U.S. Military's Hackers

definate writes "Wired is running a story on the Joint Functional Component Command for Network Warfare, or JFCCNW. A multimillion dollar military task force used to attack the electronic infrastructure of their opponents."

Restrictions?

I wonder if there will be restrictions on security patches during war-time?

Re:Restrictions?

[Aeiri]

You don't just call in sick and not patch it just because its war-time. Heck its war-time right now and I am seeing Microsoft release patches left and right.

On the other hand if you are imaginging an situation like world war, and you are worried about your stupid windows having no patches, then here is a tip - get a life, find a bunker.

I don't think you got the point of his post...

I think what he was trying to say was, since the military has a team of hackers, will the US restrict security patches during war time so that the enemy can't have secure computers, and make it easy for the military to attack them electronically.

Revealing (and scary) line from TFA

[Daniel+Dvorkin]

"I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested," said former CNA commander, Air Force Maj. Gen. John Bradley ...

IOW, folks in the Echelons Beyond Reality love the idea of Matrix-style hacking of an enemy network because it's sexy and cool (even though they probably have no idea what real hacking entails) and aren't interested in the boring old-fashioned business of securing our own networks from attack. Okay, guys, here's a quick quiz: of the following possible combatants, which one has the most to lose in the event of an enemy hacker penetrating its computer security?

a) al-Qaeda
b) China
c) the United States
d) North Korea

Think fast!

Re:Revealing (and scary) line from TFA

[WillAffleckUW]

Okay, guys, here's a quick quiz: of the following possible combatants, which one has the most to lose in the event of an enemy hacker penetrating its computer security?

a) al-Qaeda
b) China
c) the United States
d) North Korea

Um, I'm going to guess it's not A) al-Qaeda - because they have a truly distributed net and could care less.

Re:Revealing (and scary) line from TFA

[Staplerh]

My exact thoughts on reading the article. This quotation spells out the beliefs of the project leadership:

Verton said the unit's capabilities are highly classified, but he believes they can destroy networks and penetrate enemy computers to steal or manipulate data. He said they may also be able to set loose a worm to take down command-and-control systems so the enemy is unable to communicate and direct ground forces, or fire surface-to-air missiles, for example.

Pure poppycock, IMHO. Most armies infrastructures are old enough that they have backup programs. The idea that a hacker could shut down an entire air-defence grid raises eyebrows, as most likely that air-defence grid was designed before the advent of computer networks - and military leaders are wary of trusting so much equipment.

Re:Revealing (and scary) line from TFA

[hkb]

Uhm, all of them do, but al Qaeda to a lesser extent.

I take it you haven't audited any chinese or north korean infrastructure lately, instead opting for the "America is everything" approach.

If you want to play games -- China, arguably, has the most to lose, in terms of both military and industrial attacks.

Re:Revealing (and scary) line from TFA

[mestreBimba]

You miss the real threat. The real threat is not in taking down an enemy military's command structure, but in disabling the whole country's infastructure and subsequently crashing the whole economy.

What is the economic impact of hacking a nations power grid and bringing it down? Crashing the process control on oil and other chemical refineries. With the correct techniques you can bring down the power grid, the phone system, cause toxic chemical releases.... the list goes on and on.

In economies where most process control is now digital and the in place protection for such SCADA networks rely on security through obscurity, the ability to bring a nations economy to ruins is not far fetched.....

Think bigger!

Really?

[delta_avi_delta]

From the article

take down command-and-control systems so the enemy is unable to communicate and direct ground forces, or fire surface-to-air missiles, for example.

I find it incredible that systems like this would be on the internet. Surely something like a surface-to-air missile system is isolated from the web?

The best defense

[wiredog]

is a good offense. Also, if you know how to attack, you also know how to defend.

Re:The best defense

[gnuman99]

Yes, it seems this works so well for things like ICBs, cruise missles, bioweapons, etc... I mean, if you know how to attach, you know how to defend?

Re:Script Kiddies in Uniform

[ScentCone]

Script Kiddies in Uniform

I don't think you'd want these people using all of their resources to attack your network. Script kiddies, they're not.

And a good way to spend millions of taxpayer money.

Yup, because the bad guys are doing exactly the same thing. And you'll never have a better bunch of people to work on countering that sort of stuff than the people who have done a stint entirely focused on causing damage elsewhere. Who would you want taking a new job working on infrastructure protection: the kid right out of IT school, or the guy who's been working without any distraction or budget tightwaddedness who's just spent the last two years thinking up every way he can to crack and damage networks, content, databases, and more?

US Military hackers...

[northcat]

And everyone keeps complaining about chinese or russian militaries using hackers.

Re:SAMs?

[Der+Krazy+Kraut]

All that stuff don't neccesarily have to be connected to the internet. They could always bring some specialists behind the front lines who hack it on site or set up a relay of some kind so it can be accessed from behind the front lines.

Joint...? that sounds bound for failure

[ajnsue]

Ah - any government effort that starts with "Joint" is destined to produce nothing but paperwork and studies. Just as Private industy folks recognize the term "Cross-Functional" as a death sentence. I have no doubts that the leadership of any J**** project has a general idea of what they need to say to continue to justify funding. But the likelihood of them actually producing something worthy of said funding is slim to nothing.

aybabtu

[Fox_1]

Joint Functional Component Command for Network Warfare, JFCCNW
Man what a painful acronym, however it's being disregarded for most of the article and replaced with :
Computer Network Attack, or as some military personnel refer to it, CNA. "I've got to tell you we spend more time on the computer network attack business than we do on computer network defence because so many people at very high levels are interested," said former CNA commander, Air Force Maj. Gen. John Bradley
Which is funny since the DoD was targeted:
last year nearly 75,000 times with intrusion attempts.
So what do they really have as a mission for this group?
Verton said the unit's capabilities are highly classified, but he believes they can destroy networks and penetrate enemy computers to steal or manipulate data.
Nice, a govt funded agency with little regard for the institutions it's supposed to protect (free speech and due process) or other nations sovereignty and the apparent mission plan of 13 year old script kiddies everywhere. Where's the story?

