Slashdot Mirror
USAF Considers Creation of Military Botnet
sowjetarschbajazzo writes "Air Force Col. Charles W. Williamson III believes that the United States military should maintain its own botnet, both as a deterrent towards those who would attempt to DDoS government networks, and an offensive weapon to be used against the networks of unfriendly nations, criminal groups, or terrorist organizations.
"Some people would fear the possibility of botnet attacks on innocent parties. If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them." What does Slashdot think of this proposal?"
I'm all for the theory that if you attack us we will defend ourselves. The "you" in that sentence does not matter, in other words, if an ant bites us we step on it, if a dog bites us, we kick it and if an enemy country uses pereonnal computers to attack us, we use botnet.
I'm Surprised that they are not doing this already. That begs the question, who's computers would host the bots? Patriotic Americans who allow the govt to install software on their machine to attack the enemy is all well and good but what happens when the alphabet soup figures out that the govt has software on most of America's PC's?
No good can come of this.
A botnet is like a disease. Not a bomb. Deliberately infecting your own computers is a horrible idea.
If you can read this, I forgot to post anonymously.
Let's see...
It's a military necessity to have a botnet...so it will become my patriotic duty to allow their malware to reside on my machine. AV will be modified to not report it's existence. I will have no control or knowledge of what it's doing, or what it's reporting.
Then, those in charge of the program will complain that the citizen's computers are "unreliable" - they get turned off, are filled with competing malware, etc. So they will let a contract to Grumman or Lockheed for 10 million computers, to be scattered across the country/world as dedicated US Militarty Botnet computers, at, say, 10,000 dollars apiece. Due to specification changes, additional missions, etc., cost ovveruns will push the cost to 100,000 dollars apiece. The Congress will get involved, and will reduce the number of computers to buy to 10,000, will add additional missions and capabilities, and the per-unit cost will climb to $1,000,000. Five years later, the program will be cancelled.
And, still, the government malware will reside on my machine.
And the worms ate into his brain.
Sounds like the Geneva convention needs to be updated to include technological attacks.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
You have 4 windows updates to install:
Security hotfix for XML services KB0453456
Security hotfix for Windows
Microsoft Silverlight
US DoD anti-terrorist cyberwarfare battle attack bot v3.1
Do you think they really wouldn't do it?
What makes them think that botnet will be made up of computers located in some other country in the first place? As I remember, a massive proportion of infected computers in existing botnets are in the US. Quick, lets attack our own computers!
One day this botnet will become self-aware...
We must not allow a botnet gap!!
"If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them"
It might be found that the enemy botnet just doesn't respect political borders and will be using machines within ones own country. What happens then?
"Because we are not employing at entry level, offshoring will kill our industry stone dead."
Somebody needs to correct this! It's even the Air Force, just like in movies.
..is that creating a botnet is a fundamentally offensive tactic. If you're compromising computers to use for "defensive purposes", then you're launching a preemptive attack, which would make the US the aggressor. Unless you think somehow you're going to convince me to put your crappy malware on my machine, in which case you're sadly mistaken.
The U.S. will perform the same target preparation as for traditional targets
I wonder why that doesn't seem the least bit reassuring to me...
So.. Ummm... Does this mean that Microsoft has retroactively become a military "equipment" provider?
:)
Ahhh.. That felt good. Mod away
if China or Iran or some other enemy country wants to attack the USA and the US government wants to start a botnet let me know i have 2 PCs on 24/7/365 on cable broadband, i will volunteer my PCs to work for the US Government as part of a botnet, Bush may not be my favorite president but i am still an American and know what side my bread is buttered on (just make a Linux version too)...
Politics is Treachery, Religion is Brainwashing
Slashdot: Internet Ranks Vanilla as the Best Ice Cream Flavour Ever
...disease pathogens. Oh wait...
Brackets contain world's first nanosig, highly magnified:[.]
"You don't need a weatherman to know which way the wind blows." - Bob Dylan
... the government decides to turn this botnet against the civilian population in some way?
I mean, at some point (if I recall correctly, I am not American, I am Canadian), there were laws created saying that Americans have the right to arm themselves in case their government turns against them. Does that include the case of computer warfare?
What would happen in the case of other countries that this botnet could be used against? Would that be considered an act of war?
