Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Cyber Command Wants Greater Attack Mentality

Posted by Zonk on from the cyber-decker-hacker-commands dept.

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

26 of 257 comments (clear)

  1. Fantastic by OldFish · · Score: 5, Insightful

    I think they should start out small by going after spammers all over the world. Just think of the positive publicity!

    1. Re:Fantastic by s_p_oneil · · Score: 4, Insightful

      Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

    2. Re:Fantastic by Anonymous Coward · · Score: 1, Insightful

      > And since the worm is closing the doors ( and subsequently killing itself on the host side )

      The problem is it won't. In order to be effective the worm has to try and spread itself. Assuming I pay for my internet in kb sent/received, that's a lawsuit waiting to happen. Also, using a worm to 'force' people to patch is likely to seriously screw up patch management

      Healing worms are a bad idea.

    3. Re:Fantastic by mistermiyagi · · Score: 1, Insightful

      "Assuming I pay for my internet in kb sent/received, that's a lawsuit waiting to happen. "

      Aren't the infected already paying the increased cost of the botnets running on their systems.

        "Also, using a worm to 'force' people to patch is likely to seriously screw up patch management"

      Aren't they already being "forced" to dole out spam. I'd rather force them to keep a clean system then sit back and let the runners of the botnets win.

        Also i'd argue that Patch management doesn't exist for the people who are infected. They don't even know what a patch is let alone a botnet. They don't know how they get infected. They don't know how to help themselves. And no one seems to really want to fix the problem.

      Unless the patch comes in the form of a LOLcat saying "teh botnet iz Fuking u up I iz her to Halp" It ain't gonna get fixed.

      "Healing worms are a bad idea."

      Botnets are a worse idea.

        Something has to be done and we ( people who know at least some things ) should be trying everything we can to at least slow down these abusive networks. If not a "halpful" worm then something more proactive then just saying help your self cause we are seeing what that mantra is doing.

  2. Just what we need by Anonymous Coward · · Score: 5, Insightful

    Could the US have any more of an "attack mentality" than it already does?

    1. Re:Just what we need by moderatorrater · · Score: 1, Insightful

      How clever. An AC has thoughtlessly blasted the US's foreign policy and gotten modded up. In the past 10 years the US has initiated 2 military actions against foreign powers. Compare this to Germany in WWI or WWII or to Japan in WWII. Compare this to Russia after WWII. Compare this to almost any other large, powerful nation at the height of its power. In comparison, the US is quite benevolent.

      There's the counter argument that the US should be better than that, though, and I agree. The US shouldn't just be the greatest nation in terms of military power, it should strive to be the most moral nation in the world. However, criticizing someone for trying to hit the mark and missing is more counter-productive than congratulating them for getting so close.

    2. Re:Just what we need by Anonymous Coward · · Score: 0, Insightful

      2 overt military actions. The USA, via the CIA, has been covertly funding terrorists in many countries, including rich first-world ones like Ireland (helps keep the British busy).

  3. Great... by Unlikely_Hero · · Score: 3, Insightful

    This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems
    shouldn't
    be
    connected
    to
    the
    INTERNET!!!

    perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.

    I can't wait until it's "you're on our side of the internet or you're on their side!!"

    Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

    --
    Happiness does not come from having much, but from being attached to little.
  4. Where's hypno-toad... by mbaGeek · · Score: 2, Insightful

    ...when you really need him?

    random quote from forgotten source:

    "Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"
    --
    It ain't what they call you. It's what you answer to. http://mylyceum.us/
  5. Re:Cyber?? by trb · · Score: 3, Insightful
    All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????"

    You can only picture a teenager because for you, the implicit noun modified by cyber- is sex - arguably the default focus of a teen's attention. For the military, the implicit noun is war - that is the default focus of their attention. It is clear that cyber- is an adjective prefix that indicates computation. What it means when the noun is implied is in the mind of the beholder.

  6. Re:Translation by mmkkbb · · Score: 3, Insightful

    You misunderstand. "Collateral damage" means they want to kill your whole family too.

    --
    -mkb
  7. It'll be too hard for them to staff up by MikeRT · · Score: 2, Insightful

    Too many of the people that they'd want who are freakishly good at networking probably have a criminal record long enough to deter them from ever holding a TS, let alone a TS/SCI.

    I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.

  8. Good luck with that. by Anonymous Coward · · Score: 4, Insightful

    Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.

    Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.

    So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.

    This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.

    I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.

    Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.

    1. Re:Good luck with that. by dave562 · · Score: 4, Insightful

      You're right that the military isn't going to get the best hackers. The NSA will. The educational system isn't the real problem. The best hackers have always been those who had a knack for it and lived and breathed the systems that they enjoyed playing with. Because for the best hackers, hacking is playing. It isn't a job, it isn't a career, it's a hobby that they enjoy. The education system could turn out "computer security professionals", but they will only be as effective as their last class. There simply aren't many people out there with the mental facilities required to be really good at hacking. All the guys I knew weren't wired right. They'd only sleep four hours a night, and had insanely accurate memories.. or they were seriously into drugs, everything from speed and coke to LSD and mushrooms. That's why the end up at the NSA. They can be compartmentalized and their idiosyncrocies can be overlooked. Those people would never make it in a military environment with a rigid chain of command.

