Slashdot Mirror
US Planning Response To a Cyber Attack
We've all heard of Google bombing; the US Government may be taking the expression rather literally. Planning is now underway across the government for the proper way to respond to a cyber attack, and options on the table include launching a cyber counterattack or even bombing the attack's source. The article makes clear that no settled plan is in place, and quotes one spokesman as saying "the preferred route would be warning the source to shut down the attack before a military response." That's assuming the source could be found. From the article: "If the United States found itself under a major cyberattack aimed at undermining the nations critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
I didn't want those zombied servers anyway.
Sheesh, evil *and* a jerk. -- Jade
I wonder what their response would be to the attack of a botnet. Carpet bombing, maybe?
That's an option that the Feds have that the average whitehat doesn't: calling in airstrikes against the DOSer.
There's a lot wrong with this. Off the top of my head...
Any sustained attack on network infrastructure, on the scale that they're talking about, is almost certainly going to be a distributed attack. Botnets have no patriotic allegiance, their locality is a function of machine vulnerability (eg: N. Korea's dependence on Active-X), not politics.
If I'm crafting an attack, I don't have to even tell the truth about my IP address, TCP allows the sender to specify a (fake) IP address. Obviously I won't get any replies, but I don't care if I'm simply out to cause damage
Geolocation of IP addresses is pretty much a black art as well - there's far too much variability by IP address to try and localise to the precision needed for bombing the source. My hostip.infowebsite only attempted to locate to the
Not to mention that it's a pretty big precedent to set... At least they're talking about talking, before bombing; the problem is that if you make a threat to bomb someone, you have to be prepared to carry it out. Countries can't afford to be seen to be bluffing when it comes to things like this, the impact on future negotiations is too high.
Simon.
Physicists get Hadrons!
Another act of war without a vote by our cowardly Congress. If Jefferson were here he'd have to vomit.
what if the source was on U.S. soil in a major city?
We've all heard of Google bombing; the US Government may be taking the expression rather literally.
And it has as much to do with an actual bomb as an Aqua Teen Hunger Force advertisement.
Push Button, Receive Bacon
So if we can spoof enough IP's we can get the USA to bomb any country of our choosing.... interesting.
The best test environment is production. - Me
chrome://browser/content/browser.xul
Now you can call in U.S. airstrikes against anyone you don't like by zombifying their computers. Hell of a lot more fun than DOS'ing IRC channels.
iptables -I FORWARD -s -j DROP
iptables -I INPUT -s -j DROP
Replace with favorite firewall appropriate commands.
MUCH quicker, cheaper, and probably more effective than trying to blow up the source.
XML is like violence. If it doesn't solve the problem, use more.
Well, this has some great potential for denial of service attacks by forging the source of a cyber attack.
... Pledge support to the U.S. government in support of the war on terror, ushering in a new era of legalized DDoS in the name of Freedom!
I always knew the day would come when I could be an e-privateer, sanctioned by the U.S. government!
w4 c0rps pledges utmost support and 200,000 bots -- irc.gamesurge.net #w4r
All that matters is what their intelligence tells them. If the intelligence points to North Korea being responsible for the attack, regardless of where the actual attacking machines are, then they'll get bombed. The bombing isn't meant to stop the attack directly, but rather indirectly. If the blackhats are doing it for money, and they money source is cut-off, do you really think they're going to keep at it?
At first I thought the US government might be using it's PageRank power to make terms like "nuclear threat" bring up URL's like iran.gov (or whatever their whitehouse.gov correlary might be). In fact it was just a weak attempt to use the word bombing twice and mislead.
Instead, the US is just aknowledging that attacks on it's internet infrastructure can be responded to just like physical attacks.... by military attack.
Is anyone suprised that if one place was pinpointed as the source of the attack on any countries infrastructure it might be a target? I'm not. The net is more important than some buildings at this point.
The only thing I'm suprised is to expect any attack to be from one place... I'd expect it to be distributed. But thats ok, we have bombs for that too. ouch.
There's nothing Intelligent about Intelligent Design.
I can't wait tilll some 13 yeare old makes us bomb a charity site in the ukraine.
You think this is a bad thing?
It all goes to hasten the secession of the northern states from the inbread war mongering oil states.
I know the USA has at least as many stupid computer users as the rest of the world - what happens when an all-USA botnet starts attacking our own infrastructure?
Uhh... woudln't just be easier to bomb the source. It's not like we don't know where Micro$ofts head quarters are.
