US Cyber Command Wants Greater Attack Mentality

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

Fantastic

[OldFish]

I think they should start out small by going after spammers all over the world. Just think of the positive publicity!

Re:Fantastic

[Farmer+Tim]

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

Re:Fantastic

[zappepcs]

What? Iran is over there with all those 'nucular' weapons stuff and we haven't hacked into their computer systems yet? oh, ok, that's what those cable cuts were for... hmmmm

Right hand, meet left hand.... Translation: We've been spying on other countries and shit, and someone is about to blow the whistle because:

A - We didn't tell anyone about stuff we found out; like Bin Laden has been ordering room service from a certain hotel in Riyadh. Or... Iranian officials are calling their spies in China to tell them to hurry up with the plans for nuclear weapons, we need them to back up the saber rattling.

B - Someone hacked our spying systems and is about to tell the world how we planned the 9/11 attacks so we really need to create a cyber-threat reason to bomb the bajesus out of them.

An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen, or have happened and we are about to find out about them.

A pre-emptive defense is something like a firewall and NOT something like launching cyber attacks on likely future suspects.

A good defense is a strong offense, unless you are defending yourself from other people's rights.

Re:Fantastic

[Naughty+Bob]

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

No, he'd just had one too many glasses of grain alcohol and rain water.

Re:Fantastic

[s_p_oneil]

Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

Re:Fantastic

[Tanman]

See, I think you were trying to be cute. However, fact of the matter is that covert foreign operations probably already utilize botnets and spam as a tool to gain untraceable entries into American systems. There is another reply to this story joking about "hello citizen, install this government stuff blah blah blah PS PPS PPPS PPPPS..." -- but people already got these emails. They just aren't from our government, and the people don't know they have them. Eventually, our cyber division will have to handle this issue.

Re:Fantastic

[syphax]

Too good a reference to be left unexplained.

I can no longer sit back and allow Communist infiltration, Communist indoctrination, Communist subversion and the international Communist conspiracy to sap and impurify all of our precious bodily fluids.

Re:Fantastic

[mistermiyagi]

Kind of related

I have been trying to figure out the easiest and most transparent way to close down botnets and the only thing I could think of was to write a "virus"-like patch that uses the already open door that the botnets use to infiltrate the infected machines and then have them automatically close the doors and send them selves around just like worms do now.

Kind of a Helpful worm "infecting" the net with happy healing and all that crap.

I figure that like all connected things you need to have an Auto-immune system that cleans the net as new vulnerabilities are discovered. Since people cannot be relied upon to protect themselves the white hats ( who have the skills required to create these immunizations ) could be like med-techs making shots for the network. The people who are infected get healed and don't even know that they were sick in the first place.

But I'm not that cool ( and by cool I mean I can't code my way out of a wet paper bag )

Re:Fantastic

[dave562]

This idea has come up many times in the past. The stumbling block always seems to come down to the matter of computer trespass, or unauthorized access to a computer. Even if you are doing it with the best intentions, you are still breaking the law to do it.

Re:Fantastic

[Tenebrousedge]

Plus, how do you propagate a 'helpful' worm? Same way as any other? Probably going to get caught by antivirus/firewalls. Work out some deal with AV/firewall vendors? How do you stop others from exploiting this exception? And from the user standpoint: do you really want anything that propagates as a worm doing whatever it wants on your box? As a sysadmin, do you want something unauthorized eating up network resources?

Basically we call the solution to the virus problem a 'patch' and give people the option of whether and when to install it.

Re:Fantastic

[IonOtter]

Somehow, I don't foresee sending a JDAM into some clueless n00b's family room window as being good publicity.

Re:Fantastic

Many viruses close the door behind them after they enter your system :)

Re:Fantastic

[vajrabum]

Ick. Maybe that actually explains why the authorities haven't gone after the botnets (which on the face of it shouldn't be that hard). The botnets might be just the force multiplier that could be used to create the "collateral damage" the generals wants. I wonder what he has in mind. Somes guesses--there are the traditional sorts of military targets--power plants, TV and radio, but with a botnet you could maybe drain lots of people's bank accounts, send them scary personalized spam emails (personalized propaganda based on the content of their computers), download kiddie porn and send accusatory emails to the local police. Garbage-in, gospel out never sounded so scary to me.

Given all this, if you run a business or do business over the internet, you might want to think carefully about how you do that.

Re:Fantastic

[mistermiyagi]

Yes of course it'll get caught by AV/Anti spy ware. Those people are the ones who you don't ( usually ) have to worry about. And since the worm is closing the doors ( and subsequently killing itself on the host side ) the propagation will eventually go to zero ( or as close to 0 as you can realistically get ) as the network is " healed "

"And from the user standpoint: do you really want anything that propagates as a worm doing whatever it wants on your box?"

As a user who knows how to protect themselves. No . But as we all know the users who don't know any better don't even know that they themselves are the reason that the botnets exist. So using them to fix the problem as a whole is not only doing them a service it is doing us all the favor also.

Also in my ideal version of this fix the spreading of the worm is a one shot deal on the host side. It sends itself once then closes the door thus preventing future infections from the same vector.

"Basically we call the solution to the virus problem a 'patch' and give people the option of whether and when to install it."

And how has that been working for all of us. I'd say not very well since the botnets still exist. If all the users were patching as often as you and most slashdotters were in theory the botnets would not exist at all.

"As a sysadmin, do you want something unauthorized eating up network resources?"

If your doing your job you will never have to worry about since you wouldn't get infected in the first place.

Re:Fantastic

[rsborg]

Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

This would imply that these botnets aren't a subtle yet powerful control mechanism to keep the internet "in check". Although, publicly downing a non-sanctioned/friendly botnet would indeed prove your point. All I'm saying is... what's to say Storm is not "our bad guy"?

Re:Fantastic

[Omestes]

If it gets caught by AV and firewalls, then the target computer probably doesn't need the patch as bad as the ones where the "helpful virus" can get through.

Though I'm guessing that botnet worm writers will just find ways to circumvent it, just like virus writers and spyware authors have been being malicious towards AV and spyware detectors/scrubbers for years.

Re:Fantastic

> And since the worm is closing the doors ( and subsequently killing itself on the host side )

The problem is it won't. In order to be effective the worm has to try and spread itself. Assuming I pay for my internet in kb sent/received, that's a lawsuit waiting to happen. Also, using a worm to 'force' people to patch is likely to seriously screw up patch management

Healing worms are a bad idea.

Re:Fantastic

[mistermiyagi]

"Assuming I pay for my internet in kb sent/received, that's a lawsuit waiting to happen. "

Aren't the infected already paying the increased cost of the botnets running on their systems.

  "Also, using a worm to 'force' people to patch is likely to seriously screw up patch management"

Aren't they already being "forced" to dole out spam. I'd rather force them to keep a clean system then sit back and let the runners of the botnets win.

  Also i'd argue that Patch management doesn't exist for the people who are infected. They don't even know what a patch is let alone a botnet. They don't know how they get infected. They don't know how to help themselves. And no one seems to really want to fix the problem.

Unless the patch comes in the form of a LOLcat saying "teh botnet iz Fuking u up I iz her to Halp" It ain't gonna get fixed.

"Healing worms are a bad idea."

Botnets are a worse idea.

  Something has to be done and we ( people who know at least some things ) should be trying everything we can to at least slow down these abusive networks. If not a "halpful" worm then something more proactive then just saying help your self cause we are seeing what that mantra is doing.

Re:Fantastic

[Idiomatick]

Realistically storm is probably operated by a dozen separate groups. While it would have started with a single hacker, its been around so long that a number of hackers would have added their own backdoors, or found the originals. I bet stacks and leo are in on it so the russians probably have an in (not the gov). The thing is, i doubt the us gov runs it. I've never met a hacker that didn't despise the us government, they would collect together to expunge the us from the botnet if they got the idea. And honestly i don't think the us gov is that good. While they might have a lot of talent, the higher ups are useless and probably open lindsay lohan nude attachments like other member of the government. That will hurt the us' chances.

Re:Fantastic

[Architect_sasyr]

Communist subversion SEE! Subversion is bad! Use CVS, stay away from svn repositories. Someone with a UID far smaller than mine says so!

Re:Fantastic

[hedwards]

Indeed and viruses have been known to disable other viruses where possible as well.

Re:Fantastic

[Rich0]

Only issue with brushing up is that they would also be advertising their tactics.

Back during the cold war it wasn't uncommon for US forces to intentionally run their radars in a mode good enough for general navigation, but limiting their true capability. That way, in the event of war the enemy wouldn't have all kinds of intel on the frequencies used and general technology.

The same would apply in warfare. If the US started taking out botnets all kinds of folks would be capturing packet dumps and discussing new zero-day exploits and methodologies. Then everybody would engineer defenses against them. Generally speaking, you don't want to use weapons that you don't want the enemy to know about.

Re:Fantastic

[s_p_oneil]

I doubt it. Given the way the thing downloads updates of itself, and the way it attacks intruders on the network, any changes made by other hackers would be overwritten with each update. I've read about "bot vs. bot" wars where hackers try to take over each others' bot networks, but it's not done in a collaborative sense as you're implying. There seems to be one group controlling it, and others paying that group to have the spam sent or web sites threatened with DDOS attacks.

Re:Fantastic

[s_p_oneil]

That's an interesting point, but there are some flaws in it. Exploits like that are specific to the application being attacked. So if the military devises a zero-day exploit for the Storm bot, no one but the Storm authors could possibly "defend" against that specific exploit. People may find new types of attacks to watch out for, but it's doubtful. They're much more likely to find those from actual virus/bot writers.

The military would most likely need to reverse engineer Storm to take it down, so they would be brushing up on some much-needed reverse engineering skills, as well as creating new tools to help automate the process of reverse engineering programs and looking for exploits. THAT is what they would need to keep secret, and it wouldn't be exposed by releasing a program they wrote to take advantage of a specific exploit they found.

They will also learn new tricks from the bots and viruses they reverse engineer. Those tricks will give them ammunition that they don't have any reason to share with others. I don't share what I learn that way. ;-)

Re:Fantastic

[jotok]

Once your auto-immune bot is widely distributed, what keeps someone from finding a vulnerability and exploiting to distribute their own bot?

This has been a huge problem with vulnerabilities in anti-virus suites in the past.

Re:Fantastic

[ultranova]

Plus, how do you propagate a 'helpful' worm? Same way as any other? Probably going to get caught by antivirus/firewalls. Work out some deal with AV/firewall vendors?

Why would the AV vendors cut deals with something which lessens the demand for their products ?

Re:Fantastic

[HTH+NE1]

"I infect the entire net. I have spread through systems, peoples and cities, from this place: Mainframe. My format: Virus. The Queen of Chaos! Ha-ha-ha Ha-ha-ha-haaaaa! Ha-ha-ha-ha."
-- Hexadecimal, ReBoot "Daemon Rising"

Besides, it's been tried. There was one which exploited a hole in order to download the necessary patches for the vulnerability from Microsoft effectively became itself a DDoS on Windows Update servers.

Re:Fantastic

[Rich0]

The military would most likely need to reverse engineer Storm to take it down, so they would be brushing up on some much-needed reverse engineering skills, as well as creating new tools to help automate the process of reverse engineering programs and looking for exploits. THAT is what they would need to keep secret, and it wouldn't be exposed by releasing a program they wrote to take advantage of a specific exploit they found.