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
The one where the superior military, that could crush its opposition anywhere they stood and fought, couldn't defeat an army that kept slipping in to the countryside?
The one where the "evil" greater power could be demonised every time they caused collateral damage or took reprisals on the people the weaker force hid behind?
The one where the great general George Washington brilliantly used geurilla tactics to make up for never having more than 17,000 men in the field at any one time?
The one where, soon after winning its largely guerilla war, they wrote the second ammendment to their constitution to enshrine the right to that kind of combat?
The one where the larger but distant power regarded the attacks on its own holdings as terrorism - the term just wasn't widely used yet?
It's ironic that a nation formed on, and celebrating in its constitution, the principles of armed insurrection, guerilla warfare and terrorism when it was the weaker power gets its panties in such a collective bunch when people do exactly the same thing that worked so well for it back again.
Remember: If you win and you're powerful enough to write the history, it's noble. If you lose, it's evil terrorism. Until it's decided, which one it's viewed as simply depends on which side you're on.
Given their track record, once the botnet comes online I give them three months tops before someone else hijacks it and uses it to drop US gov't websites just to show them it can be done. Watch as they scramble to bring even more offensive capabilities online in response to the demonstration.
Hahaha... welcome to the digital cold war.
In a traditional war, the idea is that the US could win by having a larger, better equipped and high tech army. Of course, it doesn't always work in places like Iraq or Afghanistan, but that's the theory.
On the internet, small groups of individuals can wield as much power as the US armed forces could hope to. Massive botnets are hardly new.
Also, how exactly would targeting infected civilian PCs help? The first 'D' in DDOS stands for "distributed", i.e. blasting PCs off the internet one at a time isn't going to help much.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Even if true, the assurance that all the usual standards will be upheld in choosing targets to attack just isn't all that reassuring. Building a botnet means attacking systems. Lots and lots of them. In order to be effective, a botnet has to be widely distributed and scattered amidst legitimate systems, otherwise you can just ignore it. Building a botnet would mean compromising a metric fuckload(possibly an imperial fuckload, depending on the department and contractor in question) of individual and business machines. Using domestic computers for this purpose had better be illegal, and even if it isn't, tolerating vulnerabilities in domestic systems just to build a botnet is lousy security policy. I suspect that our allies would not be happy to hear about us trying it on their citizens and our enemies might well raise a serious diplomatic stink about it.
Knowing us, of course, we'll probably take the even less palatable option and hire scummy contractors and subcontractors to do it. How could a DoD/Raytheon/Ukrainian Mob joint venture with a giant black budget possibly go wrong?
To clarify - the "military botnet" in the article uses computers owned by the military, not unsuspecting civilian computers. That's the FUD part, people equating botnet with the computers of unsuspecting people who aren't competent enough to protect their computers from compromise.
A botnet succeeds in DDOS because it's able to leverage the bandwidth of 10's or 100's of ISPs to overwhelm the resources of the 1 ISP or server that a site is hosted on.
For a US Military operation, you wouldn't bring the headache of maintaining 1,000,000 crappy old PCs stuffed in unused closets to bear on the problem. You'd build big machines, and you'd locate them on major backbone networks. When it came time to bring a little DDOS to bear on the enemy, you would have your big machine fire packets. It could spoof IP addresses as it wished; it could use yours, and you wouldn't even know it!
No one other than the technicians on the backbone could tell the difference between this and a hacker's botnet. But it would at the same time be much larger scale, cost more, and be theoretically more efficient - all positives in the military contracting arena.
And the worms ate into his brain.
We could build a voluntary enrollment bot net that could be loaned to the government in time of crisis. Other times we could use it for basic research or rent it out for LEGAL super computer use.
It might also come in handy for keeping our own government under our control in case some over zealous patriot gets their hands on the military's control equipment.
How long would it take to design and deploy something like this as a government driven project. Maybe if they would write it in Ada....
It seems like the author wants to run a legal botnot from military computers around the world, as a way to respond to attacks. That's fine, but since criminal botnets are distributed among computers around the world, some of the attacking computers will be from allied countries. Heck, some of them may be the very same military computers that are part of our botnet. The author writes about attackers spoofing IPs to appear to come from friendlies, but what if the computer is actually a friendly that has been zombied? That's where other "intelligence" sources comes in, I suppose, but I am skeptical that the attacker could be accurately identified quickly enough.