The real Sig captains the Northwestern. This one captains
I can't wait for Bush and his Pentagon to protect us from cyberwar. After all, the Bush doctrine of using one attack on us to justify attacking someone who hadn't attacked us, distracting us from the original attacker, is really paying off.
Besides, with cyberattacks on both US government and civilian targets raging for years without either the FBI or military doing anything effective to protect us, they're bound to show nothing but improvement, right?
--
make install -not war
They hate our freedoms.net!
...and how does it boost the weapons production portion of GNP?
Bombs solve all problems, and require very little forethought to use. Everyone is impressed by large explosions...virtually nobody is impressed by iptables rules.
I would rather see cyber counter attacks. Yes, a lot of the targets would be innocent bots, but the counter attack could be as simple as taking them off line. If you remove enough bots, the attackers either have to give up, or begin to use bots closer to their own computers, until eventually they would have to use their own computers. Taking that many computers off line through cyber attacks is not something to be undertaken lightly, but if the incoming attack is sufficient to have a significant negative impact on infrastructure, then its probably justified. And maybe, if we start having massive cyber battles that this seems to imply, maybe Joe Public will stop clicking install this now banner ads and allowing his computer to become a bot. But probably not.
http://bgcommonsense.blogspot.com
Please cease and desist linking to site xxx.mil ( reacted ) or whitehouse.gov or else we will bomb you.
Signed G.W. Bush.
General, the bombers are ready to go and the cruise missiles are fully fueled. And our intel group has pinpointed the source of the attack. It's coming from 127.0.0.1 .
Spoof the attack from an ip block that originates at the pentagon; government bombs the 'source' of the attack. Buh-bye pentagon. The people rejoice.
The dribbling idiot DumBya is going to put a cruise missle up the ass of these scumbags that pound my email accounts with penny stock crap and ads for penis pills!
Yay! About time!
No, North Korea won't get bombed. They have got nuclear weapons, but they haven't got any oil.
You can be quite sure, even now before the attack has started, that the intelligence will point to Iran being responsible. In fact, it is most likely that Iran will be have to be bombed before the cyber attack starts, in order to preempt it
.... well you can kiss Redmond, WA goodbye ;)
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
I think we may have learned not to trust the "intelligence" coming out of this administration (well, at least the selective kind a certain person in the White House has deemed as a reasonable basis for attacking a sovereign country). If what you are saying is the correct response, it damn well is going to be easy to get one country to bomb another country inadvertently by faking the "indirect" source of a network slowdown. This is all dumb anyways - the Internet is designed to be robust. And it is just a network. If some "rogue" nation or group of individuals comes up with a way to make a serious impact on the Internet, the solution is technical not funding Halliburton.
...the network fights back? Huh? D'ye ever think of that? And then it'll launch all the old ICBMs, oh yes, and then androids will stalk the smoking ruins hunting down and shooting the last holdout remnants of the Republican Party.
Everything I needed to know about life, I learnt from Blake's Seven
I think that we're all reading too much into this. The article is basically saying that if somebody is going to attack the US in a way that would be damaging to the country that US is prepared to retaliate...by any means necessary.
I'm not sure if I agree with everything in the article but it is the Government's job to protect this country and there are a lot of businesses and people that demand on the internet. If some outside source could mess with this it would be devastating to the economy and the country...
Do you remember the game "America's Army"? http://ve3d.ign.com/articles/579/579289p1.html In the early 1940's, Japan learned an important lesson - "let the sleeping giant lie."
If OP doesn't get mod-ed (+5 Funny), then there is no hope for /.
I say we nuke the site from orbit.
It's got a whole new meaning now, don't it?
Actually it really has, because there hasn't been a successful terrorist attack on US soil since 9/11.
By taking the fight to the enemy, and being proactive, Bush has done a good job of protecting Americans.
What are they spending the billions on? I see why libertarian propaganda is so common in the US.
More targets.
Read the EFF's Fair Use FAQ
... Internet Exploder... Click that link and you and your entire fraking town are history.
Both the RIAA and the MPAA manage to insert sufficient language into some unrelated bill (ala what they tried with the Patriot Act) that authorizes preemptive strikes against p2p networks, saying that they could serve as massive distributed attack vectors against our nation's cyber-infrastructure.
Flip forward a few weeks. I wake up on a typical Sunday like today and start up Azureus. Within a couple of minutes, a tomahawk cruise missile is launched from a regional military installation.
The upside of my imminent demise is my last minutes will be spent mellowly and obliviously perusing mininova, seeing if anyone uploaded a torrent for that one episode of The Daily Show I missed last Thursday.
