Slashdot Mirror
US Planning Response To a Cyber Attack
We've all heard of Google bombing; the US Government may be taking the expression rather literally. Planning is now underway across the government for the proper way to respond to a cyber attack, and options on the table include launching a cyber counterattack or even bombing the attack's source. The article makes clear that no settled plan is in place, and quotes one spokesman as saying "the preferred route would be warning the source to shut down the attack before a military response." That's assuming the source could be found. From the article: "If the United States found itself under a major cyberattack aimed at undermining the nations critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
Won't work if the pipe you're trying to use is flooded with useless data, since you're not actually stopping the attack at the source and your bandwidth is limited. You've only prevent them from getting into your network, not actually stopping the DOS which is kind of the point.
> I can't wait for Bush and his Pentagon to protect us from cyberwar. After all, the Bush doctrine of using one attack on us to justify attacking someone who hadn't attacked us, distracting us from the original attacker, is really paying off.
Hey, current thought among the Bush administration and the neocon "thinkers" that got us in to all this, is that if you blow one war you should start another one so you can try again.
Sheesh, evil *and* a jerk. -- Jade
South Korea has a problem with banks etc. relying on Active X. North Korea has little computer use to speak of.
What you're forgetting is that WE have blackhats too. The idea isn't to stop the botnet, because we can't do that nearly as fast as 'they" can open up a new one... if we could, botnets wouldn't be a problem in the first place. I think the idea is that if a botnet/virus/whatever is used to "attack the internet" (a notion that I believe to be intentionally broad, much like "attack the country", not necesarily to justify doing whatever we want, but so that we aren't pigeonholed by a narrow definition), then we are going to "attack", with whatever force and technique seems most reasonable (ie. we don't drop bombs on the homes of bank robbers, nor do we send a couple of uniforms armed only with 9mm pistols and handcuffs to arrest government sponsored death squads) the people behind it. If that means back hacking, packet tracing, following convoluted money trails, reverse engineering, traffic analysis, or whatever else we can think of to find the person(s) responsible, then so be it.
Military action might be unlikely if the attacker is, say, a 15 year old kid writing trojans that let him simultaneously crash hundreds of major network hubs as some sort of "practical joke", because once found they would probably just arrest the kid and give him 20 years in federal "pound me in the ass" prison. If, on the other hand, the same thing were done by a team of Chinese black hats for the purpose of undermining our infrastructure in the moments before launching a surprise attack on Taiwan and the US fleet protecting it, a SWAT team is going to be in a little over their heads.
Try not to take me more seriously than I take myself.
Well, for one thing, prosecuting every single person whose computer has been infected with a trojan would pretty much bankrupt the US, and put most of your population, including all of your politicians, in Jail. Might not be such a bad thing, really...
:) I don't think there's a single computer in that whole country that isn't infected with something.
Anyway, it'd be pointless to prosecute these people is because the vast majority of compromised machines aren't even IN any western nation. Every script kiddie knows that if you really want a bot-net, you scan Asian IP's. When I was 15 I had 2,400 Korean computers running seti@home