US Cyber Command Wants Greater Attack Mentality

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

Fantastic

[OldFish]

I think they should start out small by going after spammers all over the world. Just think of the positive publicity!

Re:Fantastic

[Farmer Tim]

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

Re:Fantastic

[Naughty Bob]

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

No, he'd just had one too many glasses of grain alcohol and rain water.

Re:

[syphax]

Too good [imdb.com] a reference [imdb.com] to be left unexplained [filmsite.org].

I can no longer sit back and allow Communist infiltration, Communist indoctrination, Communist subversion and the international Communist conspiracy to sap and impurify all of our precious bodily fluids.

Re:

[Architect_sasyr]

Communist subversion

SEE! Subversion is bad! Use CVS, stay away from svn repositories. Someone with a UID far smaller than mine says so!

Re:Fantastic

[s_p_oneil]

Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

Re:

[rsborg]

Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

This would imply that these botnets aren't a subtle yet powerful control mechanism to keep the internet "in check". Although, publicly downing a non-sanctioned/friendly botnet would indeed prove your point. All I'm saying is... what's to say Storm is not "our bad guy"?

Re:

[f0dder]

Too late, I think Putins KGB/GRU has them under contract.

Truth in Naming

[Original Replica]

An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen

The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.

Re:

[OldFish]

How about Cyber Warfare Command That encompasses both offense and defense. Done.

Re:

[Original Replica]

Cyber Warfare Command would imply that any aggressive actions were part of a declared war. That would be fine, but would likely be viewed as too restrictive by many politicians and military brass. I can't imagine that Lieutenant General Robert J Elder, Jr would be content to only take aggressive actions against countries which were in a congressionally declared state of war. I don't think cyberwarfare is a big issue coming out of Iraq or Afghanistan, and I don't think Congress is going to declare war on No

Re:

[rtb61]

The problem with that is it makes absolutely no sense. In order to defend your public infrastructure, you must publicly implement systems that will protect against all know attacks, hence every other country can copy them.

If you launch a successful attack upon another county, chances are that attack can be readily mimicked and launched against your own public infrastructure. If you attempt to establish a defence against that attack you are back to square one.

Most attacks on the internet, have targeted e

Re:

[Stiletto]

The same problem applies overall to the "Department of Defense". When was the last time the "Department of Defense" actually DEFENDED U.S. soil? Pearl Harbor? It seems all they do nowadays is attack... Maybe they should change their name back to the "War Department."

Re:

[kalirion]

War without End.

Don't you mean Forever War [wikipedia.org]?

Re:

[dave562]

This idea has come up many times in the past. The stumbling block always seems to come down to the matter of computer trespass, or unauthorized access to a computer. Even if you are doing it with the best intentions, you are still breaking the law to do it.

Re:

[mistermiyagi]

Yes of course it'll get caught by AV/Anti spy ware. Those people are the ones who you don't ( usually ) have to worry about. And since the worm is closing the doors ( and subsequently killing itself on the host side ) the propagation will eventually go to zero ( or as close to 0 as you can realistically get ) as the network is " healed "

"And from the user standpoint: do you really want anything that propagates as a worm doing whatever it wants on your box?"

As a user who knows how to protect themselves. No .

Re:

[Omestes]

If it gets caught by AV and firewalls, then the target computer probably doesn't need the patch as bad as the ones where the "helpful virus" can get through.

Though I'm guessing that botnet worm writers will just find ways to circumvent it, just like virus writers and spyware authors have been being malicious towards AV and spyware detectors/scrubbers for years.

Cyber??

[NeutronCowboy]

This is exploiting cyber to achieve our objectives.

I'm sorry, what? All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????" into his chat field. I have no idea how to exploit cybering to achieve military objectives. Maybe they want to paralyze the target's networks by getting all lonely teenagers to respond to mass cyber requests?

Re:Cyber??

[trb]

All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????"

You can only picture a teenager because for you, the implicit noun modified by cyber- is sex - arguably the default focus of a teen's attention. For the military, the implicit noun is war - that is the default focus of their attention. It is clear that cyber- is an adjective prefix that indicates computation. What it means when the noun is implied is in the mind of the beholder.