If only I had stayed up past 10PM that night, I would never have brought this on myself.
When you're a country with a hammer, everything looks like a snowglobe, eh?
you had me at #!
Is it just me, or does anyone think that using a cyber attack as a basis for physical retaliation would make it too easy to fake justifying evidence? Electronic evidences are easy to fabricate and hard to disprove.
If US can produce gigabytes of logs "proving" that someone in another country is attacking their computers, would that give them the right to physical military actions, in the lack of other form of evidences?
(sarcasm) The USA has a very good intelligence service, they will for sure find the correct location of the attackers, look how good they were to locate WMD recently!
Well some of the world thinks your a crazed bunch of war mongers, but this story, erm, never mind...
What do you bet we'll get stories about Cyber attacks from Iran. This sounds like a war machine trying to make another war, since the last ones not going so well.
NY Times - U.S. Presents Evidence of Iranian Weapons in Iraq
The article does mention that the claims about Iran "[are] bound to generate skepticism among those suspicious that the Bush administration is trying to find a scapegoat for its problems in Iraq and, some political analysts and White House critics believe, is looking for an excuse to attack Iran." Beyond that, it appears to be the same sort of echoing of administration propaganda (conveyed by unnamed intelligence officials) that we saw in the run-up to the invasion of Iraq.
What's the ugliest part of your body? Some say your nose, some say your toes, but I think it's your mind. -Zappa
I call bullshit.
If they're confident in having a cyber counterattack, there would be no need to worry about anything that would warrent a counterattack.
They have nothing, it's a bluff.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
It sounds like something from a William Gibson novel. Only difference is our government isn't a corporation.
How about they actually work on a plan to prevent ACTUAL attacks from HARMING US CITIZENS AND SOLDIERS?
You know, seeing as that's what the present danger to the nation actually is?
It's all well and good to think of ways we could possibly be attacked while our people aren't dying every day, but right now, these people should be hung as traitors for wasting time and taxpayer dollars doing anything OTHER than finding the best possible way to protect our soldiers abroad, and our people at home.
It's been a long time.
If I wanted to launch an attack, the most effective type would be a Denial of Service type attack against critical infrastructure targets. These are the hardest types of attacks to guard against given the attack is not about compromising the target, just rendering it useless for others. There are some steps that make sense (recgonizing a DoS attack and instantly reconfiguring the firewall to drop all packets form the attacker), but a large scale attack from multiple roaming sources might be impossible to mitigate in a timely manner. Also - most defenses like the one above are based on the assumption you know where the packets are coming from. Most DoS attacks masquerade their true IP addresses and spoof others so it might be able to trick the defense into actually taking malicious action against a legitimate source. I also worry about some of the web service extensions currently under development in various standards bodies. Using certain flags like the Web Services Reliable Messaging Nacks (basically stating that they explicitly did not receive a message the endpoint was expecting), a smart attacker could trick a huge number of WS-RX endpoints into sending back messages to a single IP address. This smurf style DoS attack could be orchestrated by using smaller SME's with less than mature IT systems to attack larger targets without even compromising a single SME machine. Given the WS push to get businesses to adopt, I find this a bit worrying. I've raised this as an issue in the past.
"Question everything, including this!" - http://technoracle.blogspot.com/
I mean, not every end user chooses to be infected, and it's not like it's easy to get a machine secured whilst online before it gets infected. I'm not quite sure that a warhead on the house is the best way to deal with a part of a botnet.
If you really want to take about liability you'll have to start with a company that sells you a car without brakes, thus creating a huge market for brakes, and is now starting to supply the brakes themselves. Whilst still leaving them out of the original car.
Replace car with "Windows" and brakes with "decent security" and all of a sudden they're wonderful and creating shareholder value and carry no liability for their actions whatsoever whilst charging to the hilt for the privilege. Maybe taking decent action against them may help - it's going to be cheaper than bombs unless some White House friends are in need of tax funds again and need some rebuilding projects to camouflage the handouts.
Yes, I'm a cynic. Live with it.
Insert
And I bet the source of the attack will be Iran. Nice strategy.
Or spell commander correctly.
Who do we bomb if the attack is coming from a botnet in our own US of A?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
so you are telling me they may bomb an airport with thousands of innocent
because of one bad guy using the public wifi network?
creates a new meaning for wifi hotspot
> ...an actual bombing of an attack source.
Wouldn't it be less messy to simply call out the Washington National Guard?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Work with ISPs in the US, Canada and Europe to take zombied computers offline. They'll get a letter or phone call telling them that their computer was part of a zombie network that was attacking DHS or whoever, and that they wont be allowed back online until their computer is cleaned. Most people only have one choice for broadband (DSL or Cable), and they'll have to go back to dialup (where they wont be much of a threat in terms of dDOS) if they dont get their act together.