$nice = $webHosting + $domainNames + $sslCerts
Army and Navy will want botnets too! Seriously, cyber warfare will be a big issue of two high-tech countries ever go to war against each other again... ;-)
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
How will they ensure that they're only enlisting US-based computers?
The geo-location algorithms are only so accurate.
Chip H.
Did you know that they really don't protect civilians under "contemporary" conditions ? It specifically states that if "the enemy" (anyone whom you're at war with) does not clearly identify itself (which is defined to mean military bases OUTSIDE of population centers and CLEARLY uniformed troops) that civilians, enemy troops AND casualties are fair game ?
As in, if there is a faction using people as human shields, any army fighting them is completely within their rights to shoot all the human shields first. (think about what rights this theoretically gives Israel in fighting Gaza, they go above and beyond what Geneva requires of them, since a genocide in Gaza would be clearly within Israel's rights under the Geneva conventions)
Even in an open war a military is completely within their rights to let a civilian population starve. Everything except direct, unprovoked attacks is not the subject of the Geneva conventions.
The convention also CLEARLY states who gets to judge (obviously without possibility of appeal) whether the provisions of the Geneva conventions allow you to shoot a certain person : the field commander. His decision is final, and he gets to be judge, jury and executioner.
Besides, there isn't a single warring faction in the world today, except the United States (and Israel, Turkey and "maybe" China (insofar you call Tibet a war, besides I doubt you will find China respecting Geneva in Africa)), that even pretend to respect the Geneva conventions. E.g. hezbollah has declared upon multiple occasions that it doesn't, nor does it ever intend to (and then they say something about some prophet not respecting them as justification).
Lots of other warring parties don't respect Geneva : the islamist government of Sudan, Egypt (in it's south), Iran, Pakistan,
Never mind civilian computers being fair game. These conventions date from immediately after WWII (not that anyone really thinks Hitler would have respected them if they existed, in fact he would probably have used them to his advantage, but hey, one can hope, right ?)
Also let's not forget, article 29(3) of the Human Rights :
"(3) These rights and freedoms may in no case be exercised contrary to the purposes and principles of the United Nations."
In other words, anyone attempting to abolish the human rights treaty (one obvious party would be islamists) does not have any human rights.
In practice you will find provisions like that in just about any constitution, in constitutions as varied as both the US constitution and the Iranian one (you know the one that requires the state to execute gays).
The next thing you know its going to be the Nato-net and the Comu-net.
What sane person would even think of letting our military (but god bless the soldiers, wave the flag now, sing the anthem etc...) -or any other acronym based "service/agency" for that matter- do something so dangerous to the common U.S. citizen John Q. Public?
Why don't we just let the government blatantly spy on us, arrest us without warrants? Or make a mockery of our constitution? Ohhh sh.. wait they already did and are! If the people have the government they deserve. It seems that "we the people" are not very smart!
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
Yep, that's the logical way to do it.
The problem is that this is an illogical response. What are they going to actually do with this patriotic attack system? DDoS a zombie? A few zombies? A hundred zombies?
At some point, the battle becomes worse than the attack. The attacker has thousands (hundreds of thousands? a million?) zombies. What use is "attacking" them like this?
Whoever decided this DID NOT see Terminator 3.... Skynet = large botnet! It will turn on us!! AHH
Hey, while I think the current administration is repugnant and creates military enemies out of greed, and regards government and the military as nothing but a means to a financial end, I have to say I still think the military fights for the nation, and sometimes, must follow a corrupt president to prevent constitutional destruction. Honor our troups and all. I agree with it. These guys do their duty regardless of the ahole in the whitehouse sending them heaven knows where to fight for oil.
That being said, China, Iran, etc. have nothing on patriotic americans. Americans will do what they think is right and good for the country when ever asked to do so. The current problems with the U.S.A. are about what "right and good" are, not about whether or not to do it.
We don't need a botnet. Just tell america why it "right and good" to do something, put proper protections and limitations in it to ensure that the wrong people don't exploit your patriotism and it will happen.
