army fighting them is completely within their rights to shoot all the human shields first. (think about what rights this theoretically gives Israel in fighting Gaza, they go above and beyond what Geneva requires of them, since a genocide in Gaza would be clearly within Israel's rights under the Geneva conventions)
Even in an open war a military is completely within their rights to let a civilian population starve. Everything except direct, unprovoked attacks is not the subject of the Geneva conventions.
The convention also CLEARLY states who gets to judge (obviously without possibility of appeal) whether the provisions of the Geneva conventions allow you to shoot a certain person : the field commander. His decision is final, and he gets to be judge, jury and executioner.
Besides, there isn't a single warring faction in the world today, except the United States (and Israel, Turkey and "maybe" China (insofar you call Tibet a war, besides I doubt you will find China respecting Geneva in Africa)), that even pretend to respect the Geneva conventions. E.g. hezbollah has declared upon multiple occasions that it doesn't, nor does it ever intend to (and then they say something about some prophet not respecting them as justification).
Lots of other warring parties don't respect Geneva : the islamist government of Sudan, Egypt (in it's south), Iran, Pakistan,
Never mind civilian computers being fair game. These conventions date from immediately after WWII (not that anyone really thinks Hitler would have respected them if they existed, in fact he would probably have used them to his advantage, but hey, one can hope, right ?)
Also let's not forget, article 29(3) of the Human Rights :
"(3) These rights and freedoms may in no case be exercised contrary to the purposes and principles of the United Nations."
In other words, anyone attempting to abolish the human rights treaty (one obvious party would be islamists) does not have any human rights.
In practice you will find provisions like that in just about any constitution, in constitutions as varied as both the US constitution and the Iranian one (you know the one that requires the state to execute gays).
Parent
Re:Using bots in S.American countries (Score:5, Insightful)
Let's take some of your statements:
What the conventions actually say is that it's forbidden to perform certain acts. However, if one party commits such acts, it doesn't mean that any civilian population is then "fair game". Civilians are never "fair game".
The fact that some of the acts of one party are forbidden, doesn't mean the other party may commit crimes in response. Specifically, the Geneva conventions talk of proportionality: "Art. 53. Any destruction by the Occupying Power of real or personal property belonging individually or collectively to private persons, or to the State, or to other public authorities, or to social or cooperative organizations, is prohibited, except where such destruction is rendered absolutely necessary by military operations." Given furthermore the fact that Israeli's occupation of Gaza is illegal by international law in general, any action taken by Israel to keep Gaza occupied is in fact a crime (though not necessarily by the Geneva conventions, which only deals with very specific humanitarian issues).
Actually the Geneva conventions cover several aspects about war that have humanitarian consequences: the treatment of prisoners of war, the treatment of a population by their occupier, and so on.
It's the responsibility, not the discretion of the commander.
It's very true that no army ever respects the Geneva conventions. Israel, the United States and many other countries tend to profess how humane their acts of war are. Ofcourse, the harder they claim this, the more of a lie it usually is. (Collective punishment in Palestine, 10,000s of civilian prisoners of war without any outlook on a trial, but with rampant torture going on, the United States ofcourse has Guantanamo Bay, the en-masse destruction of civilian infrastructure in Iraq during both wars there, and so on). Regarding the statement you make about Hezbollah's declarations on multiple occasions, would you mind providing a reference to one such declaration?
Parent
Hmm? (Score:5, Insightful)
A botnet is like a disease. Not a bomb. Deliberately infecting your own computers is a horrible idea.
And this is why the military never works with... (Score:5, Insightful)
Parent
Why would they need computers? (Score:5, Insightful)
It sounds like some jr highschool kid's idea. What is the military going to do, call up Kim Jong-il and say "ke ke ke PW0n3gE! How you liek the intrnetz n0w? bizatch."? If someone is "attacking" us via the internet, there is a much easier solution: block their traffic, null route their netblock, or even just "drop anchor" [abc.net.au] on their cable.
tm
Parent
reminds me of the NSA backdoor.. (Score:5, Funny)
Security hotfix for XML services KB0453456
Security hotfix for Windows
Microsoft Silverlight
US DoD anti-terrorist cyberwarfare battle attack bot v3.1
Do you think they really wouldn't do it?
lol (Score:5, Funny)
Which country would that be again? (Score:5, Insightful)
It might be found that the enemy botnet just doesn't respect political borders and will be using machines within ones own country. What happens then?
Re:Which country would that be again? (Score:5, Interesting)
Even better if they can provide educational public service announcements about computer security.
Remember: Only you can prevent firewire.
This is your computer. This is your computer in a botnet.
Got v146rA?
Parent
Must.. Not.. Troll.. Ahhhhh (Score:3, Interesting)
Ahhh.. That felt good. Mod away
where can i get some (Score:5, Interesting)
Re:where can i get some (Score:5, Funny)
Parent
Inaccurate Title (Score:5, Funny)
Slashdot: Internet Ranks Vanilla as the Best Ice Cream Flavour Ever
He is NOT proposing the use of malware (Score:5, Informative)
How do we defend ourselves if... (Score:4, Interesting)
I mean, at some point (if I recall correctly, I am not American, I am Canadian), there were laws created saying that Americans have the right to arm themselves in case their government turns against them. Does that include the case of computer warfare?