Its like when a cop pulls you over for having an unsafe vehicle, its about time that ISPs start patrolling their userbase and send letters/call their users to notify them of their infection.
The Doormat
If you're not outraged, then you're not paying attention.
Yeah, I know, I saw it on television tonight...
This is called 'Skynet', and only a hacker called 'John Connor' can stop it
If the Feds launch a B52, then I think a tin foil hat ain't gonna help. Even an asbestos suit won't help much.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
...undermining the nations critical information infrastructure
NO!!! NOT CABLE TV!!!! *cries*
Instead of dropping nukes, drop free, registered copies of Windows Vista. The problem will take care of itself.
When you want to bomb a country (which, accidentally, has lots of oil for example) you don't need to rely on bogus reports of secret stashes of WMDs, satellite photos of firetrucks described as mobile bioweapon labs and all that stuff that becomes embarrassing later. You simply claim that there was a cyber attack and fire the nukes. The traffic logs of the target country are dispersed as ionised vapour, the logs on your side are whatever files you can put on your drive and nobody in between keeps track of every TCP packet getting through. You can say whatever you want - it's your word against a plasma cloud and a big lake of molten earth. Even if you miss the target and bomb some other place (Budapest, Bucharest, Iraq, Iran, Geneva, Genova, Delhi, Dili, who knows the difference, them terrorists speak funny all the time and they are everywhere anyway), it's just a question of running a 's/old_ip/new_ip/' over your "log" files.
Ingenious!
I know acronyms, but it should be expressed with government terms ... [CARMAD, CARMAT ...] I am sure there will eventually be more
...
Cyber Attack Response Mutually Assured (CARMA) Destruction/Terror/
than one cute acronym for US.
Oh, I strongly believe it is About Fucking Time (AFT) that China,
North Korea, Russia, France, Iran, Ireland, Austrailia, Japan
others understand we are prepared and deadly serious about making money
for the wealthy and will totally fuckup friends and foes alike for
any virtual attack on US.
DAMN, I mean, everyone has (or is getting) nuclear weapons it ain't
like we can scare other nations/politicians/dictators/... with MAD or
anything less-than a strong CARMA-D/T/whatever defensive response.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
I doubt the actual message would be grammatically correct. Maybe the hypothetical Bush grammatical incorrectness combined with the Slashdot grammatical incorrectness and they cancelled out, conjugating all verbs properly. At least he mispelled 'redacted'.
Reid
The Right Reverend K. Reid Wightman,
But I don't see how useful that is, since modern botnets have a distributed command and control structure. They no longer need to be run from an IRC channel.
And even if they nuked whoever is running the botnet, the botnet's attack won't stop until they figure out how to break the encryption* & issue a shut down command.
* http://lists.sans.org/pipermail/unisog/2006-April
[Fuck Beta]
o0t!
"...or an actual bombing of an attack source."
Anyone else find this oddly disturbing?
Forget pushing towards advancements in security, why not just tackle this problem like we do all the other, ya know, "real" ones. Where our citizen's lives are in actual mortal danger.
What's next? Blowing up a European town for anti-American graffiti?
Whatever happened to an eye for an eye? Though, I'm personally the type of individual that finds this "payback" part of human nature to be self-destructive, but someone pulls a hair from your head, and you turn around and shoot them in the face? Brute force is technology's retarded half brother, and shouldn't fight tech's battles.
The U.S. State department issued a formal letter of apology to her family and a Department of Homeland security spokesman said, "This unfortunate incident just serves as a reminder to all terrorist's, We don't care how many poor old people we have to blow up in pursuit of you, so knock it off already."
It's only paranoia if your wrong...
only america would talk about bombing runs on compromised computers, killing innocent people. no wonder your the most hated nation in the world.
The only thing I'm suprised is to expect any attack to be from one place... I'd expect it to be distributed.
Any single attack will be from one place/person/country. They/he may use distributed means to do it, but it will originate in one place. Spam, for instance. Yes, it comes in via multiple paths/zombies/botnets...but any 1 specific spam originates from one dude or company. The trick is finding that one dude. And that's what the DoD is trying to do.
1,At first, get an second-handed NoteBook from eBay
2,Pretend to be friendly to your foe, then get into where he live and do not forget set up the machine & network.