Re:

[dave562]

Wake me up when cyber is a prefix for 'ware' and they're ready to wire up my reflex system and replace my eyes. I'll get on board with that program.

Re:

[Minwee]

I blame George Carlin [guba.com] for the confusion. For the past thirty years he has been encouraging us all to "Make f---, not kill!"

Re:

[trb]

Cyber is the noun it's part of the name of the command the article is about.

I think that's tenuous. When an adjective is part of a name, that doesn't make it a noun. In the name "the White House," White is part of the name, but it's still an adjective, not a noun.

In the article, and in the name of the organization, cyber a shorthand for cyber-warfare. When they say "Cyber Command," it's not the command that's cyber, it's the warfare. And even if they are using cyber as a noun, they are intending "cy

Just what we need

[Anonymous Coward]

Could the US have any more of an "attack mentality" than it already does?

Re:

[ohzero]

I've discussed with them, and we've all decided that we're just going to start dropping the new DHB (dozen hippie bombs) on hostile nations. The only question is.. what will we do with all the surplus dreadlocks?

Re:

[kalirion]

Well, previously it always claimed that it tried to avoid collateral damage.

Re:

[qbzzt]

Could the US have any more of an "attack mentality" than it already does?

Yes, and I pray we'll never get there. At the end of WWII Japan was getting ready to fight to the last Japanese. Not the last Japanese soldier, the last Japanese. The US was also getting ready to fight to the last Japanese. If it hadn't been for Hiroshima, Nagasaki, and the Japanese surrender, the Japanese culture would have ended up as the Cherokee or Sioux cultures.

All the retired military people I've read on this subject agree that

Re:Just what we need

[jayveekay]

"In the past 10 years the US has initiated 2 military actions against foreign powers."

Off the top of my head, I can think of 4:

1998: US launches cruise missiles at Sudan and Afghanistan
1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
2001: US provides air support to forces in Afghanistan to overthrow the Taliban
2003: US invades Iraq

Re:Just what we need

[jonnythan]

NATO is not the US.

Re:

[Marcika]

Well, the US makes up 75% of the NATO forces (by budget) and both strategic commanders of NATO are Americans by law (SACEUR and SACLANT), so nothing happens in NATO against the will of the US. The primary decision maker about any NATO bombing campaign is always first and foremost the White House/the Pentagon.

Re:

[Scrameustache]

"In the past 10 years the US has initiated 2 military actions against foreign powers."

Off the top of my head, I can think of 4:

1998: US launches cruise missiles at Sudan and Afghanistan
1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
2001: US provides air support to forces in Afghanistan to overthrow the Taliban
2003: US invades Iraq

NATO is not the US.

Was it another member of NATO that initiated those attacks?

Re:

[fredrated]

"NATO is not the US."

No, but we control NATO and tell it what to do.

Has NATO ever used military force at the initiative of another country? If so, when?

Has NATO ever refused to engage in force when the US wanted it to? If so, when?

Re:

[jtev]

Wasn't aware of that, but maybe our benevelent Christian and Jewish friends will give those poor savage Muslims some peace and structure. Not that I'm holding my breath or anything, but it's possible.

Re:

[ElizabethGreene]

2? Just 2? We are actively nation building in 12 countries right now. Nation building is done by peacekeepers and peacekeeping is done by soldiers. Soldiers on the ground in another country with guns, getting shot at = ? ...

-ellie

Re:

[spazdor]

I've got an awesome Anti-Tiger Rock to sell you.

Re:

[dave562]

How about we broaden the scope beyond the last ten years and look at our actions since World War II. There have been lots of ugly operations going on in Central and South America. Then there was that whole arming bin Laden to bring down the Soviet Union. Don't forget arming that Hussein guy to fight a proxy war for us against the Iranian's after they overthrew the puppet we put in place in the 1950s in an attempt to secure access to their oil supplies.