What would happen in the case of other countries that this botnet could be used against? Would that be considered an act of war?
Historical Perspective (Score:5, Insightful)
The one where the superior military, that could crush its opposition anywhere they stood and fought, couldn't defeat an army that kept slipping in to the countryside?
The one where the "evil" greater power could be demonised every time they caused collateral damage or took reprisals on the people the weaker force hid behind?
The one where the great general George Washington brilliantly used geurilla tactics to make up for never having more than 17,000 men in the field at any one time?
The one where, soon after winning its largely guerilla war, they wrote the second ammendment to their constitution to enshrine the right to that kind of combat?
The one where the larger but distant power regarded the attacks on its own holdings as terrorism - the term just wasn't widely used yet?
It's ironic that a nation formed on, and celebrating in its constitution, the principles of armed insurrection, guerilla warfare and terrorism when it was the weaker power gets its panties in such a collective bunch when people do exactly the same thing that worked so well for it back again.
Remember: If you win and you're powerful enough to write the history, it's noble. If you lose, it's evil terrorism. Until it's decided, which one it's viewed as simply depends on which side you're on.
Re:Historical Perspective (Score:5, Interesting)
The basis of the American Revolution was "no taxation without representation". The basis of the whatever-you-call-it the Muslims are doing is "Jews are dogs and America is the Great Satan".
Parent
Re:Historical Perspective (Score:4, Informative)
I'm not going to pass judgment on whether those goals are "right" or "wrong." (Actually, arguably, such struggles almost always break down to both sides doing a lot of "wrong" things and ignoring their own wrongs, focusing on the others' to justify even more of their own.)
There are those who can dismiss them as wrong just as there are those who can dismiss the justifications for the American struggle for indepedence as wrong if they're determined enough.
Yes, it can be argued that it's mostly about a few cynical Muslims whipping up hatred so they can consolidate power far more than it's about the above stated aims. Then again, the same argument can be made that the stated aims for American independence were very different to the argument it was really about rich white slave owners, who'd taken the land from the native people, wanting to pay less tax and whipping up populist sentiment to ensure they got it.
Again: Just because the goals get a fraction of the attention "OMFG TERRORISTS!" gets on the nightly news, it doesn't mean there aren't any.
Parent
But can the US win? (Score:5, Insightful)
On the internet, small groups of individuals can wield as much power as the US armed forces could hope to. Massive botnets are hardly new.
Also, how exactly would targeting infected civilian PCs help? The first 'D' in DDOS stands for "distributed", i.e. blasting PCs off the internet one at a time isn't going to help much.
Re: (Score:3, Insightful)
Uh, guys... (Score:4, Funny)
Knowing us, of course, we'll probably take the even less palatable option and hire scummy contractors and subcontractors to do it. How could a DoD/Raytheon/Ukrainian Mob joint venture with a giant black budget possibly go wrong?
Don't be silly... (Score:5, Insightful)
For a US Military operation, you wouldn't bring the headache of maintaining 1,000,000 crappy old PCs stuffed in unused closets to bear on the problem. You'd build big machines, and you'd locate them on major backbone networks. When it came time to bring a little DDOS to bear on the enemy, you would have your big machine fire packets. It could spoof IP addresses as it wished; it could use yours, and you wouldn't even know it!
No one other than the technicians on the backbone could tell the difference between this and a hacker's botnet. But it would at the same time be much larger scale, cost more, and be theoretically more efficient - all positives in the military contracting arena.
Mod parent up. (Score:4, Insightful)
The problem is that this is an illogical response. What are they going to actually do with this patriotic attack system? DDoS a zombie? A few zombies? A hundred zombies?
At some point, the battle becomes worse than the attack. The attacker has thousands (hundreds of thousands? a million?) zombies. What use is "attacking" them like this?
Parent
Identifying the attackers? (Score:3, Interesting)
It seems like the author wants to run a legal botnot from military computers around the world, as a way to respond to attacks. That's fine, but since criminal botnets are distributed among computers around the world, some of the attacking computers will be from allied countries. Heck, some of them may be the very same military computers that are part of our botnet. The author writes about attackers spoofing IPs to appear to come from friendlies, but what if the computer is actually a friendly that has been zombied? That's where other "intelligence" sources comes in, I suppose, but I am skeptical that the attacker could be accurately identified quickly enough.
Re:The path... (Score:5, Informative)
It specifically states, in no uncertain terms that they will only use USAF computers for this. And that it will be a way to use retired computers from other sections of the government that would normally be slated for destruction.
Parent
Re: (Score:3, Informative)
Re:New laws (Score:5, Insightful)
You got a virus on your computer? Cry me a river.
Parent