3,Back home (better not near your foe) and ssh to the machine as root
4,run "ping -f *WhiteHouse.gov" or ATTACK on some other place
5,The Tomahwak would got there very soon.
And you believe this because?
How easy do you think it is to get hold if the 'evidence" presented? No very difficult no. But, the article mentions nothing about nuclear devices.
If you mod me down, I *will* introduce you to my sister!
I must say, and someone else must have said it before... It'll be plain beautiful if U.S. start a war against blackhats... better than next-gen consoles... can't wait for it, da*n.
I think it's obvious by now that this administration will start a war with iran before bush leaves the white house. The the only people who can do something about this is the US population but we don't seem to give a flying fuck because idol is on and Anna just died and we are dying to know who is going to raise the kid.
evil is as evil does
Well yes, it sounds like a Gibson novel, but the *pertinent* difference is that if your governement were a corporation, they'd be a damn sight more accurate at pinpointing and destroying any relevant threats, and they definitely wouldn't be in anywhere near as much debt as they currently are. Plus, they'd use railguns, instead of nukes.
http://xkcd.com/313/
Dunno bout bombs, but in the spirit of going too far, I could always drop an atomic bum.
I'm curious what the preemptive strategy would be?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
you can be sure Bush will attack the wrong country.
Soldier: General, Sir! We have an incoming attack, which has been traced back to the address 127.0.0.1!
(General calls the president)
General: Commander in Chief, I require your authorization for launching a DOS attack on 127.0.0.1 immediately. We are detecting a massive packet bombing originating from that address!
President: Do you even need to ask? Ping the hell out of those bastards!
(General confidently hangs up the phone and, from the comfort of his armchair, pushes the "DOS attack order" button)
Soldier: Sir, the power of the attack has increased tenfold in the last few minutes!
(General presses the redial button on his telephone)
General: Sir, the attack is increasing. We have positive confirmation of the the attacker's geographical coordinates! Requesting permission for an airstrike.
President: Sure, and please use those shiny new bombers we bought last week!
(General immediately presses "Airstrike" button)
General: Orders tak$#"#"!F%!%#"$"#4A$"#$"# NO CARRIER
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
| In the event of a massive cyberattack against the country
| that was perceived as originating from a foreign source,
| the United States would consider launching a counterattack
| or bombing the source of the cyberattack
so if i was a bad guy in country Y, and i wanted to launch a military strike
on country X -- all i would have to do is setup a botnet with a source of
control in country X, and the USA would do its damage for me... yikes!!
2cents
Ensure you make your attack from a country you'd like the US to bomb. Alternatively there's the following "won't bomb" list: China (PRC),France, India, Israel, Pakistan, Russian Federation, UK.
Yes, at last!
One line blog. I hear that they're called Twitters now.
It took me about 8 attempts loading this page, fighting this error:
/.!
"503 Service Unavailable
The service is not available. Please try again later."
I was paranoid they got
Is anyone really surprised that Iran would get involved in events taking place on their border, by a hostile nation's army, and involving a sympathetic cultural group (Shiites)? Last time there was a war on their Iraq border they lost about 1/2 million people. If someone else was occupying Canada I doubt we'd sit back either.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
So in the event of another worm causing a DDoS, like say, SQL Slammer (author has never been identified), which reached it's peak of infections in about quarter of an hour (75 000 hosts, fairly evenly distributed worldwide), what exactly would you bomb? Would you even have time? The fix must surely be, to run only essential services by default, to patch as soon as possible once vulnerabilities are found, running varied implementations of standards-compliant software, user education, and strangulation of malware authors with a garrotte.
Where do I sign up for this war?
Your sig(k) has been stolen. There is a puff of smoke!
"We in the United States are a simple people. But piss us off and we'll bomb your cities."
The truth is an offense, but not a sin.------R. N. Marley
I put on my robe and wizard hat.
What worries me most is their ability to actually work out the source of the attacks, rather than the machines the attack happens to be comming from.
Although I guess nuking the machines off the face of the planet is one way of stopping them. I have to admit there have been times I wish I could do it.
Yeah, I had a sig once; I got bored of it.
hmmm, after the last attack, they collected fingernail clippers from passengers on airplanes and people who entered government buildings, national monuments...
;-) Then, 5 years later they'll figure out it isn't a good idea to be running Microsoft Windows on all their computers. Just a guess.
A cyber attack you say? They'll probably start collecting USB thumbdrives from people entering those same structures and probably add Starbucks and cyber-cafes to the list.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
xxx.mil? Whoo-Hoo! That sounds like one military site I want to make sure I visit!
