Slashdot Mirror
US Cyber Command Wants Greater Attack Mentality
superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"
It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.
OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).
The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.
The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?
2? Just 2? We are actively nation building in 12 countries right now. Nation building is done by peacekeepers and peacekeeping is done by soldiers. Soldiers on the ground in another country with guns, getting shot at = ? ...
-ellie
Too late, I think Putins KGB/GRU has them under contract.
Simple Unexpected Concrete Credible Emotional Stories
I am waiting for them to call me and my buddies.
First they need older hackers, not script kiddies.
Black hats, or at least former black hats.
Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.
Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.
Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).
But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.
Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html
Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.
Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.
> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.
I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.
These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.
Of course with Microsoft and Apple, this would already seem to be unnecessary.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Yes of course it'll get caught by AV/Anti spy ware. Those people are the ones who you don't ( usually ) have to worry about. And since the worm is closing the doors ( and subsequently killing itself on the host side ) the propagation will eventually go to zero ( or as close to 0 as you can realistically get ) as the network is " healed "
"And from the user standpoint: do you really want anything that propagates as a worm doing whatever it wants on your box?"
As a user who knows how to protect themselves. No . But as we all know the users who don't know any better don't even know that they themselves are the reason that the botnets exist. So using them to fix the problem as a whole is not only doing them a service it is doing us all the favor also.
Also in my ideal version of this fix the spreading of the worm is a one shot deal on the host side. It sends itself once then closes the door thus preventing future infections from the same vector.
"Basically we call the solution to the virus problem a 'patch' and give people the option of whether and when to install it."
And how has that been working for all of us. I'd say not very well since the botnets still exist. If all the users were patching as often as you and most slashdotters were in theory the botnets would not exist at all.
"As a sysadmin, do you want something unauthorized eating up network resources?"
If your doing your job you will never have to worry about since you wouldn't get infected in the first place.
The same problem applies overall to the "Department of Defense". When was the last time the "Department of Defense" actually DEFENDED U.S. soil? Pearl Harbor? It seems all they do nowadays is attack... Maybe they should change their name back to the "War Department."
Cyber Operations Command. COC
Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
> No, but we control NATO and tell it what to do.
>
> Has NATO ever used military force at the
> initiative of another country? If so, when?
No one in the USA particularly wanted Yugoslavia to break up into little mutually genocidal groups until the Germans recognized Slovenia as an independent state. That, and their encouraging other states of the country to do the same, ended up dragging the European members in. Then their general helplessness (really, they NEED a Logistics Command, more than a French Foreign Legion) dragged the US in, and pretty much just as much of the Air Force as could go in, bomb, and get out without risking their paint jobs, let alone pilots. So the Kosovo mess was not the USA controlling NATO, but a NATO member jumping in and pulling the rest of the alliance in with it.