As silly as it sounds,

[Ethanol-fueled]

Glad to hear that they're bringing "cyber(please excuse the prefix ;)--attacks" out into the open. Hopefully this will lead to a cyber-Geneva Conventions, causing glorified hacking contests to replace bang-boom wars. Just that'd be a shame if some rogue nation hacked some nuclear plant's coolant pumps.

Re:

[Scrameustache]

hacking contests to replace bang-boom wars

"In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds," Reed writes.
"The result was the most monumental non-nuclear explosion and fire ever seen from space [msn.com]," he recalls, adding that U.S. satellites pick

Translation

[Verteiron]

If I run nmap -A on the Cyber Command website, they want to be able to make my head explode in retaliation. With "cyber".

Re:Translation

[mmkkbb]

You misunderstand. "Collateral damage" means they want to kill your whole family too.

Re:

[peragrin]

Well they will get his IP, and then his address from his ISP. A cruise missile to those coordinates would be a simple response.

Use Satellite video feed to see when all the cars registered to said person are parked in the driveway.

The big trick is I don't see that much cooperation in the Government.

Hello Citizen

[RichMan]

Hello US Citizen,

Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.

Thank you for your cooperation.
ZZ

PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
PPS: we can't show you the bill, this is top-secret national defense stuff.
PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:

Re:

[Unlikely_Hero]

If they did that I'd smile I'd smile, and then give them a /very/ broken honeypot. Perhaps it will hurt rather than help their efforts.
Then again...if they're putting it all on windows vista to begin with they've set up the honeypot for me.

Re:

[Mattsson]

As a side-point, I think that use of the word "Defense" is used really wrong in a lot of cases.
Offensive forces and actions should never be labeled with defense.
For one example, nuclear weapons isn't a defensive weapon, it's purely an offensive one.
A force that mainly operate in military (non-peacekeeping) operations outside their own nations borders is an offensive force, not a defensive force.
Money that goes into those operations should be labeled "offense budged", not "defense budget", so that the public

Re:

[jtev]

PS It's called extraordianry rendition. PPS Due Process PPPS Due Process PPPPS See PPS Ergo, it's not from the government, ergo it's a terrorist plot to get me to install this software, ergo, I need to call my nearest FBI office, or AFCYBER office, and let them know about the attack in progress against US Citizens. Thank you.

Re:

[Deanalator]

I believe you would be protected by your third amendment rights at that point :-)

"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."

Great...

[Unlikely_Hero]

This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems
shouldn't
be
connected
to
the
INTERNET!!!

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.

I can't wait until it's "you're on our side of the internet or you're on their side!!"

Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

Re:

[0xABADC0DA]

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is. The internet is fine security-wise. Our network organization is fine security-wise. What is not fine is our actual software. There is no reason why software should be hackable. Buffer and heap overflows are not a necessary condition. Kernel bugs do not need to allow arbitrary code to be run. These are fundamental security problems in how we program computers, no

Re:Great...

[Chris Mattern]

For example, programs that are written in Java effectively cannot be hacked due to bugs.

Java has so many bugs in it that it can't be hacked?

Re:Great...

[0xABADC0DA]

Java has so many bugs in it that it can't be hacked?

No, but your English parser does. There was a small defect in the input and instead of handling it gracefully it corrupted the discussion.

That's why you just got the uncontrollable urge to eat brains.

Re:

[aaarrrgggh]

It is actually sad what critical systems end up getting connected to the internet for all the wrong reasons.

Say I develop a SCADA system for a large data center for a major financial institution. It has an IP backbone, and I connect security cameras to that; the backbone is sized about 1,000x what it needs for my bandwidth requirements, so it isn't a problem. The cameras actually provide a support function (call it visual feedback) to the SCADA network, so it is all in the family, right?

All ethernet ports

IT Attack mentality?

[mveloso]

It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.

OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).

The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.

The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?

AFCYBER - division patch

[RichMan]

Ok, someone needs to get a hold of, or make up AFCYBER division shoulder patches.

US Air Force Cyber Command (AFCYBER)

http://en.wikipedia.org/wiki/Shoulder_patch [wikipedia.org]
http://www.tioh.hqda.pentagon.mil/DUI_SSI_COA_page.htm [pentagon.mil]

Where's hypno-toad...

[mbaGeek]

...when you really need him?

random quote from forgotten source:

"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"

Re:

[kalirion]

"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"

Yup, that's how WWI could've been prevented. Oh, wait....

They are right

[mi]

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense. You have to be able to retaliate. In "cyber" world this would mean some of the "hacking back", identifying him, putting him to jail, confiscating his computer, fining him.

This "active defense", however, is full of legal (and ethical) pitfalls and thus it is now wonder, the private companies are mostly sticking to passive defense. Private sector is also the main source of professional

Re:

[Dunbal]

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense.

Spoken like someone who has no understanding of the art of war.

The first rule of war is: don't go to war.

The second rule of war is if you have to go to war make yourself invulnerable before you attack.

"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam

Re:

[Missing_dc]

Can't we just shoot em? I really don't feel right biting some guy's ass.

Re:

[Robert1]

You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still par

Re:

[mi]

Oh, look, real war-artist teaching Slashdot wannabes... And failing.

Sorry, dear. Blasting the US and a not-so-hidden comparison with Nazi Germany of the 2nd World War may get you the "Insightful" moderations, but it is, in fact, off-topic and I will not bite.

The first rule of war is: don't go to war.

There is no question, whether or not to go to war with cyber-criminals — they have already gone to war with us. Every time a spam tries (successfully or not) to creep into your mailbox, every time your

Re:

[Minwee]

The first rule of war is: don't go to war.

Silly me. Here I thought it was "All warfare is based on deception."

As in, "When able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Hold out baits to entice the enemy. Feign disorder, and crush him. If he is secure at all points, be prepared for him. If he is in superior strength, evade him. If your opponent is

Re:

[jtev]

He who would be strong everywhere is strong nowhere. Attack where your enemy is not expecting you, and you will never lose a battle. War is the most important activity that the state engages in. Tactis change, but fundamental truths do not. Actually read Sun Tsu, or Clauswitz and see what they say, instead of simply spouting naieve crap. Attack is indeed the best defense, but it's also true that you should never attack what you cannot keep. Doing so simply overextends you, and costs you your armies.

You are Sooooo wrong, it hurts when I pee.

[TiggertheMad]

Wow your comments are full of fail. Systematic deconstruction and demolition of them below:

"Attack is the best defense" did not work for Germany in the 2nd world war. One might observer that it didn't work for them in the long run, because they WERE NOT TRYING TO DEFEND when they started the war. Their goal was conquest, not defense. They perfected the tactic of the 'blitzkreig', which involves an aggressive drive to cripple you opponent's communication, organization, and logistics, which gave them ov

Re:

[Bayoudegradeable]

"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

True, didn't work so well for the U.S. recently. But I'd say the whole conquering of North and South America (Spain, England, France and later as the US pushed to the Pacific) went VERY well for the offensive crowd. Not to be rude, but look at the Plains War for "success" with offense first (In no way am I saying that was GOOD for the US to do,

Re:

[dbIII]

Unfortunately it's the classic magic "tiger stone" - the protection is due to the fact that there are no actual tigers in the area and not due to the stone. Iraq has turned into a terrorist assembly line and Afganistan a vast source of opium to pay for it all.

As for changes at home - talk at the highest levels about how torturing people is OK, suspension of the rule of law in some cases for something a bit more Feudal and widespread hysteria awoken by things like advertising signs looks like a bit of a cha

Re:

[OmegaBlac]

"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

It worked for Russia though. Russian generals preferred to go on the offensive and take the battle to the Germany army. As for the US, I recall the speed of the collapse of the Iraqi military and government during the initial ground invasion proves you wrong. Same for Afghanistan. What's not working right now is sitting around waiting for o

Re:

[TheWizardOfCheese]

Military people are naturally predisposed to favour attack over defense. That is because armies select their leaders for initiative and aggression, not sloth and complacency. Sloth and complacency creep into the war room all the same, and the reality is that attack is sometimes a very poor defense.

The second world war offers famous examples of this. The most obvious is submarine warfare. Neither the navy nor the merchant marine officers liked convoy; the navy preferred to aggressively chase after submarines

Collateral Damage?

[BigBlueOx]

Bigger Bang? Windows! You're talkin' about Windows!

Re:

[KC7GR]

Bah! I wonder what kind of collateral damage could be obtained through a massive air-drop of two metric tons of overcooked spinach...

S P L A T T ! ! !

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[dave562]

I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.

That may be the case, but more likely the Chinese government just puts them to work. The same thing happens here in the US. There were a couple of guys who went to the LA 2600 meetings in the early 1990s who got visits from the governm

Good luck with that.

[Anonymous Coward]

Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.

Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.

So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.

This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.

I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.

Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.

Re:Good luck with that.

[dave562]

You're right that the military isn't going to get the best hackers. The NSA will. The educational system isn't the real problem. The best hackers have always been those who had a knack for it and lived and breathed the systems that they enjoyed playing with. Because for the best hackers, hacking is playing. It isn't a job, it isn't a career, it's a hobby that they enjoy. The education system could turn out "computer security professionals", but they will only be as effective as their last class. There simply aren't many people out there with the mental facilities required to be really good at hacking. All the guys I knew weren't wired right. They'd only sleep four hours a night, and had insanely accurate memories.. or they were seriously into drugs, everything from speed and coke to LSD and mushrooms. That's why the end up at the NSA. They can be compartmentalized and their idiosyncrocies can be overlooked. Those people would never make it in a military environment with a rigid chain of command.

Attack!

[GottliebPins]

I can see it now. Somewhere in China or Nigeria a hacker is trying to gain access to a U.S. government network and suddenly their own systems are attacked from hundreds of locations around the world bringing their network to it's knees! Revenge is sweet!

Greater attack mentality?

[Quiet_Desperation]

Shouldn't they be hiring Professor X?

Didn't know the Airforce was into this stuff

[adrenalinekick]

I put on my robe and wizard hat...

Re:

[SCHecklerX]

LMAO! (assuming the bloodninja posts on bash.org)

War is physics...

[MadMidnightBomber]

Computer science is maths. There are no fucking "bangs" in maths - if there's no security holes the only thing you can do is DDoS it off the net. This is the sort of drivel I usually expect from Hollywood hacker films; I can just see this guy typing "access all the secret files" into a bash prompt and expecting it to work.

Re:

[AJWM]

Computer science is maths. There are no fucking "bangs" in maths

Factorials aside, there are plenty of potential "bangs" in things controlled by computers. If someone is stupid enough (and plenty of people are) to allow any of these to be connected to the 'net, well then...

Consider, for example, power stations, refineries and similar chemical plants, air traffic control systems, (or even regular traffic control systems -- turn all the traffic lights in a city green in all directions, I guarantee you'll get

Re:

[AJWM]

Addendum to above -- if the control system you want to hack into hasn't been inadvertently connected to the internet by some idiot (ie, it has air gaps separating all nodes from any internet-connected nodes, and of course no wifi), that's the kind of thing covert ops are good at. It doesn't take much to bridge two networks, and if done in an out-of-the-way spot that could go undetected for years, especially if the bridge just sits there passively listening for a special activation packet.

Re:

[Lemmy Caution]

I found your mistake. It should be:

me@myhost:~$ sudo access all secret files

Let's play Global Thermonuclear War .....

[taniwha]

well we all used to be worried about the fallout from nuclear war .... just think what would happen on the 'net if these cowboys ever get unleashed .....

the good news I guess is that just like the spammers they'll all be going after the windows platforms because that's the biggest bang for the buck - the rest of us can watch the death of the internet from our linux bunkers

somewhat mutually exclusive?