Since it was the US probing its own networks from south Korea I guess well have to bomb ourselves.
There is no problem in the world that can't be solved with a sufficient number of bombs, right?
Over the last 4 years, the DOD has moved a number of systems to Windows and the Navy is a HEAVY user of windows. As more systems move to Windows, I would say that the average *hat has an increasing chance of calling in airstrike.
Cluster bombs?
So what's your excuse?
A "cluster bomb" obviously.
Reminds me of Pandora's Star. He went into some interesting descriptions of DoS and brute force attacks as part of the action. In many cases though, the people with money, or the Sentient Intelligence machine, far outclassed government or citizen systems.
What was kind-of creepy is the speed and agility that a machine would have in dismantling cyber security constructed by apes. Also people with implanted circuitry could be messed with if their hardware was downlevel.
Pretty unrelated, but still totally awesome.
Vlad. Putin's just hit the nail smack on the head!
... can be knocked out with a few badly-used but well-placed microwaves. Gimme a fucking break about bombing. Hardly anything is hard against radiation damage on terrestrial ground.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Wasn't the Internet designed to work around nuclear destruction?
Right, but what we get now, are botnets that work around nuclear distruction!
Zhrodague.net - I do projects and stuff too.
Federal prisons are generally fucking cakewalks compared to state/city prisons. Get your ass put in for 50 weeks of regimented inmate discipline and talk to me after you come back, buddy.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The stealth bombers are scrambled, they're given the final coordinates to program into their smart bombs... then one of the navigators calls back, "Wait a minute guys, isn't that the White House?" Needlessly plagarized from that famous movie quote, "the call is coming from inside the house."
You know what? If DOD, or any government agency, is depending on internet for any mission critical activities, then it's being run by a bunch of morons who need to be replaced anyway.
1 in 4 Maine children in struggle with hunger.
"If the United States found itself under a major cyberattack aimed at undermining the nations critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
Don't e-mail spammers qualify under that vague definition?
(I hope beyond hope that the answer is "yes".)
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
That would make the GBU-43/B the mother of all DoS!
This is even worse than the war on Iraq, which we're still waiting for the US gov to provide the evidence of WMD -- the reason why the war started...
Will evidence be provided (forged?) when there's an attack by a Botnet? Or a "response" will be launched immediately?
Mod points are a dangerous tool. Abuse them wisely.
I seem to recall that North Korea likes to put vital facilities underneath mountains, making them hard to bomb.
Idiots. Goodluck bombing all the 10,000 locations from where the attack is originating. Actually with this current regime you never know....
I predict that the so-called "attack" they're discussing will occur before Dubya's term is up. I predict that they will identify Iran as the source. Further, Iran will deny it (of course), and thus, refuse to do anything to stop it. Of course, this leaves the US with only one option. Does anyone smell another 9/11 in the making, or is my imagination just running in overdrive?
THE SOURCE! That is a powerful statement.
A few JDAM's from 50,000 feet would scare anyone with a brain. I like it!
I think it is a little backwards saying this administration is trying to start a war with Iran? I mean Iran has been tryingto egg a war on for quite a while now. So if anything this administration is looking for reasons to gain support on taking them up on it. And BTW, Iran's president is the one who is doing it, but he is being held back by the "ruler" of iran. My mind just drew a blank on his name or postion but the president position in Iran or more or less a figurehead position like the queen of england. Except he has more power. But in no way is it simular to the american president position.
lol.. yep, and durring that last time Iran was trying to take over Iraq. So no it doesn't surprise me at all that they are attempting to make sure we fail so they can walkin and take over. You have a good point there. But i don't see were canda fits in.
1. Install Windows XP (or whatever M$ product), get infected by a virus
2. Your computer attacks some critical US target, and the US military bombs you and your computer out of existence
3. Profit!!! [*]
([*] from life insurance)
I am not sure what is the dumbest thing in the world. But whatever the dumbest thing is, it is closely followed by the idea of battling network infrastructure overload and poor computer security with bombs.
Unless they are going to bomb Redmond, where the problem originated. Then it would be awesome.
Contrary to the popular belief, there indeed is no God.
Yeah.... this is pretty much the epitome of American policy makers watching too many retarded hacker-movies. They think that as they're being hacked, some guy is going to be sitting in a warehouse - typing his ass off, for 20 minutes to 3 days straight - all the while connected to their server and going deeper and deeper into the dark recesses of the Gibson.
That's... pretty much the only way you could 'bomb' them or... notify them of an imminent bombing. Somebody really should consult common sense before they make these ridiculous and embarrassing 'announcements'.
