Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Cyber Command Wants Greater Attack Mentality

Posted by Zonk on from the cyber-decker-hacker-commands dept.

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

26 of 257 comments (clear)

  1. Fantastic by OldFish · · Score: 5, Insightful

    I think they should start out small by going after spammers all over the world. Just think of the positive publicity!

    1. Re:Fantastic by Farmer+Tim · · Score: 4, Funny

      With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

      --
      Blank until /. makes another boneheaded UI decision.
    2. Re:Fantastic by Naughty+Bob · · Score: 3, Funny

      With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.
      No, he'd just had one too many glasses of grain alcohol and rain water.
      --
      "Be light, stinging, insolent and melancholy"
    3. Re:Fantastic by s_p_oneil · · Score: 4, Insightful

      Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

  2. Cyber?? by NeutronCowboy · · Score: 3, Funny

    This is exploiting cyber to achieve our objectives.

    I'm sorry, what? All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????" into his chat field. I have no idea how to exploit cybering to achieve military objectives. Maybe they want to paralyze the target's networks by getting all lonely teenagers to respond to mass cyber requests?
    --
    Those who can, do. Those who can't, sue.
    1. Re:Cyber?? by trb · · Score: 3, Insightful
      All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????"

      You can only picture a teenager because for you, the implicit noun modified by cyber- is sex - arguably the default focus of a teen's attention. For the military, the implicit noun is war - that is the default focus of their attention. It is clear that cyber- is an adjective prefix that indicates computation. What it means when the noun is implied is in the mind of the beholder.

  3. Just what we need by Anonymous Coward · · Score: 5, Insightful

    Could the US have any more of an "attack mentality" than it already does?

    1. Re:Just what we need by jayveekay · · Score: 5, Informative

      "In the past 10 years the US has initiated 2 military actions against foreign powers."

      Off the top of my head, I can think of 4:

      1998: US launches cruise missiles at Sudan and Afghanistan
      1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
      2001: US provides air support to forces in Afghanistan to overthrow the Taliban
      2003: US invades Iraq

    2. Re:Just what we need by jonnythan · · Score: 4, Informative

      NATO is not the US.

    3. Re:Just what we need by Marcika · · Score: 3, Informative

      Well, the US makes up 75% of the NATO forces (by budget) and both strategic commanders of NATO are Americans by law (SACEUR and SACLANT), so nothing happens in NATO against the will of the US. The primary decision maker about any NATO bombing campaign is always first and foremost the White House/the Pentagon.

  4. Hello Citizen by RichMan · · Score: 5, Funny

    Hello US Citizen,

    Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.

    Thank you for your cooperation.
    ZZ

    PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
    PPS: we can't show you the bill, this is top-secret national defense stuff.
    PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
    PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:

  5. Great... by Unlikely_Hero · · Score: 3, Insightful

    This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems
    shouldn't
    be
    connected
    to
    the
    INTERNET!!!

    perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.

    I can't wait until it's "you're on our side of the internet or you're on their side!!"

    Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

    --
    Happiness does not come from having much, but from being attached to little.
    1. Re:Great... by Chris+Mattern · · Score: 5, Funny

      For example, programs that are written in Java effectively cannot be hacked due to bugs.


      Java has so many bugs in it that it can't be hacked?
    2. Re:Great... by 0xABADC0DA · · Score: 4, Funny

      Java has so many bugs in it that it can't be hacked? No, but your English parser does. There was a small defect in the input and instead of handling it gracefully it corrupted the discussion.

      That's why you just got the uncontrollable urge to eat brains.
  6. Re:Translation by mmkkbb · · Score: 3, Insightful

    You misunderstand. "Collateral damage" means they want to kill your whole family too.

    --
    -mkb
  7. Re:IPS? by db32 · · Score: 4, Funny

    No problem, we will be sending you the bill shortly. The taxes on this work will be calculated at $1.8m per second. We look forward to receiving your payment in a timely manner. -- IRS

    --
    The only change I can believe in is what I find in my couch cushions.
  8. Good luck with that. by Anonymous Coward · · Score: 4, Insightful

    Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.

    Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.

    So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.

    This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.

    I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.

    Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.

    1. Re:Good luck with that. by dave562 · · Score: 4, Insightful

      You're right that the military isn't going to get the best hackers. The NSA will. The educational system isn't the real problem. The best hackers have always been those who had a knack for it and lived and breathed the systems that they enjoyed playing with. Because for the best hackers, hacking is playing. It isn't a job, it isn't a career, it's a hobby that they enjoy. The education system could turn out "computer security professionals", but they will only be as effective as their last class. There simply aren't many people out there with the mental facilities required to be really good at hacking. All the guys I knew weren't wired right. They'd only sleep four hours a night, and had insanely accurate memories.. or they were seriously into drugs, everything from speed and coke to LSD and mushrooms. That's why the end up at the NSA. They can be compartmentalized and their idiosyncrocies can be overlooked. Those people would never make it in a military environment with a rigid chain of command.

  9. Re:They are right by Dunbal · · Score: 3, Insightful

    If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

    Attack is the best defense.

          Spoken like someone who has no understanding of the art of war.

          The first rule of war is: don't go to war.

          The second rule of war is if you have to go to war make yourself invulnerable before you attack.

          "Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

          If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.

    --
    Seven puppies were harmed during the making of this post.
  10. Re:Actually.... by f0dder · · Score: 3, Interesting

    Too late, I think Putins KGB/GRU has them under contract.

  11. Didn't know the Airforce was into this stuff by adrenalinekick · · Score: 5, Funny

    I put on my robe and wizard hat...

  12. Truth in Naming by Original+Replica · · Score: 4, Insightful

    An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen

    The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.

    --
    We are all just people.
    1. Re:Truth in Naming by OldFish · · Score: 3, Insightful

      How about Cyber Warfare Command That encompasses both offense and defense. Done.

  13. First strike & offense capablity. by John+Sokol · · Score: 4, Interesting

    I am waiting for them to call me and my buddies.

    First they need older hackers, not script kiddies.
    Black hats, or at least former black hats.

    Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.

    Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.

    Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).

    But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

    Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
    http://www.c-program.com/kt/reflections-on-trusting.html

    Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.

    Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.

    > where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

    I have been told years ago that this is already being done at Taiwanese fabs to us.
    Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
    This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.

    These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
    An example would be to hack into Microsoft and muck with their distro before it goes out.

    Of course with Microsoft and Apple, this would already seem to be unnecessary.

    --
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
  14. Someday in the Future... by dcollins · · Score: 3, Insightful

    Someday this guy will have a big component of his ships, missiles, and robot vehicles taken down by a friggin' virus spawned by two guys in a garage somewhere in Asia.

    And he'll go "Oh my god! We were totally taken by surprise! Who could have ever imagined or prepared for something as astounding as this!", for about the 4,000th time in the history of this administration.

    --
    We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
  15. collateral damage by DM9290 · · Score: 4, Insightful

    Isn't it some kind of war crime to intentionally TRY to inflict collateral damage?

    I thought there was an obligation to try to minimize collateral damage?

    --
    No one has a right to their *own* opinion. They have a right to the TRUTH.