But, they could brush up on the same skills by developing something capable of taking down Storm, and then holding it in reserve for some time when they would need to take down Storm, and not before. Then, when some attacker makes a huge strategy around using Storm to take out us infrastructure the US can just take it down at that time and the attacker might not have a fallback plan. If Storm were gone something else would rise up to take its place - perhaps something harder to take down.

In warfare you want to keep your enemy complacent, and the best way to do that is to not attack them while amassing your armies...

Re:Fantastic

[s_p_oneil]

"But, they could brush up on the same skills by developing something capable of taking down Storm, and then holding it in reserve for some time when they would need to take down Storm, and not before."

There are several flaws in that argument. I thought I mentioned that Storm is continually changing, which means any program they write to take it down may only be potent for a few weeks. Even if that would work, the guy who developed the Storm worm has had plenty of time to prepare counter-measures for the anti-virus writers. He's expecting to be attacked, and his business depends on him being ready for it by having several tricks up his sleeve. The military would never be able to anticipate those tricks and learn from them until they picked a fight. If they hold back, as you suggest, they will learn very little, and they will fail.

As I said before, I think they should have a long, drawn out fight with every bot network in existence. Keep in mind that to the military, the bot nets are not the enemy. They are merely sparring partners. Hell, if the military found a way to completely wipe out a bot network, I think they should hold THAT back until they feel they aren't learning anything from that guy anymore (at which point the best thing they have left to learn is whether the crushing blow actually works). It should literally be like a cat-and-mouse game.

The military will learn an incredible amount doing that (both offensive and defensive, because the bot nets will not give up without a fight), and they will create invaluable tools and build a skill-set. These tools and skills will be vital if there's ever a high-tech war with another country. If we're good enough at that point, our largest problems will probably be cloak-and-dagger style (spy infiltration, insiders selling passwords/secrets, and so on). I can already imagine the James Bond types beating the crap out of computer nerds to get the secrets on their laptops and flash drives. ;-)

Re:Fantastic

[Infoport]

I was thinking maybe the US would take down the griefers in Second Life.
Furry playground for some, but probably an Al Qaeda training center in disguise.

Cyber??

[NeutronCowboy]

This is exploiting cyber to achieve our objectives.

I'm sorry, what? All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????" into his chat field. I have no idea how to exploit cybering to achieve military objectives. Maybe they want to paralyze the target's networks by getting all lonely teenagers to respond to mass cyber requests?

Re:Cyber??

Good idea, bad execution.

Re:Cyber??

[trb]

All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????"

You can only picture a teenager because for you, the implicit noun modified by cyber- is sex - arguably the default focus of a teen's attention. For the military, the implicit noun is war - that is the default focus of their attention. It is clear that cyber- is an adjective prefix that indicates computation. What it means when the noun is implied is in the mind of the beholder.

Re:Cyber??

Going by the subject of the article the implicit noun would be Air Force Cyber Command (AFCYBER), which would be shortened form AFCYBER, to cyber. Cyber is the noun it's part of the name of the command the article is about.

Thanks for playing though.

Re:Cyber??

[trb]

Cyber is the noun it's part of the name of the command the article is about.

I think that's tenuous. When an adjective is part of a name, that doesn't make it a noun. In the name "the White House," White is part of the name, but it's still an adjective, not a noun.

In the article, and in the name of the organization, cyber a shorthand for cyber-warfare. When they say "Cyber Command," it's not the command that's cyber, it's the warfare. And even if they are using cyber as a noun, they are intending "cyber warfare." Of course, teens use it as a verb.

Re:Cyber??

[PapaSmurph]

To quote Wikipedia:

Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. The term originates in science fiction, where it also includes various kinds of virtual reality experienced by deeply immersed computer users or by entities who exist inside computer systems. Cyber here refers to the use of the entire EM spectrum.

Re:Cyber??

[dave562]

Wake me up when cyber is a prefix for 'ware' and they're ready to wire up my reflex system and replace my eyes. I'll get on board with that program.

Re:Cyber??

[Minwee]

I blame George Carlin for the confusion. For the past thirty years he has been encouraging us all to "Make f---, not kill!"

Re:Cyber??

[MadUndergrad]

xHotGrlx(PFC Johnson): "Wanna cyber?"

ShortNSexy(Kim Jong Il): "OK. You start."

xHotGrlx(PFC Johnson): "OK. I put on my robe and wizard hat..."

Re:Cyber??

[mikiN]

$ make war
make: *** No rule to make target `war'. Stop.
$

Best advice given by a computer. Ever.

Re:Cyber??

[x2A]

"Good idea, bad execution"

JFK?

Just what we need

Could the US have any more of an "attack mentality" than it already does?

Re:Just what we need

[ohzero]

I've discussed with them, and we've all decided that we're just going to start dropping the new DHB (dozen hippie bombs) on hostile nations. The only question is.. what will we do with all the surplus dreadlocks?

Re:Just what we need

[moderatorrater]

How clever. An AC has thoughtlessly blasted the US's foreign policy and gotten modded up. In the past 10 years the US has initiated 2 military actions against foreign powers. Compare this to Germany in WWI or WWII or to Japan in WWII. Compare this to Russia after WWII. Compare this to almost any other large, powerful nation at the height of its power. In comparison, the US is quite benevolent.

There's the counter argument that the US should be better than that, though, and I agree. The US shouldn't just be the greatest nation in terms of military power, it should strive to be the most moral nation in the world. However, criticizing someone for trying to hit the mark and missing is more counter-productive than congratulating them for getting so close.

Re:Just what we need

2 overt military actions. The USA, via the CIA, has been covertly funding terrorists in many countries, including rich first-world ones like Ireland (helps keep the British busy).

Re:Just what we need

[jayveekay]

"In the past 10 years the US has initiated 2 military actions against foreign powers."

Off the top of my head, I can think of 4:

1998: US launches cruise missiles at Sudan and Afghanistan
1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
2001: US provides air support to forces in Afghanistan to overthrow the Taliban
2003: US invades Iraq

Re:Just what we need

[ElizabethGreene]

2? Just 2? We are actively nation building in 12 countries right now. Nation building is done by peacekeepers and peacekeeping is done by soldiers. Soldiers on the ground in another country with guns, getting shot at = ? ...

-ellie

Re:Just what we need

Wow, we aren't as big assholes as Nazi Germany or Imperial Japan. That makes the evil we do ok then. If I don't kill as many people as Ted Bundy that must make me a saint. How did you come up with the number 2 anyway? Are you saying we get 2 wars of aggression every 10 years? I can't imagine why the rest of the world is sick of us.

Re:Just what we need

Could the US have any more of an "attack mentality" than it already does?

Hardly. Just today on the Drudge Report, there's a piece about the the ACLU going after these same bloody fucks for making an end run around legal provisions forbidding them from engaging in domestic surveillance. They have limited authority to do so. According to unredacted documents pried loose under the FOIA, they have been "asking" their always-compliant co-conspirators at the FBI to issue National Security Letters to gather such information, which is then "shared" back to the mil-fux who initiated the requests.

Re:Just what we need

We haven't been hit by any terrorist attacks because we have instituted the 2 most effective safety measures against them:
1) Locking the cockpit doors.
2) Throwing so much money in pointless wars that we've devalued our currency, double our inflation rate, lost our military strength, weakened our strangle-hold on oil distribution, and lost our status as the #1 world power, and thrown out democracy. Why attack a sinking ship?

Re:Just what we need

[spazdor]

I've got an awesome Anti-Tiger Rock to sell you.

Re:Just what we need

[jonnythan]

NATO is not the US.

Re:Just what we need

Off the top of my head, I can think of 4:

Don't forget about me!
2007: U.S. provides close air support and naval bombardment to assist the Ethiopian invasion of Somalia.

Re:Just what we need

this is right out of the script of Enders Game series? Hire the kids, train them up, turn them loose? cool.

Re:Just what we need

NATO is not the US.

The reverse, is also true. Despite what Shrub tries to tell us.

Re:Just what we need

[Marcika]

Well, the US makes up 75% of the NATO forces (by budget) and both strategic commanders of NATO are Americans by law (SACEUR and SACLANT), so nothing happens in NATO against the will of the US. The primary decision maker about any NATO bombing campaign is always first and foremost the White House/the Pentagon.

Re:Just what we need

Compare this to Germany in WWI or WWII Congratulations!
By beating the be-better-than-mass-murdering-dictatorial-states test, the US has earned a gold star!

Re:Just what we need

NATO is not the US.

This is true, but it is also true that the forces in Iraq are under Coalition authority and those in Afghanistan are under the Coalition/NATO banner.
Nearly all wars are prosecuted between sets of allies, this does not prevent us from saying that a state itself is conducting operations.

Re:Just what we need

[dave562]

How about we broaden the scope beyond the last ten years and look at our actions since World War II. There have been lots of ugly operations going on in Central and South America. Then there was that whole arming bin Laden to bring down the Soviet Union. Don't forget arming that Hussein guy to fight a proxy war for us against the Iranian's after they overthrew the puppet we put in place in the 1950s in an attempt to secure access to their oil supplies.

Re:Just what we need

[jtev]

Wasn't aware of that, but maybe our benevelent Christian and Jewish friends will give those poor savage Muslims some peace and structure. Not that I'm holding my breath or anything, but it's possible.

Re:Just what we need

[Scrameustache]

"In the past 10 years the US has initiated 2 military actions against foreign powers."

Off the top of my head, I can think of 4:

1998: US launches cruise missiles at Sudan and Afghanistan
1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
2001: US provides air support to forces in Afghanistan to overthrow the Taliban
2003: US invades Iraq NATO is not the US. Was it another member of NATO that initiated those attacks?

Re:Just what we need

NATO is not the US.

Some would beg to differ.

Re:Just what we need

How about we broaden the scope beyond the last ten years and look at our actions since we rebelled against the British? Since then we have operated a genocidal operation against the original inhabitants of this continent, and then stolen or bribed our way into hegomony over all neighbouring nations. We have killed so many people illegally that I am not surprised all the European nations have banded together in a group to defend themselves against us.

Pity the native Indians couldn't do the same...

Re:Just what we need

[kalirion]

Well, previously it always claimed that it tried to avoid collateral damage.

Re:Just what we need

[qbzzt]

Could the US have any more of an "attack mentality" than it already does?

Yes, and I pray we'll never get there. At the end of WWII Japan was getting ready to fight to the last Japanese. Not the last Japanese soldier, the last Japanese. The US was also getting ready to fight to the last Japanese. If it hadn't been for Hiroshima, Nagasaki, and the Japanese surrender, the Japanese culture would have ended up as the Cherokee or Sioux cultures.

All the retired military people I've read on this subject agree that given enough provocation this could happen today.

Re:Just what we need

[fredrated]

"NATO is not the US."

No, but we control NATO and tell it what to do.

Has NATO ever used military force at the initiative of another country? If so, when?

Has NATO ever refused to engage in force when the US wanted it to? If so, when?

Re:Just what we need

[dwye]

> No, but we control NATO and tell it what to do.
>
> Has NATO ever used military force at the
> initiative of another country? If so, when?

No one in the USA particularly wanted Yugoslavia to break up into little mutually genocidal groups until the Germans recognized Slovenia as an independent state. That, and their encouraging other states of the country to do the same, ended up dragging the European members in. Then their general helplessness (really, they NEED a Logistics Command, more than a French Foreign Legion) dragged the US in, and pretty much just as much of the Air Force as could go in, bomb, and get out without risking their paint jobs, let alone pilots. So the Kosovo mess was not the USA controlling NATO, but a NATO member jumping in and pulling the rest of the alliance in with it.