---
ridiculous and embarrassing
Ace
Yep. And it should be unsurprising that the US treats the internet like it does aircraft, ships, other infrastructure, and the persons of its citizens - threaten them and you risk retribution.
And before the tinfoil hat brigade starts it's anti-Bush rants, I should point out that these explicit policies go back at least as far as Teddy Roosevelt - and the roots go all the way back to the Barbary Pirates in the early 19th century.[1] (And cyberwarfare work goes back the start of the dot-com era - back in the Clinton administration.)
[1] Thats what "the shores of Tripoli" refers to in the Marine Corps Anthem.
Given most hacking these days involves botnets etc to hide the point of origin any attempt to 'map' the source of the attack is likely to show every country with anything more than a piece of wet string as a potential source of the attack - should make for an interesting target review:
Airforce General: Where is the target Mr President?
President: The world
AG: What?
P: You heard me. Target the world now.
AG: Yes Sir
P: And don't forget Canada or California
AG: Yes Sir
Thirty minutes later.... bang.
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
So... scan around .mil networks for wide open PC Anywhere machines with default passwords, compromise those machines and launch a cyber attack from them.
Watch as the US Military nukes itself?
The Feds need to look seriously not, just at who is attacking but why. I surmise that there has been a serious slippage in support for the United States in the last decade. This issue is at the core of the problem and, if addressed, might go a long way to alleviating both terrorism and cybercrime. On the other hand, I'm not naive enough to think that uneducated assholes won't try to compromise or cause damage to major servers for sleazy, so-called 'idealogical reasons.
*** Don't be dull.***
If the US Government were smart, I know I am stretching it... they would follow China's suit. Create a damned firewall. I am all for helping building the Border Wall, sign me up. I'll even donate some cement. Unfortunately you're so afraid of everything you'll end up blowing up your own country. Fortunately the wall will keep it contained. You are the US what do you have to be afraid of... panic zealots
Slashdot is on.
windows firewall is fine. it doesn't monitor outgoing traffic, but you don't need this. various third party firewall all bring their own bugs and foibles to the party...
When all you have is a hammer, every problem looks like a nail ;-)
Ever wondered whats wrong with the world? http://www.ishmael.org/
I think it's your imagination running in overdrive.
If you've been reading the papers recently, US military sources have identified explosives and parts of exploded IED's as having their origin in Iran. That is a much better reason for going after Iran, and one that is easier to prove and garner International support for than what you propose.
And what do you mean by "Does anyone smell another 9/11 in the making..."? 9/11 was planned, instigated and carried out by forces commanded by Bin Laden, not the US. You may have been referring to the invasion of Iraq, which was planned and carried out by US forces...
"Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
The US today carried out a lightning assault against the invaders with IP address 127.0.0.1. There were no survivors.
"I could write a program to automate the network analysis and bombing command sequence". Humanity ends the next time Brittney forgets her panties.
Unless the .gov has the ability to black hole routes it seems like a complicated task. Let's presume the attacker has a Windows zombie network, which could easily be slowed to a crawl by simply using packet generators setting non-default IP options. Sending a few thousand per second is very doable on any moderately speedy machine, however someone having a bot army of tens of thousands present a problem, which simply is to large to quickly resolve.
One thing that would work is to have interfaces into all backbone providers (US maybe north America) that would allow blocking/shunning at the source of the attacks. It is much easier to code automatic shunning on events (with human oversight) versus acting on each source address manually.
When the only tool you have is a hammer, every problem looks like a nail
Sorry guys, but for example I have a 62 year old aunt, and if I wasn't her nephew, she would probably have a dell running windows xp compromised to hell and back and still thing she was running fine. She didn't even want a PC but her work made her get one as they now do all communication over e-mail. Normal users especially the older population are easily tricked by simple pop-ups and don't even realize it, but who goes after those companies?
For the record my aunt and uncle have become rather proficient with their PC use and are running Ubuntu 6.10, so yes a person can be taught, but did their business offer any kind of training? Nope, I had to do it, and if I didn't and they had gone the "normal" route, then odds are good, there would be one more machine propagating worms across the net.
A primary group must responsible for analyzing the need for any cyber counterstrike
Moderation -1
100% Flamebait
Anonymous Coward calls me a douchebag, and my reply is "Flamebait". No wonder these retarded fascists are getting their asses kicked in every war they start in America's name.
--
make install -not war
This is a real online games
Step 1: Pull the plug on some mayor back bones
Step 2: State in public that this attack was perpetrated by some evil dictator formerly sponsored by CIA
Step 3: Nuke that country
Step 3b:
Step 4: Profit!
