Slashdot Mirror


USAF Considers Creation of Military Botnet

sowjetarschbajazzo writes "Air Force Col. Charles W. Williamson III believes that the United States military should maintain its own botnet, both as a deterrent towards those who would attempt to DDoS government networks, and an offensive weapon to be used against the networks of unfriendly nations, criminal groups, or terrorist organizations. "Some people would fear the possibility of botnet attacks on innocent parties. If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them." What does Slashdot think of this proposal?"

8 of 440 comments (clear)

  1. I'm Suprised by zehaeva · · Score: 5, Interesting

    I'm Surprised that they are not doing this already. That begs the question, who's computers would host the bots? Patriotic Americans who allow the govt to install software on their machine to attack the enemy is all well and good but what happens when the alphabet soup figures out that the govt has software on most of America's PC's?

    1. Re:I'm Suprised by OeLeWaPpErKe · · Score: 5, Interesting

      you risk having the CNC reverse engineered and the botnet might suddenly "belong" to someone else.

      Only if you're stupid and use symmetric encryption. Such a problem would most certainly not manifest with a distributed public-key encrypted network. Obviously this is an area where even good organizations and intellient people have been known to have made utterly stupid mistakes.

      But it is certainly possible to create an uncompromiseable botnet.

      Actually, to be honest, I'm really surprised such a botnet doesn't exist already. Oh well, perhaps it's just one of the better hidden ones.

      One thing bothers me about botnets though : they all seem to originate either in Russia or deep into China. Especially in China I find it very surprising that ip's closer to the command center of those botnets tend to trace deep inside China, and not to the coastal cities, where you'd expect the Chinese script kiddies to be.

      So aren't we just kidding ourselves that other nations don't already have these ? Storm might very well be Putin's botnet.

    2. Re:I'm Suprised by bill_kress · · Score: 5, Interesting

      Doesn't the US government already have monitoring at the choke-point of virtually every ISP? Equipment that undoubtedly has the ability to generate any number of packets, spoofing any source...

      Would that be enough?

    3. Re:I'm Suprised by lucas_picador · · Score: 4, Interesting

      Your premises get "upgraded" from being "civilian" to "dual use", but none of America's real enemies today care for that fancy legal distinction anyway.

      This is a shocking statement, not only in its ignorance of current affairs, but also its shortsightedness. Read some military history and find out what happens to countries that declare that jus belli no longer applies to them. The US has always (until recently) adhered to international laws of war for very good reasons; this recent call to abaondon them is a terrifying development, because it invites atrocities against our soldiers as well as our civilian populations. This may not make a difference to terrorist groups who already ignore these distinctions, but if you think those are the only forces the US will face in the next 30 years, you are an idiot.

      The previous post was exactly right: when you recruit civilian computers to carry out military attacks, those computers and their operators become legitimate military targets. This is a terrible idea.

  2. where can i get some by FudRucker · · Score: 5, Interesting

    if China or Iran or some other enemy country wants to attack the USA and the US government wants to start a botnet let me know i have 2 PCs on 24/7/365 on cable broadband, i will volunteer my PCs to work for the US Government as part of a botnet, Bush may not be my favorite president but i am still an American and know what side my bread is buttered on (just make a Linux version too)...

    --
    Politics is Treachery, Religion is Brainwashing
  3. Re:Which country would that be again? by Culture20 · · Score: 4, Interesting

    If the U.S. government starts targeting botnet clients within U.S. borders, I say it's a good use of my tax dollars.
    Even better if they can provide educational public service announcements about computer security.

    Remember: Only you can prevent firewire.
    This is your computer. This is your computer in a botnet.
    Got v146rA? ....Please, buy your pharmaceuticals from a pharmacy, not junk email.

  4. They probably are. by jd · · Score: 4, Interesting
    Cyberwarfare is nothing new. To repeat an example I keep going back to, the Internet Auditing Project, they did talk about a successful attack on their system from a US Government agency via a cracked Australian computer. This is not the same as a botnet (hence the uncertainty) but the fact that they do already exploit vulnerable machines is a pretty good indication of the line of thinking they have been going on.

    But - and this is the important part - it is extremely unclear as to who the "they" are. The US Government is big, different departments have different policies and philosophies, what holds true for some branch A may not hold true for some other branch B, and so on. For example, I can't really imagine the regular US Army or Navy using a botnet. That's not, as a whole, their style. Remember, the US Navy is looking at semi-robotic next-generation Ironclads/Battleships with hundreds of missile launchers on each side. There is nothing subtle or stealthy about the Navy. Their sneers and jeers at Sweeden examining stealth ships is further evidence that these guys are about as subtle as a rocket-propelled 2x4.

    Now, what about other departments? We already know that there are departments that indulge in signals intelligence, electronic and cyber warfare, covert operations, and so on. By definition, we do not know what those departments are involved in, and by definition they would be unable to tell us honestly if they were - or if they weren't. That makes it easy to be paranoid, as there is no way of testing any speculation as to what they are doing. We might know in 50 years time, some secrets may be held back for 100, some secrets may never be known (documents lost or destroyed, for example, as happened in the My Lai warcrimes investigations). Paranoia is the antitheses of rational thought, and in matters in which limited (or zero) information exist, rational thought should be of paramount importance. Insanity helps nobody, least of all yourself.

    The evidence is slender, but is strongly suggestive one department already has backdoors on vulnerable boxes. After cyber-attacks elsewhere in the world, protective measures by the US will have increased, not decreased. Ethics aside, at least one military botnet under US control probably exists, as it probably does for Russia, China and probably other nations. I imagine, given the advanced education and the perceived need (it may also be a real need, but nobody acts on real needs they don't perceive as such) by Israel and India that they also have botnets. Britain's brain-drain has probably deprived it of too much talent at this point, but GCHQ and the various clandestine intelligence departments (we don't even know what departments there are - only two officially even exist, but at least one other has been officially mentioned) might have such a system in place, but more likely for intelligence purposes than for attack.

    But what about the ethical standpoint? Well, ethics covers a multitude of sins, and most people have different ethics, making any kind of rational ethical argument difficult. I will stick to one point alone, then, and it's not the obvious one concerning those running the botnets. It's the ethical consideration of running an insecure machine. If you are a patriot, is it not your duty to secure your computer? If you do not, then any (and possibly every) hostile power could - and probably eventually will - run a node of the botnet on your machine. If you are a sympathizer of a foreign power, is it not your duty to secure your computer? If you do not, then your country could - and probably eventually will - run a node of a defensive botnet on your machine. If you are apolitical, then is it not your moral duty to secure your machine, so that nobody can abuse your facilities for their political purposes? If you're an anarchist, isn't it politically unacceptable to allow a government to maintain/impose order through you?

    In short, it is unethical to leave your machine insecure, no matter what your political stance. No matter w

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  5. Re:Historical Perspective by bendodge · · Score: 4, Interesting

    The Revolutionary War had clear aims and objectives (self-government and independence) and tried using normal negotiations first (Olive Branch Petition). Americans were not running into Britain to blow things up, they were not using random people as human shields, they were not kidnapping British civilians, and they were not using a radical religion as justification (most of the Founding Fathers were Deists).

    The basis of the American Revolution was "no taxation without representation". The basis of the whatever-you-call-it the Muslims are doing is "Jews are dogs and America is the Great Satan".

    --
    The government can't save you.