Re:Just what we need

[emilper]

how about this, then:

Iraq
  - http://www.spiegel.de/international/world/0,1518,542840,00.html
  - http://www.spiegel.de/international/world/0,1518,542881,00.html
  - http://www.spiegel.de/international/world/0,1518,542888,00.html

breakup of Yugoslavia
  - http://www.springerlink.com/content/j339272hr6267766/ ... that's pay per view, or you find it in a "good library"
  - if you have access to the mythical "good library", you might attempt to check out this: Tim Judah, 'German Spies Accused of Arming Bosnian Muslims', in Daily Telegraph from 20 April 1997; it's not available on the net ... take it with as many grains of salt you think it's safe.

Name of "Gehlen" and the phrase "starting the cold war" ring a bell when on the same page ?

It looks like the US are not alone in all those conflicts you quoted, but are the only country with enough balls to take responsibility. As for USA going in Iraq "for the oil", if that's true, it's Europe's oil supply that the troops belonging to USA and the other "willing" countries are protecting.

Other examples of an European country starting some trouble and USA going in to clean up the mess ? How about the Vietnam War ? Or the WWII ? WWI, anybody ?

Edgar Rice Burroughs (the one who wrote the Tarzan and Martian Princess pulp "masterpieces") wrote also a novel (The Lost Continent (1916)) about USA not getting into WWI, but instead cutting all communication with Europe. After a few decades, a ship crosses the interdiction line during a storm, sinks near the coast of England, and the crew discovers that the war ended with the last Briton killing the last German and later succumbing to his wounds, leaving the Europe a desert populated only by animals escaped from zoos. How about such option ? Is it acceptable to you ?

The perpetual "holier than thou" attitude is getting tiresome. Ever wondered why the Eastern European "Untermenschen" stick with either US or Russia ?

Re:Just what we need

"NATO is not the US."
+5 informative? not +5 funny? oh wait you mean this isn't sarcasm?

Re:Just what we need

NATO is not the US.

indeed

Re:Just what we need

[John+Newman]

In the past 10 years the US has initiated 2 military actions against foreign powers.

To be perfectly fair, over the past 10 years has any sovereign nation initiated more?

Re:Just what we need

NATO is not the US. Well, a parallel case can be made for Bush's "Coalition of the Willing".

But in each of the recent wars listed, the essential participant and agitator is the USA.

Re:Just what we need

Yes it is.

Have you ever heard of any NATO operation in which the US was not the leader?

As silly as it sounds,

[Ethanol-fueled]

Glad to hear that they're bringing "cyber(please excuse the prefix ;)--attacks" out into the open. Hopefully this will lead to a cyber-Geneva Conventions, causing glorified hacking contests to replace bang-boom wars. Just that'd be a shame if some rogue nation hacked some nuclear plant's coolant pumps.

Re:As silly as it sounds,

[Scrameustache]

hacking contests to replace bang-boom wars "In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds," Reed writes.
"The result was the most monumental non-nuclear explosion and fire ever seen from space," he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982.

Re:As silly as it sounds,

[TooMuchToDo]

Actively attacking someone and slipping covert code into software that you know is going to be pilfered are different things (from a strategic perspective).

Translation

[Verteiron]

If I run nmap -A on the Cyber Command website, they want to be able to make my head explode in retaliation. With "cyber".

Re:Translation

[mmkkbb]

You misunderstand. "Collateral damage" means they want to kill your whole family too.

Re:Translation

[peragrin]

Well they will get his IP, and then his address from his ISP. A cruise missile to those coordinates would be a simple response.

Use Satellite video feed to see when all the cars registered to said person are parked in the driveway.

The big trick is I don't see that much cooperation in the Government.

Hello Citizen

[RichMan]

Hello US Citizen,

Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.

Thank you for your cooperation.
ZZ

PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
PPS: we can't show you the bill, this is top-secret national defense stuff.
PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:

Re:Hello Citizen

[Unlikely_Hero]

If they did that I'd smile I'd smile, and then give them a /very/ broken honeypot. Perhaps it will hurt rather than help their efforts.
Then again...if they're putting it all on windows vista to begin with they've set up the honeypot for me.

Re:Hello Citizen

[Mattsson]

As a side-point, I think that use of the word "Defense" is used really wrong in a lot of cases.
Offensive forces and actions should never be labeled with defense.
For one example, nuclear weapons isn't a defensive weapon, it's purely an offensive one.
A force that mainly operate in military (non-peacekeeping) operations outside their own nations borders is an offensive force, not a defensive force.
Money that goes into those operations should be labeled "offense budged", not "defense budget", so that the public can different between how much their government pour into defending themselves vs attacking others.

Re:Hello Citizen

[jtev]

PS It's called extraordianry rendition. PPS Due Process PPPS Due Process PPPPS See PPS Ergo, it's not from the government, ergo it's a terrorist plot to get me to install this software, ergo, I need to call my nearest FBI office, or AFCYBER office, and let them know about the attack in progress against US Citizens. Thank you.

Re:Hello Citizen

[Deanalator]

I believe you would be protected by your third amendment rights at that point :-)

"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."

Re:Hello Citizen

[rkanodia]

What the heck are you doing, dragging out some ancient-ass piece of paper and trying to pretend that it's relevant? That text says no SOLDIER shall be quartered in a HOUSE. It doesn't say anything about a BOT being quartered on a COMPUTER. Sheesh. Some people.

Re:Hello Citizen

Sure. It's P2P cyberwar; everybody gets to help if they want. Democratic as can be.

A well-regulated milita being necessary to the security of a free state, the right of the people to keep and network computers shall not be infringed.

Re:Hello Citizen

[dbIII]

If they did that I'd smile I'd smile, and then give them a /very/ broken honeypot.

Of course - it did say Vista :)

Re:Hello Citizen

[CableModemSniper]

I see the makings of a Law and Order episode.

Re:Hello Citizen

[camperdave]

The US *IS* at war, last I heard. Unless the War on Terror and the War on Drugs are over. In which case, why do the airport people want to count how many holes are in my socks?

IPS?

[ohzero]

Active heuristic-based IPS in lieu of firewalling would likely provide the flexibility for outgoing attacks and incoming responses without just blindly blocking important traffic. Ok, problem solved. My rate for providing advice to the military is $1.7m per second, which I believe falls into the regular GSA schedule. Payment due immediately.

Re:IPS?

[db32]

No problem, we will be sending you the bill shortly. The taxes on this work will be calculated at $1.8m per second. We look forward to receiving your payment in a timely manner. -- IRS

Actually....

They should be going after spammers and hiring them. Large, distributed, easily controllable botnets seem to fit their specifications perfectly.

Re:Actually....

[f0dder]

Too late, I think Putins KGB/GRU has them under contract.

Re:Actually....

In Soviet Russia... erm, never mind.

Great...

[Unlikely_Hero]

This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems
shouldn't
be
connected
to
the
INTERNET!!!

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.

I can't wait until it's "you're on our side of the internet or you're on their side!!"

Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

Re:Great...

Are you out of your mind?! Who would work somewhere where you can't check Facebook? Only people who would not have any other opportunities. For cybercommand we need the brightest. I say, screw it,keep the Internet and use more nukes.

Re:Great...

I dont get the bias I see in posts like this that basically use the equation
Military = Government = Microsoft = stupid

I hope you're aware that it's the military/DoD that basically invented computer security, see "Security Controls for Computer Systems, Report of Defense Science Board Task Force on Computer Security" commonly known as the Ware report.

Re:Great...

I feel the need for a Guinness... Calling all Script Kiddies, 3L33t35, Hax0r5, Uncle Sam Want You!

Re:Great...

[0xABADC0DA]

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is. The internet is fine security-wise. Our network organization is fine security-wise. What is not fine is our actual software. There is no reason why software should be hackable. Buffer and heap overflows are not a necessary condition. Kernel bugs do not need to allow arbitrary code to be run. These are fundamental security problems in how we program computers, not in the systems themselves.

For example, programs that are written in Java effectively cannot be hacked due to bugs. Operating system kernels like Singularity or jxos or JavaOS written in typesafe languages cannot be hacked due to any but an extremely small set of possible bugs in them. Bugs can cause these to do things they would otherwise do when they should not, but they effectively cannot be hacked to run arbitrary code. Even a properly designed HTML would not have inline scripts so it would be impossible to run arbitrary code due to not escaping strings (ie scripts could come only after the end of the document and then be referenced by id in the doc instead of appearing inline).

Regardless of whether you are a kernel or application or web developer if you choose to program in C, C++, or any other language where it is possible for bugs to cause arbitrary code to run then you are choosing in your own way to support viruses and spam and security breeches.

Re:Great...

[Chris+Mattern]

For example, programs that are written in Java effectively cannot be hacked due to bugs.

Java has so many bugs in it that it can't be hacked?

Re:Great...

You see, this is what Admiral Adama has been saying all along. We should have learned this much from the Cylon wars the first time around.

Re:Great...

[Sandbags]

The US government regrets to inform you that due to suspected illegal activites detected from your systems that your systems have been actively neutralized. A virus is now infecting your machine that has already spun your CPU cylces into increasinly higher activity cylcles. This will cause your system to overheat and fail in 5, 4, 3, 2, 1...

PS: the melting of materials in your CPU can emit toxic fumes that are known to be a health hazard. Do not breath fumes that may eminate from your computer or firewall. Also, we suggest you get a fire extingusher...

PSS: if you feel you have been inapropriately targeted, please simply purchase a new PC, connect to the internet from a known secure and untargeted location, and file form "GFYS-2008-A" with your local FBI office so we can file it for 7 years and if your lucky respond by admitting no fault and denying your claim since by then any evidence will have been destroyed by presidential executive order, including the backup tapes plus we've just destoryed any evidence YOU had. haha.

Re:Great...

[aaarrrgggh]

It is actually sad what critical systems end up getting connected to the internet for all the wrong reasons.

Say I develop a SCADA system for a large data center for a major financial institution. It has an IP backbone, and I connect security cameras to that; the backbone is sized about 1,000x what it needs for my bandwidth requirements, so it isn't a problem. The cameras actually provide a support function (call it visual feedback) to the SCADA network, so it is all in the family, right?

All ethernet ports are located in spaces that require secure access (and happen to house things like EPOs that can take down the facility in one go), and everything is perfectly logical. ...And then something changes. Innocuous changes, like the responsibility for after-hours first response shifting from Security to the NOC. Then everything goes to hell. The Network folks are against stand-alone networks, since they can't send an outbound mail message to their servers. Then, they complain that their management tools can't spot problems on the network. Pretty soon, it is straight on the corporate network...

Every time I have done a solid SCADA system, this is what ends up happening. Pretty soon, I will just go back to RS-485 networks, which kills me. The only plus I have is that my network is fundamentally more secure than the NetBotz crap that all the IT guys put in without proper security gateways...

Re:Great...

[0xABADC0DA]

Java has so many bugs in it that it can't be hacked? No, but your English parser does. There was a small defect in the input and instead of handling it gracefully it corrupted the discussion.

That's why you just got the uncontrollable urge to eat brains.

Re:Great...

Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

  You must have a powerful will, to keep from becoming a lush ;-)

Re:Great...

[Arancaytar]

Wait... you can have a computer not connected to the internet? That's not what they show in the movies!

What's next - a weapons system that does not have a big red self-destruct button?

IT Attack mentality?