"durring that last time Iran was trying to take over Iraq"
Did you read the link? "The war began when Iraq invaded Iran on 22 September 1980..."
The Canada reference was just to make up an analogious situation.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
Converting your neighbors to Mac or Linux users just became a whole lot more important.
- Roach
I dont understand....we have the people with the intelligence to set up a damn good defensive wall. On top of that we have the people who know how to make seekers. You have an un-named asian country that look for kids with a natural gift for computers and training them to be hackers. The families get compensation for letting there kids go with them. This is dangerous, and something needs to be done to increase our defenses on-line. The entire world uses the internet that was created and maintained in the US. There should be an entire devision in the government that makes sure it stays safe. The UN has already in the past asked the US to turn control of the internet over to them, the answer was "No." and I agree with that. But what this artical is talking about is dropping a real bomb on the " target". What if its a Zombie computer? and we just blew up an entire building in ohhhh i dont know maybe south Korea? This is a flawed Idea. online attacks need to be meet with online attacks or an internationl team of Cyber cops that have the ability to go in to most countries to investigate leads. Not dropping live explosive devices on the place. Again I state we have the ability to do something about this online. Most laptops come with cams installed right? a program that can access the cams take snap shots following the line or retreat of the said "hacker".( such a garish term) or how about the people who are network savvy join together to protect what is ours? a civilian group comprised of on-line net savvy individuals working as a group to Thwart these attacks. there is no law against that! But a explosive device for something like this is not going to work. Its to easy to ghost and spoof, too many variables come into play then. innocent people will get physically hurt. One last thing...they are not bots they are peoples computers! Just call them what they are because they are talking about a physical reaction to a cyber cause * these are just my initial thoughts.*
I was wondering how far down I'd have to go to find a post from some slug turning this into a Iraq/Iran issue.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
If some outside source could mess with this it would be devastating to the economy and the country...
You mean even worse than the inside interests who are short sightedly and selfinterestedly devastating it? Sheesh. Donate some of your excess naïvete to The United Way...
you had me at #!
Iraq's invasion was a defensive posture. You know like Israel and now the US has done. Of course germany claimed this too when starting what became WW2 so it does have it's merrits as well as abuses.
Kuwait, was paying Iraq to defend it from Iran who it percieved as a threat also. This is also the reason we gave Iraq arms and why we defended kuwait durring the first gulf war. There is more to it then just this though.
The Iran-Iraq war was a direct result of the US pupet government being thrown out some 40 years ago and the actions of the new Iranian government. Although the article present a hoistroical point of view, It doesn't present enough to know what the hell was really going on.
On the other hand, it appears you're not really all that interested in discussing anything in a civil manner yourself. Here's a hint: throwing around loaded terms like "fascists" isn't a way to have an intelligent debate. Also, calling people "retarded" is just bad form.
I look forward to you expressing your opinion in a more intelligent manner. Can you do it? I'll be waiting.
We will not agree on what happened on 9/11 until there is a full, completely objective and impartial investigation into *everything* that occurred on that horrid day. Too bad that can't happen - most of the evidence was conveniently destroyed, and there are way too many very serious questions that will (probably) never be answered (truthfully). It is our *patriotic duty* to question what happened (relentlessly if necessary).
Now you understand why I feel the way I do about Iran.
Sorry, if you are intimating that the US had ANYTHING to do with the destruction of the Twin Towers, you've been drinking too much of somebody's Kool-aid. I don't doubt that parts of the US intelligence community probably had information that could have stopped the attacks, but as an employee of the government for over 30 years, you'll have a damn hard time convincing me that anybody drawing a paycheck from Uncle Sam was in any way deliberately involved in that, or deliberately let it happen.
I'm as much a patriot as the next guy but you'll never convince me of that.
"Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
Your 30 years of government employment does nothing to reduce or change the suspicious nature of what happened. It hasn't done anything to answer any of the lingering (and very serious) questions about what actually happened, nor has it done anything to return all of the evidence that was (rather conveniently) destroyed.
My thirty years makes me much more knowledgeable about government employees and what they are likely to be involved in than you are.
I think you're engaging in partisan political bickering with these allegations, which will never be proved because there isn't anything to them. As I said, any allegation that attempts to show an employee of the US Government to have been knowingly engaged in the 9/11 attacks on the Twin Towers is pure, unadulterated bullshit.
You can question the motives, actions and competence of the Bush Administration itself all you wish, but you'll never convince me that any career government employee had anything to do with it.
"Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein