Slashdot Mirror
UCB, USC To Build (And Hack) A Model Internet
darksoulz writes "Associated Press stories from TheKansasCityChannel.com and TheChamplainChannel.com have an interesting report today. It appears that the U.S. Government has given a $5.5 million grant to the University of California, Berkley and the University of Southern California so that they can build a model of the internet, so they can hack it. They are trying to find better defenses against hacking, without breaking the real Internet. The first phase is scheduled to be completed by February."
Who is John Galt?
Watch for someone to sue these guys under DMCA and government hacking laws because they create their own net and hack it.
(Just like you'll have a few lawyers salivating over the lawsuits if someone creates their own copy protection method for CD's and cracks it during testing. DMCA!!! DMCA!!!)
I mean, will sixty percent of it be model porn?
http://mediagoblin.org/
Why do you need 5 million for that? How many computers can it possibly take? 50? 100? Let's say 100. That's $100,000 (and that's generous these days) Let's say $200,000 to lease building space and power for 2 years (also generous) and let's pay 3 professors part time, plus 10 students work study wages (Figure $50,000 per professor and $20,000 per student...$350,000)
What do we got?
$100,000 parts
$200,000 space
$350,000 labor
--------
$650,000
What's the other ~5 million going for?
Oh wait... they must need Windows licenses and full copies of Outlook to properly test the hacks...
So basically they just spent $5.5 million built the worlds most expensive intranet? Man with that kind of money I would've rather had the government buy 2 more toilet seats.
In ten years everyone will wonder why USC and Berkley produced all of the decade's best crackers. This project will result in three things:
1. Good dissertations for CS PhDs.
2. More secure software, which will rarely be implemented and even more rarely be implemented well.
3. A whole bunch of research assistants who think they are l33t h4x0rs. And some of them will be right.
Eagles may fly, but weasels don't get sucked into jet engines.
I want on that internet! This one sucks, please oh please for the sake of all that is good and fermented, let me off this one! :)
Of course he went to Cal-Tech (Which I've always heard was a trade school for surfers
Where's my lobbyist? Right here.
I wonder how they will be going around to simulate the current p2p and other activity on it...
It would be interesting to see how they implement this network.
I don't think that we have a requirement to see any of the information that I've questioned above but this information could lead /. to be more informed on this situation.
... but can I be the RIAA and sue all the users of your model internet???
This is in the name of science!
I won't be real bad, just demand they hand over all their old video cards when they get new ones.
I'm still running my old Voodoo 3 3500, yeah baby it still ROCKS!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
I know you can hack a server, but how exactly do you hack "the Internet" (model or otherwise)?
Tech support companies the world over are tired of people calling up and asking, "Is your internet better than the internets of other companies?" They made a plea to the US government to do something about it, who, out of embarassment for the American people's stupidity, promptly made up a new reason to make another, lower quality internet.
From now on, rather than spending several hours trying to explain the concept of the internet to people who have trouble walking and chewing gum at the same time, tech supporters will be able to simple say, "Yes."
Mod me down and I will become more powerful than you can possibly imagine!
I'm not sure how they plan to "model" the internet, but I would argue that the internet is its own best model. Anything else will lack some exloits present in the "real" net while have other exploits absent in the real net (bugs in the model's software).
I would take the $5.5 million and divide it up into $5000 prizes that are payable to any hacker that demonstrates and documents a hack on the real net. The profs and grad students could ajudicate the prize giving. They would find at least 1100 exploits this way (fewer if they have to pay those pesky grad students or usurious university accounting department overhead rates).
If letting hackers profit from hacking the actual internet is too scary/illegal, then the university could create a small publically exposed network running a variety of apps, OS, etc.
Two wrongs don't make a right, but three lefts do.
Iowa State has a similar project funded with a $500,000 grant from the U.S. Department of Justice.
Iowa State Computer Security Lab
For the last few years I've been developing software systems for law enforcement, so occassionally I pick up interesting bits of information about how government funding works. If you didn't hear about it - and not many people did - the Dept. of Homeland Security made a sort of "open call" (via the Dept. Of Justice, if I remember correctly) about a year or so ago. It was - more or less - an open invitation for vendors to propose innovative ideas to the DHS about fighting terrorism within the United States. The really interesting thing about the open call was that it was specifically worded to encourage "innovative" and "new" approaches. I joked at the time that I actually felt good about the open call...it seemed like the guys at the DHS were acknowledging that they didn't have a clue what to do and where looking for expert help on making things radically better.
I'd be interested to find out if the "model internet" was a proposed idea. In terms of government funding, $5 million isn't all that much, so I wouldn't be surprised to see if this was an idea pitched by people at UCB and USC during the open call. I'd heard that big names asking for reasonably small amounts of money were getting through pretty easily.
I tried to convince my company to pitch a variant of our crime analysis/trendspotting tools. Include a reference per recorded crime that indicates political or religious bias as the motive of the crime. Get a concentration of those - even if they are "lesser" crimes like vandalism or simple assualt - and you've got "smoke". And where there's "smoke"...
My sigs always suck.
So they're building a model of the internet to hack, so they can better deal with threats. Is the government really that much at risk that they need to do this? Surely they could just hire some really good hackers at ludicrous salaries to protect themselves?
Or is this really more war on terror stuff? Do they think that terrorist groups are operating over the internet and are they actually setting up some sort of training ground for an elite anti-terrorism unit to stop Osama Bin Laden getting his email or something?
Seems a bit sus to me...I'm absolutely positive that part of the agreement was that Berkeley could publish their findings once the project was over. If absolute secrecy was important, then it wouldn't be done at Berkeley (and it wouldn't be reported on Slashdot). Its that simple.
Besides, in order to "shore up the US", there would need to be a lot of cooperation among the multitudes of private enterprises that actually run and maintain the network. Most of the big players in this arena are large, multinational companies that would be inclined to shore up ALL their networks, not just the ones in the US.
The
all this speculating on what's involved, but the project is described in pretty good detail over at the ISI web site. (and so, its apparently not USC specifically but the usc information sciences institute):
http://www.isi.edu/stories/70.html
excerpt:
"The DETER testbed will consist of approximately 1,000 computers with multiple network interface cards, located off the actual Internet. Three permanent hardware clusters, or nodes, at UC Berkeley and at ISI's Southern California and Virginia facilities, will serve as the core of the system.
"This isolated mini-Internet will serve as a shared laboratory where researchers from government, industry and academia can test existing and new security technology, using a wide variety of attack techniques."
Now you're giving Berkeley too much credit. LSD was synthesized by Albert Hoffman of the Sandoz Chemical Corporation of Basel, Switzerland in 1938.
They might've used a lot of LSD in Berkeley during the 60's, but it wasn't discovered there.
How small a thought it takes to fill a whole life
What makes you think they would pick a good operating system on purpose? Rather, they could put up many different systems known to be hackable, write worms or scripts designed to hack into these machines, and try to create technologies to capture/contain and lessen/slow infections and security breaches.
I don't think the point is to re-create OpenBSD. The goal is probably more of a cross between network monitoring, intrusion detecion systems, and automatic network reconfiguration.
The Internet can already route around problems because of redundancy. Sophisiticated routers can control and shape traffic. But, as of yet, there's no widespread technology to protect entire networks from security problems. We will never create perfect systems... so we must create countermeasures so that when our systems fail, they fail in the smallest and least dangerous ways possible. It's like fault isolation.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
"If they find fundamental flaws in the systems will they keep them secret to shore up US networks?"
I don't think Internet Explorer is a secret anymore
It's good to see that the UCB is still in business, even after their show got cancelled. It makes me wonder if this project is somehow related to their Bucket of Truth project.
You're only as smart as your brain.
Interesting view you have of Berkeley, and publishing secrecy. Berkeley professors have been placed in tough spots before, and I don't see any reason why this would be different. Absolute secrecy may not be needed for this sort of project, but the Homeland Defense group isn't the only people concerned about publication. You can expect that any paper to be published must be sent to the Homeland Defense and the NSF groups and approved, with about six months delay, depending on the scope and severity of the discoveries made.
On the other hand, if the Dept of Homeland Security doesn't like it for whatever reason, they'll likely try to stop publication, reguardless of what the grant says and doesn't say.
I Browse at +4 Flamebait
Open Source Sysadmin
What if everybody used IPv6?
What if you had to prove your id to send mail?
What if a Curious Yellow -like worm were realeased?
What if.... well you get my point.
It's "cracking", not "hacking", dammit!
I expect this from mainstream media, but not here.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I'm sure that most of the work that'll be done with this project is defensive, but is some of it really going to be offensive as well? Most of the time it's going to be modelling different methods of attacking network interconnection and different methods of defending against it, but when you've got a thousand machines with heavy-duty cracker tools located a few dark-fiber meters away from several Internet2 routers and just down the road from the San Francisco and DC area internet junction points, it's got to be real tempting to not only mail out CDs of crackerware to the military's cyberwarriers, but also to occasionally jack in to the real Internet and go pound some target, or upload a few hundred thousand copies of Zombieware N.2 to their public-side counterparts.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The problem with their "model" is that something as complex as the current Internet as it exists today can't really be modeled, at least not very well. It's a huge chaotic system thats constantly changing and growing, so when you try to model it your model is going to be out of date before you can do anything useful with it. I really don't think $5 million can buy even a small representation of what the Internet is today. Think of the OSI layers and all the different software, hardware, protocols, methods, systems and manufactures in place at each layer. Each of those has its own set of vulnerabilities, holes, etc. and keep in mind there are many different versions of each of those running at the same time across different networks.
This complexity is precisely what makes tracking and solving problems with today's Internet so hard.
I am curious as to what they expect to study and find from this model. Today's problems with the Internet and networking in general are largely social, economic, or political. Figuring out some neat new protocol isn't going to make backbone provider X update their entire network. Worms and the such are also the bain of a social problem. As long as we have smart programmers with free time, there will be worms and exploits of the system no matter what procedures are in place or how smart the network is; The fix for said worms are timely patches and updates, however most users won't and don't do this, hence the epidemics.
This might make some great academic research and a neat new toy for the University but I fail to see how it can find applications in the real world where the problems are much harder than the technical ones this project (presumably) hopes to solve.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95