[mr100percent]

I don't see how defense and attack in the IT world work that well together. If I'm setting up firewalls and VPN systems, it doesn't mean I'd know any more than the basics about launching my own DDoS or a man-in-the-middle attack.

On a related note, I wonder if the military would build their own botnet from scratch.

Re:

[dave562]

On a related note, I wonder if the military would build their own botnet from scratch.

Of course, just think about all of the contracting money to be made there!!! Why use off the shelf, already proven code when you can recreate the wheel and employ lots of PHB's to oversee the operation?

Bad idea

[PPH]

Expecting the typical admin of a commercial network or system to actively participate in an attack is like giving every middle-aged white collar civilian a machine gun and expecting them to attack enemy artillery emplacements.

The most we should expect of the civilian infrastructure is to secure their systems and go hide in the backyard bomb shelter. If I (a middle aged white collar civilian) start getting involved in DoS attacks against an enemy, I'm inviting reprisals by that enemy targeting my, or my e

First strike & offense capablity.

[John Sokol]

I am waiting for them to call me and my buddies.

First they need older hackers, not script kiddies.
Black hats, or at least former black hats.

Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.

Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.

Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html [c-program.com]

Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.

Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.

> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.

These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.

Of course with Microsoft and Apple, this would already seem to be unnecessary.

Re:

[dave562]

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

I completely agree. A lot of people stopped walking along the path that they were walking after age 18 because what they thought was, "Pretty damn cool." the government and law enforcement agencies thought was, "A federal fe

Re:

[John Sokol]

Kudos, couldn't have said it better myself.

"With great bandwidth comes great responsibility"

Re:

[LM741N]

Chip sets are really vulnerable to radio waves. I know as I was drying off my laptop in the oven. Never did work right after that.

Someday in the Future...

[dcollins]

Someday this guy will have a big component of his ships, missiles, and robot vehicles taken down by a friggin' virus spawned by two guys in a garage somewhere in Asia.

And he'll go "Oh my god! We were totally taken by surprise! Who could have ever imagined or prepared for something as astounding as this!", for about the 4,000th time in the history of this administration.

A more interesting question...

[DragonTHC]

what does US Cyber Command have to do with the NSA?

Collateral damage

[jabber]

Collateral damage, by definition, is unintentional. The contradiction aside, why would the most technologically advanced (arguably, I suppose) part of the US military seek to cause more than the necessary amount of damage?

collateral damage

[DM9290]

Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?

I thought there was an obligation to try to minimize collateral damage?

Re:

[Oddster]

Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?
I thought there was an obligation to try to minimize collateral damage?

That rule is moot for quite a number of reasons. See firebombing of Dresden [wikipedia.org]. And remember, the term "war crimes" is either an oxymoron or redundant, depending on how you look at it.

Arent computers made in China?

[objekt]

A lot of them, anyway?

Who's to say they don't build some tricks into them before we get them? They could be monitoring everything we do and be able to shut us down at will for all we know.

Re:IPS?

[db32]

No problem, we will be sending you the bill shortly. The taxes on this work will be calculated at $1.8m per second. We look forward to receiving your payment in a timely manner. -- IRS

Re:

[db32]

Tons of damage, they have managed to blow up a generator using SCADA controls in one test. Because in this wondeful new world of Interconnected Expanding Horizons Where Do You Want To Go Today Whatever crap every critical control computer has been plugged into a network for some dumb reason. Varying from "I don't want to have to work next to the loud device that the computer controls" to "The PHB said we need to be more "integrated"".

There are all manner of systems that handle hazardous materials that a

Re:

[SCHecklerX]

Indeed. Reminds me of this nonsense:

http://tinyurl.com/3ymeov [tinyurl.com]

Re:

[Colonel Korn]

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because y

Re:

[gelfling]

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because you liked them, not because you hated them. Stupid, stupid, rhetorical nonsense.

Well considering there have been exactly zero declared wars since the end of WW2 it sort of puts a point on the futility of the whole thing, doesn't it?

Re:

[dave562]

which begs the question: what will the internet look like after prolonged, intensified, government warfare?

* * * - No route to host.