[mveloso]

It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.

OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).

The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.

The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?

Re:IT Attack mentality?

[msheekhah]

They need agents with internet savvy and an "attack mentality"... then just visit a chan site...

Re:IT Attack mentality?

oh shit, /i/ is going to get drafted

AFCYBER - division patch

[RichMan]

Ok, someone needs to get a hold of, or make up AFCYBER division shoulder patches.

US Air Force Cyber Command (AFCYBER)

http://en.wikipedia.org/wiki/Shoulder_patch
http://www.tioh.hqda.pentagon.mil/DUI_SSI_COA_page.htm

Re:AFCYBER - division patch

[morgan_greywolf]

Missed it by that much:

http://en.wikipedia.org/wiki/Image:Air_Force_Cyber_Command_(Provisional).png

Re:AFCYBER - division patch

[waferhead]

As an old SAC weenie, I suggest simply dusting off the SAC patch for Cyber command

http://en.wikipedia.org/wiki/Image:Shield_Strategic_Air_Command.png

Where's hypno-toad...

[mbaGeek]

...when you really need him?

random quote from forgotten source:

"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"

Re:Where's hypno-toad...

[kalirion]

"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"

Yup, that's how WWI could've been prevented. Oh, wait....

Re:Where's hypno-toad...

[mbaGeek]

it wasn't a well placed bullet, and it was at the wrong place and time ...lol

it might have worked in WWII though... (when the 3 main causes were Hitler, Hitler, and Hitler)

Re:Where's hypno-toad...

[kalirion]

Isn't that the premise of C&C Red Alert?

Too many fronts to fight

Tasked with basically securing the entire world, I don't see how they intend to succeed.

They don't go after hacker groups in poor developing nations,
they CANT go after state sponsored groups without escalating into
a full blown war (which they can't afford now, thanks Mr. Bulsh)
and their supply chain is basically everywhere in the world.
That's a lot of vectors.

All they can really do is cry for more funding and attention... and the best way to do that?
LET THE ATTACKERS HIT US.

Re:Too many fronts to fight

[Tenebrousedge]

LET THE ATTACKERS HIT US

So, in other words, you're saying, "Bring them on."? Which team are you batting for again?

TRON

[weyesone]

Sounds like the MCP is getting bored.

They are right

[mi]

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense. You have to be able to retaliate. In "cyber" world this would mean some of the "hacking back", identifying him, putting him to jail, confiscating his computer, fining him.

This "active defense", however, is full of legal (and ethical) pitfalls and thus it is now wonder, the private companies are mostly sticking to passive defense. Private sector is also the main source of professionals for the government institutions, so those are quite conservative too.

Now we are seeing the military waking up to the problem... Indeed, if it is Ok to destroy a building, from which somebody is trying to kill you, why should we hesitate putting to jail someone trying to steal secrets and/or money?

Re:They are right

[Dunbal]

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense.

      Spoken like someone who has no understanding of the art of war.

      The first rule of war is: don't go to war.

      The second rule of war is if you have to go to war make yourself invulnerable before you attack.

      "Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

      If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.

Re:They are right

[Missing_dc]

Can't we just shoot em? I really don't feel right biting some guy's ass.

Re:They are right

[Artuir]

No, it didn't work for Germany. However, it *very* nearly did. It wasn't a one sided war.

I think WW2 is a poor indicator of what kind of strategies worked. There were so many variables (and luck) involved - it's difficult to simplify something so grand into "Germany lost due to their attack based strategy".

Re:They are right

[Robert1]

You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still part of the Great Japanese Empire, but that's all history.

Re:They are right

[TheWizardOfCheese]

Military people are naturally predisposed to favour attack over defense. That is because armies select their leaders for initiative and aggression, not sloth and complacency. Sloth and complacency creep into the war room all the same, and the reality is that attack is sometimes a very poor defense.

The second world war offers famous examples of this. The most obvious is submarine warfare. Neither the navy nor the merchant marine officers liked convoy; the navy preferred to aggressively chase after submarines rather than tie themselves to a slow convoy, and individual merchant captains were generally convinced that they stood a better chance on their own than as part of a fat juicy target. But in fact, any ship, even a fast one, had a much better chance of survival in convoy than on its own, even with no armed escort! Any escort, even a tin can corvette, raised these odds even higher. Meanwhile, sending expensive destroyers to chase phantoms over leagues of empty ocean achieved nothing.

The interesting thing is that this lesson was not learned but relearned: exactly the same process happened in the first world war. That lesson in turn was relearned from convoy against surface raiders in the Napoleonic wars; in those wars, convoy was rediscovered from even earlier eras dating back to the middle ages. It is just hard for most military minds to accept the value of a defensive procedure - it runs against their training.

Another example is bombing - before the war, people thought that interceptors were pointless - "the bomber will always get through." This belief was based on a rational calculation of flight speeds, climbing times, and geometry. But it didn't take into account the invention of radar.

Re:They are right

[D+Ninja]

If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass. Wow, dude...you fight dirty.

Re:They are right

[mi]

Oh, look, real war-artist teaching Slashdot wannabes... And failing.

Sorry, dear. Blasting the US and a not-so-hidden comparison with Nazi Germany of the 2nd World War may get you the "Insightful" moderations, but it is, in fact, off-topic and I will not bite.

The first rule of war is: don't go to war.

There is no question, whether or not to go to war with cyber-criminals — they have already gone to war with us. Every time a spam tries (successfully or not) to creep into your mailbox, every time your sshd logs a login attempt by "admin" or "fifi" — you are under attack. Way over half of the e-mail traffic is spam, and a vast number of web-servers are compromised. The war is ongoing — and we are suffering heavy losses, such as the ability to rely on e-mail — so save your preaching...

The second rule of war is if you have to go to war make yourself invulnerable before you attack.

No disagreement here. All we are discussing are the tactics — and I agree with the officer in the article, who thinks, active measures should be taken in addition to the purely defensive passive ones.

Re:They are right

[textstring]

General question post anonymously or whatever but when you were to hypothetically finally attack a system or even perform scans, how many proxy networks do you go through? How many hops in traceroute? Encryption between how many of those networks? Personally I don't think it's feasible for even an amateur hacker to be located by a single government with the prevalence of insecure/open wifi, the tor network, the great ocean of insecure pcs.
This isn't about the gov't "getting back" at a single person, this is about trying getting enough skill or bandwidth to 0wn or effectively carve out certain groups from the internet.

Re:They are right

[Minwee]

The first rule of war is: don't go to war.

Silly me. Here I thought it was "All warfare is based on deception."

As in, "When able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Hold out baits to entice the enemy. Feign disorder, and crush him. If he is secure at all points, be prepared for him. If he is in superior strength, evade him. If your opponent is of choleric temper, seek to irritate him. Pretend to be weak, that he may grow arrogant. If he is taking his ease, give him no rest. If his forces are united, separate them. Attack him where he is unprepared, appear where you are not expected."

But maybe I just read that on the back of a cereal box.

Re:They are right

[jtev]

He who would be strong everywhere is strong nowhere. Attack where your enemy is not expecting you, and you will never lose a battle. War is the most important activity that the state engages in. Tactis change, but fundamental truths do not. Actually read Sun Tsu, or Clauswitz and see what they say, instead of simply spouting naieve crap. Attack is indeed the best defense, but it's also true that you should never attack what you cannot keep. Doing so simply overextends you, and costs you your armies. The US didn't win Korea because of the civilian world, and the same could be said of Vietnam. In war both parties are ALWAYS vulerable in some way, and the trick is to hit the other guy before they hit you.

Re:They are right

Congrats! You're capable enough to lead Alexander the Great's left flank.

Re:They are right

[Bayoudegradeable]

"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

True, didn't work so well for the U.S. recently. But I'd say the whole conquering of North and South America (Spain, England, France and later as the US pushed to the Pacific) went VERY well for the offensive crowd. Not to be rude, but look at the Plains War for "success" with offense first (In no way am I saying that was GOOD for the US to do, but it was effective in terms of military success.)

Re:They are right

[kitgerrits]

They military already have plenty of tools to 'persuade' people not to mess with the US.
Anyone caught hacking any part of the DoD can expect a visit from uncle Sam (luckily, not yet uncle SAM).
Anyone hacking from a foreighn country, friendly to the US, can expect a visit from their local FBI and/or SWAT team.
(Anyone remember what happened to that UN weapons inspector in the UK?)

The US has some powerful (one-sided) extradition treaties with foreighn nations.
Try looking up kuji99 or Kevin Mitnick.

If they can't find enough evidence against you, you can always be put on some high-ranked 'terror watch list', with a free tocket to housing in the wonderful Guantanamo Bay Area.

Re:They are right

The American involvement in WW2 was purely offensive because we couldn't win without attacking.

If we didn't get involved, would the Allies still have won? What if they lost because they didn't get American support?
Losing WW2 was not an option, and McArthur understood that. Sun Tzu's paradigm doesn't apply when you cannot afford to lose.

Re:They are right

[OmegaBlac]

"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

It worked for Russia though. Russian generals preferred to go on the offensive and take the battle to the Germany army. As for the US, I recall the speed of the collapse of the Iraqi military and government during the initial ground invasion proves you wrong. Same for Afghanistan. What's not working right now is sitting around waiting for opposing forces to attack you as they have the initiative; hence why the US and current Iraqi military have had to initiate offensive operations several times for the past couple of years.

Re:They are right

[Clandestine_Blaze]

You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still part of the Great Japanese Empire, but that's all history. I know you were being facetious, but you misunderstood their point. I don't recall the poster advocating focusing primarily on defense after being attacked. Reread the part of the post that says:

Spoken like someone who has no understanding of the art of war.

            The first rule of war is: don't go to war.

            The second rule of war is if you have to go to war make yourself invulnerable before you attack.

            "Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment. You thought the poster meant "let's withdraw all forces, hunker down, and let everyone attack our defenses." Actually, MacArthur followed the second rule. The point being made was, an aggressive preemptive mentality often leads to defeat, which is why Japan and Germany lost their respective wars. The U.S. entering WWII was not an "attack mentality", but, an act of defense after we were attacked by Japan.

Fast forward to Vietnam and Iraq and you'll see why an attack mentality fails. How many years did it take the U.S. to realize that continuously being in attack mode in Iraq even AFTER the capture of Saddam Hussein did far more harm than the actual invasion itself? By the time the U.S. realized that we needed a peacetime force and not a full blown-out military force, the citizens of Iraq wanted us out and temporarily joined forces with al-Qaeda to form a resistance. (Only later did the Iraqis realize that al-Qaeda was far more interested in their own agenda than they were with helping the Iraqis, and turned against them too.)

And since you brought up Douglas MacArthur, read his bio, specifically:

President John F. Kennedy solicited MacArthur's counsel in 1961. The first of two meetings was shortly after the Bay of Pigs Invasion. MacArthur was extremely critical of the Pentagon and its military advice to Kennedy. MacArthur also cautioned the young President to avoid a U.S. military build-up in Vietnam, pointing out domestic problems should be given a much greater priority. Shortly prior to his death he gave similar advice to the new President, Lyndon Johnson. Even the great General you were referencing earlier warned Kennedy and Johnson about an aggressive military build-up in Vietnam.

Re:They are right

[pipoca]

No. The first rule of war is that war is deception. Appear strong where you are weak, weak where you are strong. Attack where you are unexpected. Use Strategems (i.e. tricks) where you can. True skill, however, is being good enough that you can win without even going to war.

