US Cyber Command Wants Greater Attack Mentality

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

IT Attack mentality?

[mveloso]

It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.

OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).

The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.

The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?

Re:Just what we need

[ElizabethGreene]

2? Just 2? We are actively nation building in 12 countries right now. Nation building is done by peacekeepers and peacekeeping is done by soldiers. Soldiers on the ground in another country with guns, getting shot at = ? ...

-ellie

Re:Actually....

[f0dder]

Too late, I think Putins KGB/GRU has them under contract.

Re:Fantastic

[syphax]

Too good [imdb.com] a reference [imdb.com] to be left unexplained [filmsite.org].

I can no longer sit back and allow Communist infiltration, Communist indoctrination, Communist subversion and the international Communist conspiracy to sap and impurify all of our precious bodily fluids.

Re:Fantastic

[mistermiyagi]

Kind of related

I have been trying to figure out the easiest and most transparent way to close down botnets and the only thing I could think of was to write a "virus"-like patch that uses the already open door that the botnets use to infiltrate the infected machines and then have them automatically close the doors and send them selves around just like worms do now.

Kind of a Helpful worm "infecting" the net with happy healing and all that crap.

I figure that like all connected things you need to have an Auto-immune system that cleans the net as new vulnerabilities are discovered. Since people cannot be relied upon to protect themselves the white hats ( who have the skills required to create these immunizations ) could be like med-techs making shots for the network. The people who are infected get healed and don't even know that they were sick in the first place.

But I'm not that cool ( and by cool I mean I can't code my way out of a wet paper bag )

First strike & offense capablity.

[John Sokol]

I am waiting for them to call me and my buddies.

First they need older hackers, not script kiddies.
Black hats, or at least former black hats.

Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.

Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.

Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html [c-program.com]

Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.

Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.

> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.

These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.

Of course with Microsoft and Apple, this would already seem to be unnecessary.

Re:Fantastic

[mistermiyagi]

Yes of course it'll get caught by AV/Anti spy ware. Those people are the ones who you don't ( usually ) have to worry about. And since the worm is closing the doors ( and subsequently killing itself on the host side ) the propagation will eventually go to zero ( or as close to 0 as you can realistically get ) as the network is " healed "

"And from the user standpoint: do you really want anything that propagates as a worm doing whatever it wants on your box?"

As a user who knows how to protect themselves. No . But as we all know the users who don't know any better don't even know that they themselves are the reason that the botnets exist. So using them to fix the problem as a whole is not only doing them a service it is doing us all the favor also.

Also in my ideal version of this fix the spreading of the worm is a one shot deal on the host side. It sends itself once then closes the door thus preventing future infections from the same vector.

"Basically we call the solution to the virus problem a 'patch' and give people the option of whether and when to install it."

And how has that been working for all of us. I'd say not very well since the botnets still exist. If all the users were patching as often as you and most slashdotters were in theory the botnets would not exist at all.

"As a sysadmin, do you want something unauthorized eating up network resources?"

If your doing your job you will never have to worry about since you wouldn't get infected in the first place.

Re:Truth in Naming

[Stiletto]

The same problem applies overall to the "Department of Defense". When was the last time the "Department of Defense" actually DEFENDED U.S. soil? Pearl Harbor? It seems all they do nowadays is attack... Maybe they should change their name back to the "War Department."

Re:Truth in Naming

[GigG]

Cyber Operations Command. COC

Re:Just what we need

[dwye]

> No, but we control NATO and tell it what to do.
>
> Has NATO ever used military force at the
> initiative of another country? If so, when?

No one in the USA particularly wanted Yugoslavia to break up into little mutually genocidal groups until the Germans recognized Slovenia as an independent state. That, and their encouraging other states of the country to do the same, ended up dragging the European members in. Then their general helplessness (really, they NEED a Logistics Command, more than a French Foreign Legion) dragged the US in, and pretty much just as much of the Air Force as could go in, bomb, and get out without risking their paint jobs, let alone pilots. So the Kosovo mess was not the USA controlling NATO, but a NATO member jumping in and pulling the rest of the alliance in with it.

Re:Truth in Naming

[Anonymous Coward]

This no longer holds true, as there are now enemies who do not fear destruction/death/etc.

"No longer holds true" ? Where you learned your history? Remember Imperial Japan with their devotion and fanaticism, Bushido codex, etc.?

Well, when they got a taste of destruction and death, they changed their opinions in a day. Going to heaven as sole hero and enjoying all the spoils there is one thing, but going up in a massive cloud of vapor with all your friends and family, your God having no apparent objections or attempts to interfere to it, is something entirely different. Iran's attempt to seize own long range nuclear weaponry is a sign of ... how should I put it... not completely relying on Allah's protection. It is a sign of FEAR and it is a sign of realization that nothing short of nuclear threat to worlds most dangerous bully(ies) can bring lasting peace to any nation of the world.

So, picturing Iran or North Korea as possible aggressive nuclear-armed lunatics is just a pro-war propaganda. They should not have nukes, BECAUSE we CERTAINLY WILL war them in the future (unless they surrender under threat).

Nuclear weapons are not seriously (bar most grave circumstances of most important, decisive operations) considered as tactical weapons by any military. Using tactical nuke on your own (or one you want captured) soil is like scorching it for a long period, it very much complicates utilization of the terrain and endangers your deployed personnel (however, if they would be most probably killed in combat otherwise, a little radionuclide absorption is lesser of the evils). Therefore, they are almost strictly doomsday weapons of retaliation, LOSERS' REVENGE, to be used if its wielder senses own end coming.

Therefore nuclear non-proliferation treaty is supreme BS - it shows that superpowers were never intending to honestly uphold the world peace. Even today, Cold War still continues, but it is very stealthy and slow-motion crawl (stepwise expansion of NATO deeper towards East), in order to prevent triggering the Russian "motion sensor alarm". All this gimmicking with quarrel in Middle East is magician's hand waving. Of all countries, Afghanistan - main base of Al Quaida, how convenient! OMG, Iran is MAYBE acquiring nuclear ICBM's (in next 50 years or so)! Quick, we have to install anti-missile protection of Europe. Now, we would like to see Black Sea beach heads, Georgia and Ukraine, on our side (to avoid another Stalingrad disaster, should there be an occasion), but gosh, I can't believe we could actually get so lucky (Russian motion meter hand dwindling on the brink of "RED").

Now, all this may just not alarm Russians... if they don't know geography, or how to read positions on a chess board. It all boils down to one question: What do we intend with Russia (and Russians) once we conquer it and could it be acceptable for Russians under some circumstances and what are those? Can we ever trust them? Can we ever control them? Do they have good incentive to choose a life of losers, will it be a good enough life? On the coalitions side: will everyone get a satisfactory share of Siberia's natural riches, or there is a chance of quarrel over it between EU and US? Will EU get Western part and US extend Alaska westwards over Bering's Straights? Will US allow EU to become its potential future challenger (by acquiring natural resources comparable to those of US/Canada and absorbing Russians into own manpower) at all? Is there a piece of it for China too, or will China be on the table as well?