Slashdot Mirror
US Cyber Command Wants Greater Attack Mentality
superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"
I think they should start out small by going after spammers all over the world. Just think of the positive publicity!
I'm sorry, what? All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????" into his chat field. I have no idea how to exploit cybering to achieve military objectives. Maybe they want to paralyze the target's networks by getting all lonely teenagers to respond to mass cyber requests?
Those who can, do. Those who can't, sue.
Could the US have any more of an "attack mentality" than it already does?
If I run nmap -A on the Cyber Command website, they want to be able to make my head explode in retaliation. With "cyber".
End of lesson. You may press the button.
Hello US Citizen,
Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.
Thank you for your cooperation.
ZZ
PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
PPS: we can't show you the bill, this is top-secret national defense stuff.
PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:
This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems
shouldn't
be
connected
to
the
INTERNET!!!
perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.
I can't wait until it's "you're on our side of the internet or you're on their side!!"
Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.
Happiness does not come from having much, but from being attached to little.
It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.
OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).
The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.
The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?
...when you really need him?
random quote from forgotten source:
"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"It ain't what they call you. It's what you answer to. http://mylyceum.us/
No problem, we will be sending you the bill shortly. The taxes on this work will be calculated at $1.8m per second. We look forward to receiving your payment in a timely manner. -- IRS
The only change I can believe in is what I find in my couch cushions.
Bigger Bang? Windows! You're talkin' about Windows!
Too many of the people that they'd want who are freakishly good at networking probably have a criminal record long enough to deter them from ever holding a TS, let alone a TS/SCI.
I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.
Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.
Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.
So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.
This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.
I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.
Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.
I can see it now. Somewhere in China or Nigeria a hacker is trying to gain access to a U.S. government network and suddenly their own systems are attacked from hundreds of locations around the world bringing their network to it's knees! Revenge is sweet!
If all you do is defense, then eventually the enemy is likely to figure out, how to break you.
Attack is the best defense.
Spoken like someone who has no understanding of the art of war.
The first rule of war is: don't go to war.
The second rule of war is if you have to go to war make yourself invulnerable before you attack.
"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.
If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.
Seven puppies were harmed during the making of this post.
Too late, I think Putins KGB/GRU has them under contract.
I put on my robe and wizard hat...
Can't we just shoot em? I really don't feel right biting some guy's ass.
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still part of the Great Japanese Empire, but that's all history.
An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen
The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.
We are all just people.
I am waiting for them to call me and my buddies.
First they need older hackers, not script kiddies.
Black hats, or at least former black hats.
Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.
Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.
Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).
But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.
Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html
Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.
Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.
> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.
I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.
These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.
Of course with Microsoft and Apple, this would already seem to be unnecessary.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Someday this guy will have a big component of his ships, missiles, and robot vehicles taken down by a friggin' virus spawned by two guys in a garage somewhere in Asia.
And he'll go "Oh my god! We were totally taken by surprise! Who could have ever imagined or prepared for something as astounding as this!", for about the 4,000th time in the history of this administration.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Collateral damage, by definition, is unintentional. The contradiction aside, why would the most technologically advanced (arguably, I suppose) part of the US military seek to cause more than the necessary amount of damage?
-- What you do today will cost you a day of your life.
Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?
I thought there was an obligation to try to minimize collateral damage?
No one has a right to their *own* opinion. They have a right to the TRUTH.
The first rule of war is: don't go to war.
The second rule of war is if you have to go to war make yourself invulnerable before you attack.
"Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment. You thought the poster meant "let's withdraw all forces, hunker down, and let everyone attack our defenses." Actually, MacArthur followed the second rule. The point being made was, an aggressive preemptive mentality often leads to defeat, which is why Japan and Germany lost their respective wars. The U.S. entering WWII was not an "attack mentality", but, an act of defense after we were attacked by Japan.
Fast forward to Vietnam and Iraq and you'll see why an attack mentality fails. How many years did it take the U.S. to realize that continuously being in attack mode in Iraq even AFTER the capture of Saddam Hussein did far more harm than the actual invasion itself? By the time the U.S. realized that we needed a peacetime force and not a full blown-out military force, the citizens of Iraq wanted us out and temporarily joined forces with al-Qaeda to form a resistance. (Only later did the Iraqis realize that al-Qaeda was far more interested in their own agenda than they were with helping the Iraqis, and turned against them too.)
And since you brought up Douglas MacArthur, read his bio, specifically: President John F. Kennedy solicited MacArthur's counsel in 1961. The first of two meetings was shortly after the Bay of Pigs Invasion. MacArthur was extremely critical of the Pentagon and its military advice to Kennedy. MacArthur also cautioned the young President to avoid a U.S. military build-up in Vietnam, pointing out domestic problems should be given a much greater priority. Shortly prior to his death he gave similar advice to the new President, Lyndon Johnson. Even the great General you were referencing earlier warned Kennedy and Johnson about an aggressive military build-up in Vietnam.
Best "String" Ever!
The title and summary are incorrect.
TFA is not about the US Cyber Command. There is no such thing. It is about the Air Force Cyber Command (AFCYBER) which is a new organization that doesn't even have a home yet.
A "US * Command" is our uppermost echelon and they are called Unified Commands. US Strategic Command is the closest Unified Command to anything Cyber since they are responsible for the Cyber mission in addition to lots of other stuff.
Lt Gen Elder doesn't even work there. He works at US Strategic Command's Joint Functional Component Command for Global Strike and Integration. A big reason he was at the conference is that he is also in charge of Eigth Air Force which currently hosts AFCYBER. The guy in charge of AFCYBER is Maj Gen Lord. You may recall that Gen Lord participated in a Slashdot interview recently. Here is the link: http://interviews.slashdot.org/article.pl?sid=08/03/12/1427252
As for changes at home - talk at the highest levels about how torturing people is OK, suspension of the rule of law in some cases for something a bit more Feudal and widespread hysteria awoken by things like advertising signs looks like a bit of a change.