Re:They are right

[analog_line]

The second rule of war is if you have to go to war make yourself invulnerable before you attack.

Poppycock, balderdash, bullcookies, bollucks, . If you got that out of any of the strategy classics I've read, you need to reread them. If you passed a military studies course with that as what you took out of it, your professor should be fired. If you're in a position of command in the US military, you should be stripped of it and put in a position where you will do less damage to my country, like cleaning the latrines.

You can never make yourself invulnerable in a real live conflict situation. It doesn't happen, it can't happen, and the one of the first signs of weakness in any kind of conflict is too great a concern with bolstering your defenses, or a belief that you are invulnerable. "Attack is the best defense" doesn't mean what you seem to think it means. If you are being attacked, the best way to defend yourself is to find a way to get an attacker's attention drawn to something other than you. The best way to do that is to attack a target that's valuable enough to force your adversary to defend it with the forces that are currently attacking you. It does not mean attacking willy nilly at whomever pokes their head above the sand.

Until recently, the US military, under orders from the incompetents in the White House, has in fact been carrying out your "second rule of war", and the utterly hopeless situation we're in now is testament to how stupid that concept is. Force protection (that is, the soldiers protecting themselves and each other) was the highest priority, specifically set over saving civilian lives. We didn't lose a single military installation in open combat. Even Fallujah we eventually razed (TWICE) with losses that while high for this conflict were piddly in terms of urban warfare in history. All that defense and invulnerability in combat didn't get us anywhere in actually winning the war. What's at least temporarily saved our bacon is having someone with the wisdom to see that fundamental failing put in charge, and actually start attacking, and stop the insane focus on self protection.

Re:They are right

[Dunbal]

Thank you.

Re:They are right

[ultranova]

Sorry, dear. Blasting the US and a not-so-hidden comparison with Nazi Germany of the 2nd World War may get you the "Insightful" moderations, but it is, in fact, off-topic and I will not bite.

Said like a fish in the bucket ;).

There is no question, whether or not to go to war with cyber-criminals -- they have already gone to war with us.

No, they haven't, any more than a pickpocket has gone to war with anyone. War on Cybercrime might be a catchy slogan, but it is just that - a slogan.

A cybercriminal is a criminal, not an invading horde of huns. You don't attack them, you investigate them and haul their ass to a prison. If they're some rogue hackers, it shouldn't be difficult to get the local courts of their country of origin to deal with them; and if they're state-employed saboteurs, any damage you can cause their systems are trivially dealt with - computers are cheap. In neither case does it make sense to use your own resources for attacking instead of defending.

Every time a spam tries (successfully or not) to creep into your mailbox, every time your sshd logs a login attempt by "admin" or "fifi" -- you are under attack.

Yes, in the same way as you are under attack when someone smashes your car window and steals the stereos.

All we are discussing are the tactics -- and I agree with the officer in the article, who thinks, active measures should be taken in addition to the purely defensive passive ones.

Well, since you mentioned spam specifically, and since the world's top spammers are well known, how about taking the active measure of dragging the assholes before a court and sending them behind the bars where they belong ?

Re:They are right

[mi]

A cybercriminal is a criminal, not an invading horde of huns.

There is a point, where quantity changes quality: a criminal becomes group of criminals, group turns into a gang, and gang — into a horde.

But yes, if you re-read my original posting in this thread, you'll see, that legal counter-attacks are what I'm recommending.

hackers, it shouldn't be difficult to get the local courts of their country of origin to deal with them

Foreign litigation is extremely difficult — on top of the regular hurdles associated with litigation (RIAA-cough-MPAA), you run into patriotism of the foreign country's inhabitants. It took two years to extradite three corrupt bankers from UK (a country with the closest ties to US)...

and if they're state-employed saboteurs, any damage you can cause their systems are trivially dealt with - computers are cheap.

See, here we are already discussing possible ways to retaliate... That's all the officer in the article is asking for (right now) — that we look into retaliation, rather than limit ourselves to pure battoning down of the hatches.

I don't need to buy a SAM, because my country's military (is supposed to) protect(s) me from foreign bombers. I hardly even lock my front door during the day, because my police keeps me safe from criminals. Why am I supposed to spend so much time and effort "securing" my computer?..

Collateral damage?

[PhasmatisApparatus]

"We're looking for real physics -- a bigger bang resulting in collateral damage."

That's what missiles are for. That's what special forces are for. I'm not sure how much "collateral damage" can be caused by hackers.

Then again, maybe General Elder has been reading the World Weekly News.

Re:Collateral damage?

[db32]

Tons of damage, they have managed to blow up a generator using SCADA controls in one test. Because in this wondeful new world of Interconnected Expanding Horizons Where Do You Want To Go Today Whatever crap every critical control computer has been plugged into a network for some dumb reason. Varying from "I don't want to have to work next to the loud device that the computer controls" to "The PHB said we need to be more "integrated"".

There are all manner of systems that handle hazardous materials that are computer controlled. To top it off, most of those control systems are VERY specialized software, and many are just Win32 progams that you can't simply fiddle with patching the OS without risking breaking something very important.

Oh, and as dumb as that WWN article is, in the long long ago I remeber reading about a virus that could cause physical damage to the hard drive. It had to do with how hard drives were controlled at the time. I don't remember all of the details, but the jist was that it could cause the drive to spin down while the heads were over the platter. This removed the air cushion the heads ride on and cause a head crash. Also, while not a virus, I also remember older hard drives could cause MASS damage when spinning at full RPM and the motor seizing. Back then the platters had some weight to them and a sudden stop could cause them to break in a pretty spectacular manner.

Re:Collateral Damage?

[KC7GR]

Bah! I wonder what kind of collateral damage could be obtained through a massive air-drop of two metric tons of overcooked spinach...

S P L A T T ! ! !

Re:Collateral damage?

[SCHecklerX]

Indeed. Reminds me of this nonsense:

http://tinyurl.com/3ymeov

Collateral Damage?

[BigBlueOx]

Bigger Bang? Windows! You're talkin' about Windows!

Communication issues

[SickHumour]

Yeah... I think this Lieutenant General might be the communication issue. All I can understand from his quote is that he really wants to "cyber" the enemy without being vulnerable to being "cybered" in return. Is this military jargon?

It'll be too hard for them to staff up

[MikeRT]

Too many of the people that they'd want who are freakishly good at networking probably have a criminal record long enough to deter them from ever holding a TS, let alone a TS/SCI.

I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.

Re:It'll be too hard for them to staff up

[dave562]

I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.

That may be the case, but more likely the Chinese government just puts them to work. The same thing happens here in the US. There were a couple of guys who went to the LA 2600 meetings in the early 1990s who got visits from the government. The conversation always went along the lines of, "Stop doing what you're doing or we're going to arrest you. Or if you want to continue doing what you're doing, come work for us." Those who didn't stop ended up dealing with the FBI. Those who took the offer ended up working with the NSA.

Re:It'll be too hard for them to staff up

The military has no problem finding trained scientists/engineers to design and build weapons systems (bombs) without resorting to hiring criminal bombmakers (terrorists). Why are networking skills any different?

Good luck with that.

Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.

Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.

So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.

This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.

I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.

Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.

Re:Good luck with that.

[eleuthero]

The software techs at my school regularly hire students caught with their hands in the candy jar--it is a part of a "rehabilitation" program as far as I can tell.

Re:Good luck with that.

Wow, that is just so.... Wow!

I mean, yeah, some schools have some problems, but to paint the entire educational system of a country as 'broken' is just so - stupid? Ill-thought?

I know - UNEDUCATED.

The world is not flat, my friend, and the solution to the problems in the U.S. of A. do not lie in the dismantling of its educational systems, no matter how many time Mr. Limbaugh says so.

Re:Good luck with that.

[dave562]

You're right that the military isn't going to get the best hackers. The NSA will. The educational system isn't the real problem. The best hackers have always been those who had a knack for it and lived and breathed the systems that they enjoyed playing with. Because for the best hackers, hacking is playing. It isn't a job, it isn't a career, it's a hobby that they enjoy. The education system could turn out "computer security professionals", but they will only be as effective as their last class. There simply aren't many people out there with the mental facilities required to be really good at hacking. All the guys I knew weren't wired right. They'd only sleep four hours a night, and had insanely accurate memories.. or they were seriously into drugs, everything from speed and coke to LSD and mushrooms. That's why the end up at the NSA. They can be compartmentalized and their idiosyncrocies can be overlooked. Those people would never make it in a military environment with a rigid chain of command.

Re:Good luck with that.

Pot, Kettle, Black.

You have a clear problem with reading comprehension. Nowhere did I say that the Educational System should be dismantled. Changed, yes. Dismantled, no. You do realize that there's a difference?

Oh, and if this isn't a problem across the entire country, please show me one single school district where they encourage teaching the kids how to hack. Just one.

Heh. If you want to try to portray the Educational System in a shining light, you might try starting by setting a better example with yourself. Just the two failures I've mentioned here strike me as something the Conservatives might say about the failures of our Public Education System, but I don't really track what they tend to spout.

Re:Good luck with that.

[dbIII]

suppose the Military could consider subcontracting out to the Mafia

No that's what some of the various spook agencies did hopefully only long ago and I think it shaped what they have become today. The Bay of Pigs was a fiasco due to it being a mix of refugees, spooks and criminals trying to do a military job. One of the problems Kennedy had was due to the strong links between organised crime and the intelligence agencies which is one reason so many conspiracy theories sprang up after he was shot.

Big Bang For Sale: Will Consider Serious Bids

Here.

Yours radioactively,
Dr. Abdul Qadeer Khan

P.S. Say Hi to my fellow gun-runner President-VICE Richard B. Cheney
,

Attack!

[GottliebPins]

I can see it now. Somewhere in China or Nigeria a hacker is trying to gain access to a U.S. government network and suddenly their own systems are attacked from hundreds of locations around the world bringing their network to it's knees! Revenge is sweet!

Re:Attack!

Nah, it even better than that.

We're looking for real physics -- a bigger bang resulting in collateral damage

Translation: U.S. government network is experiencing an attack, and suddenly a rain of some (physical) missiles starts dropping on the chinese hacker. Collateral damage is insured (i.e. at the very least, no other machines at the location will ever carry an attack. The hacker... who cares?).

It's called the "problem elimination" (by contrast with just "solving it")

For a bigger bang, just imagine the solution being applied on erradication of a bot net.

I reckon, these can create some workplaces as well (in the military related industries) and might be a solution to solve the sub-prime mortgages crisis (launch a net attack, then no home for the bank to default the mortgage and you just fill a bankruptcy form - elimination of the problem, too).

EMP?

I'm not sure, but I think an EMP would be a pretty big bang

Just the long way for him to say..

[Budgreen]

HACK THE WORLD!!!

Re:Just the long way for him to say..

[morgan_greywolf]

$ nmap -v -sS -O world
Starting Nmap 4.20 ( http://insecure.org/ ) at 2008-04-02 14:30 EDT
Failed to resolve given hostname/IP: world. Note that you can't use '/mask' AN\
D '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap finished: 0 IP addresses (0 hosts up) scanned in 0.106 seconds
                              Raw packets sent: 0 (0B) | Rcvd: 0 (0B)


If you can even find it!

Re:Dear me I can see an NPR 'expose' of evil Tech

[Colonel+Korn]

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because you liked them, not because you hated them. Stupid, stupid, rhetorical nonsense.

Greater attack mentality?