Linux

[gnuman99]

For once, at least I'm happy I'm using an open source OS like Linux. At least no single company can put keyloggers and backdoors in and everyone can detect the malware.

Anyway, if people wanted peace, why do we have (need?) a military?

Ummm, yes

[wiredog]

If you don't know the characteristics of those things, and how they are use in an attack, then you don't know how to defend against them. And how do gain that knowledge? By building and testing icbm's, cruise missiles, bioweapons, etc.

BTW, the best defense against a cruise missile is a net, placed in the flight path. Of course, first you've got to know the flight path.

The Hardest Part

[EQ]

... is getting enough of the "great" hackers the proper security clearances and compartmented accesses. You must be a US citizen, pass an SSBI Single Scope Background Investigation, FBI/DIA ivestigators contact scads of people you havent talked to in years as well as your current associates and their associates and the associates of those people as well - they go 3 nodes or more out from you. Add to that a Counter Intelligence polygraph - those are sometimes the biggest hurdles. If you try for NSA credentials, you get the joy of a Lifestyle Polygraph (the worst 6+ hours of your life, trust me on that). On top of that, getting people to move to Nebraska for some duty at Stratcom in Omaha is not all that easy a sell.

Fortunately not al the duty stations are in Nebraska, and not every hacker (used in the best sense of the word) fits the stereotypes. Its not like the movies.

There is one other source they forgot:

Contractors. Look at the big DoD contract companies, and look at the IT openings they have. Northrop Grumman (includes the old TRW people), Raytheon (includes the old Hughes people), Lockheed-Martin, Ball Aerospace (Satellite/comms guys), Titan, and a pile of smaller lesser known companies. Look at what they are hiring for. These are the only relatively secure IT jobs left in the US that are not under threat of being outsourced overseas.

Plenty of work if you can qualify for the security aspects and dont mind being reinvestigated and strapped to a polygraph every few years, on top of other voluntary restrictions you put on your freedoms in exchange for the security clearance (i.e. give up the recreational/illegal drugs, give up drinking to excess, give up gambling, and give up many of the vices the fringe of hackerdom has).

Re:The Hardest Part

you get the joy of a Lifestyle Polygraph

Polygraphs are useless. Astrology is just as accurate. The only value of a polygraph is scaring the subject into believing that a polygraph actually works. If a subject believes a polygraph works, they may confess something.

Aldrich Ames, a mole in the CIA, passed polygraphs for years.

Go look at antipolygraph.org.

I wonder if these were the guys...

[0kComputer]

that brought down al-jazeera.net when the US invaded Iraq? Remember the 2 week long denial of service attack and subsequent attacks after beheadings and what not?

http://uk.news.yahoo.com/030327/152/dwem2.html/

Beware the assumption that network means

[wiredog]

"The Internet." The phone system is also a network, as is the power grid (parts of which are phone accessible, but not internet accessible). Railroads use networked communications to control switches. So does the ATC system. All can be hacked into if you can get access to the communicatons lines and know how.

Re:Script Kiddies in Uniform

Yes, because the military are always so mature and disciplined, never looting, massacring, raping, failing to follow orders, showing incompetence, or just plain screwing around.

Re:Worst. Acronym. Ever.

[eurostar]

"Electronic Defenders" ?? from who ?? more like "Electronic Attackers" bud.

Donkies and Notes?

[Flamsmark]

with carrots, flies, and ink-eradicators, of course.

Re:just goes to show

[demo9orgon]

No, it just goes to show that all governments hate competition, at every level. You can't just point at the USGOV and wrap it in a razorwire blanket and say

"HA! That proves it!".

Every government on the planet is rotten. They all act the same. Think of businesses with no accountability except that which they're willing to suffer. Unlike businessess, where if they're all wrong they're all right, governments just say,

"We're right. Disagree and you might limp away marginalized. Piss us off and we'll shoot you/imprison you."

Humanity, like all life and existence, is built upon recursive suffering. Death is the exit condition. It's all a game. The 10% control the 90% and short of re-engineering humanity and really most mamillian life, it's not going to change.

Go get a hug. Depending on how well you take care of yourself it's about the closest thing to an equivalent exchange of suffering our existence offers.

Cheers.

Uh, sorry no

I am a low level Army guy (Gunner) in the 1st Cavalry. We don't use Powerbooks in the tanks because shiny/bright colors make us targets.

We actually use hardened CP/M machines running a modified version of Windows 3.1. These feature a dual Dragonball CPU setup for redundancy and use a special TRIMARK backplane for the bus. Back at command they use ENIACs with modified EMARK (ethermark) connectors tied into the DB2 back-end for managing field operations.

Re:We gotta protect you from IDEAS!

[disposable60]

I deplore those sites as much as anyone, but ugly as they are, apart from the evangelizing, they're not that terribly different from rotten.com, stileproject.com or the _Faces of Death_ videos that have been around for a couple of decades.

Mission creep is the normal tendency of agencies assigned to protect us, especially given an opportunity to dress it up in moralizing sanctimony.

We're certainly ones to talk, the way we flood the planet with games and movies about violent and bloody vengance, or just bloody violence, for entertainment's sake. Or is it OK if it's done in order to make a buck?

Shut down the ones over which you have legitimate jurisdiction. Agitate the proper jurisdictions to shut down the others.