  9. Re:They are right by Dunbal · · Score: 3, Insightful

    If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

    Attack is the best defense.

          Spoken like someone who has no understanding of the art of war.

          The first rule of war is: don't go to war.

          The second rule of war is if you have to go to war make yourself invulnerable before you attack.

          "Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

          If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.

    --
    Seven puppies were harmed during the making of this post.
  10. Re:They are right by Robert1 · · Score: 2, Insightful

    You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still part of the Great Japanese Empire, but that's all history.

  11. Truth in Naming by Original+Replica · · Score: 4, Insightful

    An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen

    The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.

    --
    We are all just people.
    1. Re:Truth in Naming by OldFish · · Score: 3, Insightful

      How about Cyber Warfare Command That encompasses both offense and defense. Done.

    2. Re:Truth in Naming by FreakWent · · Score: 2, Insightful

      fighting for peace is like fucking for virginity
      ~ John Lennon

    3. Re:Truth in Naming by rtb61 · · Score: 2, Insightful
      The problem with that is it makes absolutely no sense. In order to defend your public infrastructure, you must publicly implement systems that will protect against all know attacks, hence every other country can copy them.

      If you launch a successful attack upon another county, chances are that attack can be readily mimicked and launched against your own public infrastructure. If you attempt to establish a defence against that attack you are back to square one.

      Most attacks on the internet, have targeted everybody and have not been very specific, only the brute force attacks using botnets have been specifically targeted.

      Most countries who want to run totally secure critical networks run them with an airgap, wishful thinking or public boasting does not tend to fill that gap.

      The reality is you either defend (only creating attack methods to test and improve defences) or you are a criminal working for criminal organisations and attack. The whole concept of the US Air Force Cyber Command is pretty idiotic, it really needs to be a civilian agency because what you most want to protect is public and private infrastructure. For the military, if it doesn't absolutely need to be connected to the internet, then don't bloody connect it.

      --
      Chaos - everything, everywhere, everywhen
  12. Someday in the Future... by dcollins · · Score: 3, Insightful

    Someday this guy will have a big component of his ships, missiles, and robot vehicles taken down by a friggin' virus spawned by two guys in a garage somewhere in Asia.

    And he'll go "Oh my god! We were totally taken by surprise! Who could have ever imagined or prepared for something as astounding as this!", for about the 4,000th time in the history of this administration.

    --
    We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
  13. Collateral damage by jabber · · Score: 2, Insightful

    Collateral damage, by definition, is unintentional. The contradiction aside, why would the most technologically advanced (arguably, I suppose) part of the US military seek to cause more than the necessary amount of damage?

    --

    -- What you do today will cost you a day of your life.
  14. collateral damage by DM9290 · · Score: 4, Insightful

    Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?

    I thought there was an obligation to try to minimize collateral damage?

    --
    No one has a right to their *own* opinion. They have a right to the TRUTH.
  15. Re:First strike & offense capablity. by dave562 · · Score: 2, Insightful
    But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

    I completely agree. A lot of people stopped walking along the path that they were walking after age 18 because what they thought was, "Pretty damn cool." the government and law enforcement agencies thought was, "A federal felony punishable by time in prison." I was never into hacking System 75 and Audix because I wanted to take down companies... I just thought it was cool to give my friends free voicemail boxes on the end of a 1-800 number that they could access from anywhere. I never got into cloning cell phones because I wanted to eavesdrop on people and steal secrets, that was just a byproduct of the knowledge acquired by knowing how to do it.

    This is a bit off topic, but there is a huge problem when it comes to creative/curious people and our legal system. I figured out in my late teens that the legal system is setup to protect stupid people from themselves. It is set to "level the playing field" to the absolute lowest common demoniator and punish anyone who exercises their natural, human instinct to push the boundries. It has been common knowledge for a couple of decades at this point that the government was presented with the "problem" of computer security. They had the option to either help to make systems secure by passing legislation to mandate good practices and levy fines against those who didn't follow them, or they could simply jack up the penalities for messing with the systems. It's obvious which route they took. Systems aren't much more secure than they have ever been and anyone with any inclination to figure them out and poke around at the holes is scared to do so for fear of ending up buried under huge fines and/or incarcerated in Federal prison.

  16. Uhhh, no. by Anonymous Coward · · Score: 1, Insightful

    While the NSA might get the best cryptographers, they don't get the best hackers. Or crackers. Anyone who confuses crypto with crackers doesn't know what they're talking about.

    The best crackers don't work for the NSA. They are extremely good at what they do, breathtakingly so.

    The NSA might get a better group than the military, but if you think they are the best, you are absolutely kidding yourself.

    Oh, and the NSA doesn't even get the best crypto guys anymore, either. Google has been outcompeting them there lately.

  17. Re:Working for US right now by dbIII · · Score: 2, Insightful
    Unfortunately it's the classic magic "tiger stone" - the protection is due to the fact that there are no actual tigers in the area and not due to the stone. Iraq has turned into a terrorist assembly line and Afganistan a vast source of opium to pay for it all.

    As for changes at home - talk at the highest levels about how torturing people is OK, suspension of the rule of law in some cases for something a bit more Feudal and widespread hysteria awoken by things like advertising signs looks like a bit of a change.