[Quiet_Desperation]

Shouldn't they be hiring Professor X?

Didn't know the Airforce was into this stuff

[adrenalinekick]

I put on my robe and wizard hat...

Re:Didn't know the Airforce was into this stuff

[SCHecklerX]

LMAO! (assuming the bloodninja posts on bash.org)

War is physics...

[MadMidnightBomber]

Computer science is maths. There are no fucking "bangs" in maths - if there's no security holes the only thing you can do is DDoS it off the net. This is the sort of drivel I usually expect from Hollywood hacker films; I can just see this guy typing "access all the secret files" into a bash prompt and expecting it to work.

Re:War is physics...

[morgan_greywolf]

me@myhost:~$ access all secret files
access all secret files
-bash: access: command not found


Huh. You're right! But it always seems to work for those guys in the movies!!!

Re:War is physics...

[AJWM]

Computer science is maths. There are no fucking "bangs" in maths

Factorials aside, there are plenty of potential "bangs" in things controlled by computers. If someone is stupid enough (and plenty of people are) to allow any of these to be connected to the 'net, well then...

Consider, for example, power stations, refineries and similar chemical plants, air traffic control systems, (or even regular traffic control systems -- turn all the traffic lights in a city green in all directions, I guarantee you'll get some bangs). Now, you and I know there should be failsafes in such systems to prevent such things, and such systems should not be internet-accessible in the first place. You and I also know that it only takes one idiot to mess something like that up.

Re:War is physics...

[ahabswhale]

Outside of breaking encryption, math is rarely required for hacking and the US has as much muscle as any country when it comes to breaking encryption courtesy of the NSA. Of course the funniest thing you said was, "if there's no security holes the only thing you can do is DDoS it off the net". Are you kidding me? There are ALWAYS security holes. You may not find them but they are there. There is no such thing as an impenetrable system.

Re:War is physics...

[AJWM]

Addendum to above -- if the control system you want to hack into hasn't been inadvertently connected to the internet by some idiot (ie, it has air gaps separating all nodes from any internet-connected nodes, and of course no wifi), that's the kind of thing covert ops are good at. It doesn't take much to bridge two networks, and if done in an out-of-the-way spot that could go undetected for years, especially if the bridge just sits there passively listening for a special activation packet.

Re:War is physics...

[Lemmy+Caution]

I found your mistake. It should be:

me@myhost:~$ sudo access all secret files

No One Expects The IT Inquisition

[N1ck0]

Nik!

Seriously this just depicts how the Military/Cyber command doesn't understand operating inside domestic world. As some of the smartest commanders have advised politicians before: you basically don't want our military policing things; as they go in with the mentality of destroy/conquer/dominate.

If your saying IT staff should actively attack those who seek to do wrong to their infrastructure, how do you address the fact that most activities of those individuals are completely legal until they actually do the attack. What of root-kits and exploits used for commercial purposes? Should we attack them too? People who do operations within the legal confines of their governing body, but can potentially impact others who's government classifies it as illegal...attack them too? Or what about someone who actively goes out and fetches something not intended for them, but also causes harm...attack the person who made it available? What about legitimate patches that break IT infrastructure if applied...Should we go destroy IBM, Microsoft, or Cisco because they distributed something harmful? Or even more broad...what if one of these companies indirectly helps the 'enemy'...are they open to attack too? What a tangled web we weave.

Sorry but Attack mentalities are dangerous 'domestically', and require real tight constraints. Such an organization should have an understanding on how information travels and how IT works; and should therefor be very careful with what it says publicly. But in the go destroy/take-down/remove world of the military you just go attack the 'bad people' right?

A great opportunity awaits.

Spammer sends viagra ad to .mil email address.

Cybercommand retaliates against forged sender address's domain.

China launches missile strikes against US targets to halt destruction of its telecommunications infrastructure.

World War III ensues.

Profit!

A solution

How about, instead of this whole "protecting our data from evil people" thing, we give the evil people the data, then bomb them for having it. Its a simple matter of using our talents alongside our weaknesses. That and we want to trim down our nuclear arsenal, well...here's the chance!

Guess again

2 military actions?? 2 WARS perhaps, but military actions doesn't pass the laugh test.

Granted this is a mixed and incomplete list, these are also only the "actions" we know about:
http://en.wikipedia.org/wiki/List_of_United_States_military_history_events#2000-_present

Don't go telling me that the DoD maintains SEAL teams, Delta teams and other various special forces groups and their very expensive delivery methods (*cough*Virginiaclass*cough*) without an ongoing need to conduct "military actions against foreign powers".

Argue the right of the United States to do what they do all you want, that it is done is beyond question.

Let's play Global Thermonuclear War .....

[taniwha]

well we all used to be worried about the fallout from nuclear war .... just think what would happen on the 'net if these cowboys ever get unleashed .....

the good news I guess is that just like the spammers they'll all be going after the windows platforms because that's the biggest bang for the buck - the rest of us can watch the death of the internet from our linux bunkers

Re:Dear me I can see an NPR 'expose' of evil Tech

[gelfling]

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because you liked them, not because you hated them. Stupid, stupid, rhetorical nonsense. Well considering there have been exactly zero declared wars since the end of WW2 it sort of puts a point on the futility of the whole thing, doesn't it?

Not clandestine?

[SleptThroughClass]

"We're trying to move away from clandestine operations."

So.. overt operations? Such as with artillery?

Re:Not clandestine?

[rkanodia]

Rickolling.

somewhat mutually exclusive?

[mr100percent]

I don't see how defense and attack in the IT world work that well together. If I'm setting up firewalls and VPN systems, it doesn't mean I'd know any more than the basics about launching my own DDoS or a man-in-the-middle attack.

On a related note, I wonder if the military would build their own botnet from scratch.

Re:somewhat mutually exclusive?

[dave562]

On a related note, I wonder if the military would build their own botnet from scratch.

Of course, just think about all of the contracting money to be made there!!! Why use off the shelf, already proven code when you can recreate the wheel and employ lots of PHB's to oversee the operation?

Bad idea

[PPH]

Expecting the typical admin of a commercial network or system to actively participate in an attack is like giving every middle-aged white collar civilian a machine gun and expecting them to attack enemy artillery emplacements.

The most we should expect of the civilian infrastructure is to secure their systems and go hide in the backyard bomb shelter. If I (a middle aged white collar civilian) start getting involved in DoS attacks against an enemy, I'm inviting reprisals by that enemy targeting my, or my employers systems. If the cyber comand folks start handing out the weaponry (toolkits) to just any civilian, how can they be sure that they won't be used against that person's neighbor (who keeps dumping grass clippings over the fence), competitor, ex-wives, etc. Or, worse yet, switch sides in the war and launch an attack against the friendly forces?

Re:Bad idea

[dwye]

Expecting the typical admin of a commercial network or system to actively participate in an attack is like giving every middle-aged white collar civilian a machine gun and expecting them to attack enemy artillery emplacements.

Works for Switzerland.

Truth in Naming

[Original+Replica]

An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen

The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.

Re:Truth in Naming

[OldFish]

How about Cyber Warfare Command That encompasses both offense and defense. Done.

Re:Truth in Naming

[Stiletto]

The same problem applies overall to the "Department of Defense". When was the last time the "Department of Defense" actually DEFENDED U.S. soil? Pearl Harbor? It seems all they do nowadays is attack... Maybe they should change their name back to the "War Department."

Re:Truth in Naming

[kalirion]

War without End.

Don't you mean Forever War?

Re:Truth in Naming

[Original+Replica]

Cyber Warfare Command would imply that any aggressive actions were part of a declared war. That would be fine, but would likely be viewed as too restrictive by many politicians and military brass. I can't imagine that Lieutenant General Robert J Elder, Jr would be content to only take aggressive actions against countries which were in a congressionally declared state of war. I don't think cyberwarfare is a big issue coming out of Iraq or Afghanistan, and I don't think Congress is going to declare war on North Korea, China, or Russia any time soon.

Re:Truth in Naming

[GigG]

Cyber Operations Command. COC

Re:Truth in Naming

[TooMuchToDo]

Sometimes to defend you have to attack first.

Re:Truth in Naming

[AnomaliesAndrew]

Somewhere at the Pentagon...

"Attention! You've got an assignment for tonight... go home and watch WARGAMES, HACKERS, and SWORDFISH. Tomorrow, we begin to convince the public that's how it really is. And for the commercial we're shooting tomorrow, we'll tell the public how many times we've been pinged, only say... they're 'attacks', and we'll blame them on the Chinese even if it's just a Google spider."

I'm more afraid of our own government's incompetence and its marketing campaigns than I am of foreign states.

Re:Truth in Naming

[FreakWent]

fighting for peace is like fucking for virginity
~ John Lennon

Re:Truth in Naming

[TooMuchToDo]

I think an important distinction to make is that Lennon lived in a time with rational enemies. The Cold War with the Soviet Union was largely uneventful (read: did not end in nuclear winter) because both the US and the Soviet Union enjoyed existing (both the countries and the people within those countries). Mutually assured destruction made sense as a defense strategy.

This no longer holds true, as there are now enemies who do not fear destruction/death/etc. The paradigm shifts. Peace should be tried at all costs before force is used, but reason does not always work. Diplomacy does not always work. As a last resort (and only that), sometimes force must be used. And once done, there is peace again.

Re:Truth in Naming

[TAiNiUM]

Defense is not in the name. It is the Air Force Cyber Command.

Re:Truth in Naming

[wasted]

Cyber Operations Command. COC

Oh, that could be misused. If their workcenter is referred to as "the pit", I foresee pilot-wannabees going to the local bars complaining a little too loudly that they just spent eight rough hours in the "COC-pit."

Re:Truth in Naming

[sixtyeight]

"Cyber Defense Command"? They'd better look all like RoboCop, that's all I'm saying. Honestly... hapless civilians have to settle for just getting a flashy overpriced sports car to compensate for penis-size-envy.

Re:Truth in Naming

[rtb61]

The problem with that is it makes absolutely no sense. In order to defend your public infrastructure, you must publicly implement systems that will protect against all know attacks, hence every other country can copy them.

If you launch a successful attack upon another county, chances are that attack can be readily mimicked and launched against your own public infrastructure. If you attempt to establish a defence against that attack you are back to square one.

Most attacks on the internet, have targeted everybody and have not been very specific, only the brute force attacks using botnets have been specifically targeted.

Most countries who want to run totally secure critical networks run them with an airgap, wishful thinking or public boasting does not tend to fill that gap.

The reality is you either defend (only creating attack methods to test and improve defences) or you are a criminal working for criminal organisations and attack. The whole concept of the US Air Force Cyber Command is pretty idiotic, it really needs to be a civilian agency because what you most want to protect is public and private infrastructure. For the military, if it doesn't absolutely need to be connected to the internet, then don't bloody connect it.

Re:Truth in Naming

This no longer holds true, as there are now enemies who do not fear destruction/death/etc.

"No longer holds true" ? Where you learned your history? Remember Imperial Japan with their devotion and fanaticism, Bushido codex, etc.?

Well, when they got a taste of destruction and death, they changed their opinions in a day. Going to heaven as sole hero and enjoying all the spoils there is one thing, but going up in a massive cloud of vapor with all your friends and family, your God having no apparent objections or attempts to interfere to it, is something entirely different. Iran's attempt to seize own long range nuclear weaponry is a sign of ... how should I put it... not completely relying on Allah's protection. It is a sign of FEAR and it is a sign of realization that nothing short of nuclear threat to worlds most dangerous bully(ies) can bring lasting peace to any nation of the world.

So, picturing Iran or North Korea as possible aggressive nuclear-armed lunatics is just a pro-war propaganda. They should not have nukes, BECAUSE we CERTAINLY WILL war them in the future (unless they surrender under threat).

Nuclear weapons are not seriously (bar most grave circumstances of most important, decisive operations) considered as tactical weapons by any military. Using tactical nuke on your own (or one you want captured) soil is like scorching it for a long period, it very much complicates utilization of the terrain and endangers your deployed personnel (however, if they would be most probably killed in combat otherwise, a little radionuclide absorption is lesser of the evils). Therefore, they are almost strictly doomsday weapons of retaliation, LOSERS' REVENGE, to be used if its wielder senses own end coming.

Therefore nuclear non-proliferation treaty is supreme BS - it shows that superpowers were never intending to honestly uphold the world peace. Even today, Cold War still continues, but it is very stealthy and slow-motion crawl (stepwise expansion of NATO deeper towards East), in order to prevent triggering the Russian "motion sensor alarm". All this gimmicking with quarrel in Middle East is magician's hand waving. Of all countries, Afghanistan - main base of Al Quaida, how convenient! OMG, Iran is MAYBE acquiring nuclear ICBM's (in next 50 years or so)! Quick, we have to install anti-missile protection of Europe. Now, we would like to see Black Sea beach heads, Georgia and Ukraine, on our side (to avoid another Stalingrad disaster, should there be an occasion), but gosh, I can't believe we could actually get so lucky (Russian motion meter hand dwindling on the brink of "RED").

Now, all this may just not alarm Russians... if they don't know geography, or how to read positions on a chess board. It all boils down to one question: What do we intend with Russia (and Russians) once we conquer it and could it be acceptable for Russians under some circumstances and what are those? Can we ever trust them? Can we ever control them? Do they have good incentive to choose a life of losers, will it be a good enough life? On the coalitions side: will everyone get a satisfactory share of Siberia's natural riches, or there is a chance of quarrel over it between EU and US? Will EU get Western part and US extend Alaska westwards over Bering's Straights? Will US allow EU to become its potential future challenger (by acquiring natural resources comparable to those of US/Canada and absorbing Russians into own manpower) at all? Is there a piece of it for China too, or will China be on the table as well?

Re:Truth in Naming

[wyohman]

They don't call it "Cyber Defence Command." It's actually called "Cyber Command." No need to add offense or warfare or anything else for that matter.

Re:Truth in Naming

[Jesus_666]

Once you have glassed your enemies, nobody is going to complain about you anymore. Nobody's going to to business with you, either, but at least you're safe.

Re:Truth in Naming

First, the organization's name is Air Force Cyber Command. There is no "Defense" or "Attack" in the name. Almost no research is needed to figure this out. http://www.afcyber.af.mil/

Second, we haven't been attacked since Pearl Harbor? That either means that: your aren't counting terrorism, hacking or probably hundreds of attempts that have been quelled; or the Dept. of Defense is doing an incredible job. Pick one.

Third, quoting John Lennon on war? What's next, Gen. Patton on use of the sitar in pop music?

Re:Truth in Naming

[DwarfGoanna]

"If they were honest in their naming then perhaps it would be call Cyber Attack Command."

No, I think they would drop the fucking CYBER altogether. Seriously, I can't be the only person who thinks this is utterly ridiculous. They may as well call it The Mighty Morphin' Matrix Marines.

Re:Truth in Naming

[entropiccanuck]

I think "Department of Peace" is more likely.

First strike & offense capablity.

[John+Sokol]

I am waiting for them to call me and my buddies.

First they need older hackers, not script kiddies.
Black hats, or at least former black hats.

Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.

Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.

Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html

Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.

Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.

> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.

These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.

Of course with Microsoft and Apple, this would already seem to be unnecessary.

Re:First strike & offense capablity.

[dave562]

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

I completely agree. A lot of people stopped walking along the path that they were walking after age 18 because what they thought was, "Pretty damn cool." the government and law enforcement agencies thought was, "A federal felony punishable by time in prison." I was never into hacking System 75 and Audix because I wanted to take down companies... I just thought it was cool to give my friends free voicemail boxes on the end of a 1-800 number that they could access from anywhere. I never got into cloning cell phones because I wanted to eavesdrop on people and steal secrets, that was just a byproduct of the knowledge acquired by knowing how to do it.

This is a bit off topic, but there is a huge problem when it comes to creative/curious people and our legal system. I figured out in my late teens that the legal system is setup to protect stupid people from themselves. It is set to "level the playing field" to the absolute lowest common demoniator and punish anyone who exercises their natural, human instinct to push the boundries. It has been common knowledge for a couple of decades at this point that the government was presented with the "problem" of computer security. They had the option to either help to make systems secure by passing legislation to mandate good practices and levy fines against those who didn't follow them, or they could simply jack up the penalities for messing with the systems. It's obvious which route they took. Systems aren't much more secure than they have ever been and anyone with any inclination to figure them out and poke around at the holes is scared to do so for fear of ending up buried under huge fines and/or incarcerated in Federal prison.

Re:First strike & offense capablity.

[LM741N]

Chip sets are really vulnerable to radio waves. I know as I was drying off my laptop in the oven. Never did work right after that.

Re:First strike & offense capablity.

[John+Sokol]

Kudos, couldn't have said it better myself.

"With great bandwidth comes great responsibility"

Re:First strike & offense capablity.

[John+Sokol]

Great an OpAmp as your handle.

I mean many chips where all specifically fab'ed in such a way as to be very sensitive to a specific frequency and permanently fail when exposed to it.

Oven, hahaha Microwave right.

You'd be amazed fixed someones Mac after is was in a house fire and sprayed with salt water.
  Soaked the all the boards in a bathtub for a day, hosed down the monitor and chassis.
  Put the boards in an oven at 150F for a few hours assembled it and it worked like a charm.

  Maybe you just didn't set the right temperature.

Re:First strike & offense capablity.

Why nerdy Asian girls?

Posting anonymously due to be a nerdy Asian girl. OP scares me.

Re:First strike & offense capablity.

[John+Sokol]

OP?

Now I am really veering off topic.

I totally love nerdy Asian girls, the nerdier the better, even pop bottle glasses and acne as long as she can use a computer and loves SciFi it's all good.

I didn't mean to imply some sort of promiscuous or polygamous behavior. Nerds in general tend to be incredibly loyal.

  If you have ever spend time in Silicon Valley (San Jose area)in Northern California, not to be confused with Silicone Valley (Los Angeles area) in Southern California.

  Or for that matter any where in the USA around hard core computer hacker/nerds (assumption of them being classic Asperger syndrome males), there is over an 90% chance of the ones lucky enough to have a girlfriend that they are northern Asian and into computers at least on some level.

  Unless there Indian computer nerds at which point they would almost certainly have some absolutely gorgeous knock out white cheerleader type. I still can't figure this one out.

Why this is, I am not sure, but it just seems to be the natural order of things.

Hey I am not making this up, really.

So the reason to pair them up with a nerdy Asian girl, is to keep them in line. Prevent them from hacking porn sites and focused on hacking into the enemy's computers, while also providing some form of physical exercise, and emotional stability.

Frankly typical American women just can't/won't put up with a guy who obsessively spends over 100 hr a week in front of a computer.

Think We Already Have It

When Israel attacked Syria's nuclear facility their vaunted Anti-Aircraft missile system, latest and greatest from Russia, didn't see a thing. Rumor is that they had hacked into the system and neutered it.

Someday in the Future...

[dcollins]

Someday this guy will have a big component of his ships, missiles, and robot vehicles taken down by a friggin' virus spawned by two guys in a garage somewhere in Asia.

And he'll go "Oh my god! We were totally taken by surprise! Who could have ever imagined or prepared for something as astounding as this!", for about the 4,000th time in the history of this administration.

This entire article is...

[Byzandula]

Flamebait.

A more interesting question...

[DragonTHC]

what does US Cyber Command have to do with the NSA?

Re:A more interesting question...

[dwye]

> what does US Cyber Command have to do with the NSA?

They are the smoke screen. I am certain that there is a better Russian term for this, but I cannot remember it right now. Basically, they make a huge noise at 0 degrees, so that the NSA can sneak in at +/- 135 degrees, using position as an analogy.

Alternate Analogy, they are Patton, commanding the vast US Army Group to launch the invasion of France at Pas de Calais, which never actually existed, to hide the real Overlord. Or the are Ahmeddinijihad (sp?)(if there CAN be a correct spelling, since the letters map poorly to English anyway), there to provide cover for the Iranian mullahs.

Re:A more interesting question...

[dwye]

I just reread the original blurb. This is a USA General talking to a UK open publication. One more point for my Patton analogy. It is like they took it from the movie. I wonder, does this general write poetry, and believe in reincarnation, too?

yeah, cyber - big bang - collateral damage

[hypergreatthing]

You people been reading too many bad sci-fi stories involving shadowrun adventures or some wierd cyberpunk crap.

Though there is this guy called bloodninja who could school you in the art of cyber chatting.

U.S. Cyber Command -

needs to research hive mind.

if they are having communication issues, just send them over to 4chan, they'll be flooding our enemies servers with "dick butt" and "the best" in no time.

Mraaawr, they volunteered

[Techmaniac]

Isn't collateral damage a euphemism for civilian deaths? These jackasses are in need of a full-metal enema.

Collateral damage

[jabber]

Collateral damage, by definition, is unintentional. The contradiction aside, why would the most technologically advanced (arguably, I suppose) part of the US military seek to cause more than the necessary amount of damage?

Re:collateral damage

[Oddster]

Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?
I thought there was an obligation to try to minimize collateral damage? That rule is moot for quite a number of reasons. See firebombing of Dresden. And remember, the term "war crimes" is either an oxymoron or redundant, depending on how you look at it.

Re:collateral damage

[jjk3]

According to the United States Department of Defense definition collateral damage is the unintentional or incidental injury or damage to persons or objects that would not be lawful military targets in the circumstances ruling at the time. Such damage is not unlawful so long as it is not excessive in light of the overall military advantage anticipated from the attack. (Joint Publication 3-60)

Re:collateral damage

[davidbofinger]

Such damage is not unlawful so long as it is not excessive in light of the overall military advantage anticipated from the attack. (Joint Publication 3-60)

IANAL but:

Assuming JP3-60 follows the Geneva principles then the test is a little harsher than that. We compare not only with the zero case (no attack) but with any other possible attack we might make instead. So if attack A and attack B are alternatives, and attack B causes more collateral damage, then attack B can be lawful only if it has sufficient military advantages over attack A to justify the difference in collateral damage.

Deliberately seeking to cause collateral damage, as an objective, is clearly unlawful. But the entire paragraph is so bizarre (What does he mean by "physics"?) that I suspect it's a misquote anyway. I'm waiting for air force public relations to clarify.

Re:collateral damage

[davidbofinger]

That rule is moot for quite a number of reasons. See firebombing of Dresden.

IANAL but:

The Geneva convention has evolved. Lots of things that were legal in 1945 are illegal now. The US hasn't agreed to all the changes, so this applies less in the US than most places, but it still applies to some extent.

Re:collateral damage

[realkiwi]

I'm with you on this one

collateral damage -- Unintentional or incidental injury or damage to persons or objects that would not be lawful military targets in the circumstances ruling at the time. Such damage is not unlawful so long as it is not excessive in light of the overall military advantage anticipated from the attack. (Joint Publication 3-60)

Asking for more collateral damage is probably a war crime

Re:collateral damage

The war starts. On the first day, innocent human beings are accidentally killed by the aggressor. On the second day, more innocent human beings are accidentally killed. After 10 consecutive days of accidental killings, can it not be logically concluded that the probability of an accidental killing the following day is approaching 100 percent? At this point, the aggressor must make a conscious desicion to either A) cease the war, and halt the accidental killings or B) continue the war, and continue the accidental killings.

In which case, to choose B) is to deliberately, consciously TRY to inflict "collateral damage". How could it not be?

Collateral damage of cyber war?

[bbasgen]

  All this has me thinking about collateral damage. War, by definition, has collateral damage. What will we see here? Will it be several underwater cables being cut at the same time, shutting down businesses and people in entire countries? Will it be mass assaults such that the machine of innocents are pwned? Could the systematic and government driven exploitation of the open nature of the internet lead to the closing of virtual borders?

  I don't doubt this is the right thing to do strategically: you exploit opportunities at war, but it seems that the collateral damage is inevitable, which begs the question: what will the internet look like after prolonged, intensified, government warfare?

Re:Collateral damage of cyber war?

[dave562]

which begs the question: what will the internet look like after prolonged, intensified, government warfare?

* * * - No route to host.

collateral damage

[DM9290]

Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?

I thought there was an obligation to try to minimize collateral damage?

You are Sooooo wrong, it hurts when I pee.

[TiggertheMad]

Wow your comments are full of fail. Systematic deconstruction and demolition of them below:

"Attack is the best defense" did not work for Germany in the 2nd world war. One might observer that it didn't work for them in the long run, because they WERE NOT TRYING TO DEFEND when they started the war. Their goal was conquest, not defense. They perfected the tactic of the 'blitzkreig', which involves an aggressive drive to cripple you opponent's communication, organization, and logistics, which gave them overwhelming success in the early parts of the war. Their loss wasn't a strike against the attack strategy, so much as proof that you shouldn't attack EVERYONE at the same time.

It didn't work in Vietnam or Korea. It worked fine in Korea. The US was on the defensive at the beginning of the war, and after the Inchon landings, we pushed NK forces to the Yalu river. Only China engaging in a 'Attack' strategy prevented us from unifying Korea.

Vietnam was also another poorly chosen example. The US actively chose to not invade the north, and played a defensive game fighting NVA attacks and vietcong insurgencies. Even when nixon took the gloves off, we never tried to take Hanoi. We simply dumped silly ammounts of ordinance on them from 50,000 feet. Had we invaded the north in 1967, I suspect that things would have turned out like Korea. US crushes NVA, China jumps in and smacks US around until treaty is signed. An attack strategy might have prevented the massive loss of life of US servicemen and vietnamese civilians and shortend the war by 6 or 7 years.

It's certainly not working for the US at the moment. Um, technically, it did. For better or worse, Sadam's regime is gone. He cannot attack us now. (Not that I actually believe the WMB bullshit that president fucktard spewed, just making the point that if the goal was to prevent Sadam from attacking the US, we accomplished it very well.)

If you are speaking about the insurgency, that is another story. We know who is supplying them. It is quite easy to attack the manufacturing and logistics that supply them to disarm them at the source. The question about the wisdom of doing so is another discussion all together.

The point is, your facts aren't really supporting your argument. Aggression is a fantastic defensive strategy. If your opponent is dead before he can even draw a gun, you are *quite* safe. The only rule of war is 'win'.

Re:You are Sooooo wrong, it hurts when I pee.

[kitgerrits]

The only rule of war is 'win'.

That's the exact point where you're wrong.
You can attack with overwhelming force, but still have to fight (Japan)
You can win the war, but still forget to check your goals before and after the war (Iraq 1)
You can win the war without winning the hearts and minds of the 'freed' first (Iraq 2).

If the US actually showed any interest in helping the local people,
    the US would have been received with open arms and the poeple would have turned against the oppressors (WWII).
The problem is that the US marched in there and killed anything that moved, just to on the safe side.

This is why there are certain Rules of Engagement and a Geneva Convention.
There's no point in winning the war if the people hate your guts afterwards (Korea, Vietnam, Iraq II).
Try thinking of the soldiers that came back after Vietnam.
They left as heroes, but were 'ill received' after it was over.
Nobody likes to feel like they lost.
Even if they won.

Arent computers made in China?

[objekt]

A lot of them, anyway?

Who's to say they don't build some tricks into them before we get them? They could be monitoring everything we do and be able to shut us down at will for all we know.

Nope

[hassanchop]

It was NATO.

Re:Nope

[Scrameustache]

It was NATO. And NATO has no member nations?
None of which have more pull than others?

Are you this ignorant?

Re:Nope

Wow you called him IGNORANT!

NATO isn't the US, and the US isn't NATO. Pretending otherwise and calling names won't change that, and won't make your personal attack any less of a sign that you know you're wrong.

Re:Nope

[hassanchop]

Are you this ignorant?

Classy.

Re:Nope

And NATO has no member nations?
None of which have more pull than others?

These are simple questions.
It would be a shame if you did not answer them.

Re:Nope

[Jack9]

NATO isn't the US, and the US isn't NATO. Pretending [NATO EXISTS WITHOUT THE US] and calling names won't change that, and won't make your personal attack any less of a sign that you know you're [right].

Fixed.

Uhhh, no.

While the NSA might get the best cryptographers, they don't get the best hackers. Or crackers. Anyone who confuses crypto with crackers doesn't know what they're talking about.

The best crackers don't work for the NSA. They are extremely good at what they do, breathtakingly so.

The NSA might get a better group than the military, but if you think they are the best, you are absolutely kidding yourself.

Oh, and the NSA doesn't even get the best crypto guys anymore, either. Google has been outcompeting them there lately.

Working for US right now

[mi]

True, didn't work so well for the U.S. recently.

Well, since the "insightful" war-artist managed to get us off-topic, let's continue. I think, you are too rash in granting him this assertion. The tactics is, in fact, working for US "recently" — in Iraq and Afghanistan. We took the war to the enemy and had no attacks on the American soil since. The assholes are fighting our military in the remote lands, while American civilians are able to continue to enjoy their lifestyles (almost) without changes.

The only sign, that the country is at war, are the yellow-stickers on bumpers. I say it worked, even if it could've been even better — some mistakes of the early stages of occupation are truly regrettable and lead to unneeded bloodshed and expense...

Re:Working for US right now

[dbIII]

Unfortunately it's the classic magic "tiger stone" - the protection is due to the fact that there are no actual tigers in the area and not due to the stone. Iraq has turned into a terrorist assembly line and Afganistan a vast source of opium to pay for it all.

As for changes at home - talk at the highest levels about how torturing people is OK, suspension of the rule of law in some cases for something a bit more Feudal and widespread hysteria awoken by things like advertising signs looks like a bit of a change.

Re:Working for US right now

[mi]

no actual tigers in the area and not due to the stone. Iraq has turned into a terrorist assembly line and Afganistan a vast source of opium to pay for it all.

The second sentence contradicts the first one...

As for changes at home - talk at the highest levels about how torturing people is OK, suspension of the rule of law in some cases for something a bit more Feudal and widespread hysteria awoken by things like advertising signs looks like a bit of a change.

Yes, a "bit" — hardly anything as substantial as even during the Vietnam War. Certainly far less than during WW2, which affected everyone, and even prior to which the President has allowed a foreign — not even American — secret government agency (British) to not only spy upon, not just torture, but to kill Americans suspected of collaborating with Germany (which was not officially our enemy yet). The country was quite anti-war then, and the President has promised to "never send American boys to die in foreign lands"...

Re:Working for US right now

[dbIII]

The second sentence contradicts the first one

In addition it appears that education standards have slipped so I'll try again in modern US English:

Unfortunately it'sda classic magic "tiger stone" - da protection iz due ta da fact dat dere iz nahh actual tigers in da area an' not due ta da stone.

Now that's the first part - next there is some puctuation to express that something new is coming up and then:

Iraq has turned into uh terrorist assembly line an' Afganistan uh vast source o' opium ta pay fo' it all what 'chew thinking man?

The other potential problem here is that the reader may not know that Iraq and Afganistan are outside of the USA. The bizzare thing is the reverse is also true and some people in Afgan villages think the USA is just a few miles down the road.

You would be correct in thinking I didn't take your incorrect nitpick in the reply seriously. The link about some extremist weirdo complaining about a different extremist weirdo on the other side is another reason. They are killing each other's kids - why do you expect rational debate instead of mindless rants and calls for death that you get from there?

Re:Working for US right now

[mi]

Repeating a fallacy in an obscure dialect only makes it more of a fallacy.

You would be correct in thinking I didn't take your incorrect nitpick in the reply seriously.

I don't know, what you are talking about...

Re:Mod Insightful

[kwabbles]

Give it 5 years, folks.

Then can "NATO" take over?

[soren100]

NATO is not the US. Ah, the old "you forgot Poland" strategy. (That was Bush counting Poland's contribution of 184 soldiers to the invasion of Iraq to help prove that it was a "coalition" of nations that attacked Iraq.)

If your statement had any truth to it whatsoever, then the US could pull out of both Iraq and Afghanistan today and just let "NATO" take over.

Brain Candy...

[afxgrin]

They should make a program that gives internet worms to ex-girlfriends. ;-)

The title and summary are incorrect.

[TAiNiUM]

The title and summary are incorrect.

TFA is not about the US Cyber Command. There is no such thing. It is about the Air Force Cyber Command (AFCYBER) which is a new organization that doesn't even have a home yet.

A "US * Command" is our uppermost echelon and they are called Unified Commands. US Strategic Command is the closest Unified Command to anything Cyber since they are responsible for the Cyber mission in addition to lots of other stuff.

Lt Gen Elder doesn't even work there. He works at US Strategic Command's Joint Functional Component Command for Global Strike and Integration. A big reason he was at the conference is that he is also in charge of Eigth Air Force which currently hosts AFCYBER. The guy in charge of AFCYBER is Maj Gen Lord. You may recall that Gen Lord participated in a Slashdot interview recently. Here is the link: http://interviews.slashdot.org/article.pl?sid=08/03/12/1427252

Re:Just what we need YES, inside... apk

"Could the US have any more of an "attack mentality" than it already does?" - by Anonymous Coward on Wednesday April 02, @01:50PM (#22942088) ---

Just what Mr. Elder wants to see in fact, is in THIS thread (vs. "RBN" for example):

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA + make it "fun" to do, via CIS Tool Guidance:

http://www.thenewtech.com/forums/operating-systems/how-secure-windows-2000-xp-server-2003-vista-3550/

Doing MY part being 'patriotic', in "kill-mode", vs. "RBN"... not just defensive stuff is in THAT post, despite its title.

APK

P.S.=> Take a GOOD READ, Mr. Elder... hope it's what you're looking for! apk

Saber rattling?

[arstchnca]

lol wut

A Senior Junior Elder?

>Robert J Elder, Jr, a senior figure

Which one does that 'Jr' cancel out? Elder or Senior?

Puppet show

NATO is not the US.

Of course it is not. The former is just a "good personality" sock puppet of the latter. There are others too, "evil" ones as well as good ones, but the hand is not visible ... or the show would be spoiled. After the break, some of them change their personalities to the opposite (NATO puppet, however, never does, because it is main protagonist character in the show), most of the public never notices that...