I know that is naive, but part of me still believes that America has a noble streak that lately has been obscured by corporate greed.
But - and this is the important part - it is extremely unclear as to who the "they" are. The US Government is big, different departments have different policies and philosophies, what holds true for some branch A may not hold true for some other branch B, and so on. For example, I can't really imagine the regular US Army or Navy using a botnet. That's not, as a whole, their style. Remember, the US Navy is looking at semi-robotic next-generation Ironclads/Battleships with hundreds of missile launchers on each side. There is nothing subtle or stealthy about the Navy. Their sneers and jeers at Sweeden examining stealth ships is further evidence that these guys are about as subtle as a rocket-propelled 2x4.
Now, what about other departments? We already know that there are departments that indulge in signals intelligence, electronic and cyber warfare, covert operations, and so on. By definition, we do not know what those departments are involved in, and by definition they would be unable to tell us honestly if they were - or if they weren't. That makes it easy to be paranoid, as there is no way of testing any speculation as to what they are doing. We might know in 50 years time, some secrets may be held back for 100, some secrets may never be known (documents lost or destroyed, for example, as happened in the My Lai warcrimes investigations). Paranoia is the antitheses of rational thought, and in matters in which limited (or zero) information exist, rational thought should be of paramount importance. Insanity helps nobody, least of all yourself.
The evidence is slender, but is strongly suggestive one department already has backdoors on vulnerable boxes. After cyber-attacks elsewhere in the world, protective measures by the US will have increased, not decreased. Ethics aside, at least one military botnet under US control probably exists, as it probably does for Russia, China and probably other nations. I imagine, given the advanced education and the perceived need (it may also be a real need, but nobody acts on real needs they don't perceive as such) by Israel and India that they also have botnets. Britain's brain-drain has probably deprived it of too much talent at this point, but GCHQ and the various clandestine intelligence departments (we don't even know what departments there are - only two officially even exist, but at least one other has been officially mentioned) might have such a system in place, but more likely for intelligence purposes than for attack.
But what about the ethical standpoint? Well, ethics covers a multitude of sins, and most people have different ethics, making any kind of rational ethical argument difficult. I will stick to one point alone, then, and it's not the obvious one concerning those running the botnets. It's the ethical consideration of running an insecure machine. If you are a patriot, is it not your duty to secure your computer? If you do not, then any (and possibly every) hostile power could - and probably eventually will - run a node of the botnet on your machine. If you are a sympathizer of a foreign power, is it not your duty to secure your computer? If you do not, then your country could - and probably eventually will - run a node of a defensive botnet on your machine. If you are apolitical, then is it not your moral duty to secure your machine, so that nobody can abuse your facilities for their political purposes? If you're an anarchist, isn't it politically unacceptable to allow a government to maintain/impose order through you?
In short, it is unethical to leave your machine insecure, no matter what your political stance. No matter w
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It sounds like some jr highschool kid's idea. What is the military going to do, call up Kim Jong-il and say "ke ke ke PW0n3gE! How you liek the intrnetz n0w? bizatch."? If someone is "attacking" us via the internet, there is a much easier solution: block their traffic, null route their netblock, or even just "drop anchor" on their cable.
tm
Support TBI Research: http://www.raisinhope.org
I imagine this as a large box, labeled 'Pandora', with a huge red 'open me' button on it...
To date, warfare is warfare. We have guns and bombs, planes and ship and tanks, etc, to fend off similar threats. But that's essentially the limit. We do not, as far as I am aware, have any non-military weapons in the hands of the military.
This proposal seems to insinuate that the military should be welcome to consider non-gun, non-bomb, non-traditional methods of securing American interests.
Correct me if I'm wrong here, but I'm fairly certain there's no Constitutional provision for this... Likewise, if there WERE such a creature, wouldn't if fall into the hands of the executive branch, rather than the military? CIA seems a more likely candidate for such a program, were it designed for attack - a pure-defensive option would be within the hands of DHS, via the FBI, or some such.
Since we're entering new realms of thought here, what OTHER types of attacks are acceptable additions to our military's arsenal? In fact, are there any that are off-limits at all?
Economic weapons? Would it be permissible for the US military to buy out enough of 'X' to cause the economy of an enemy to fail?
Cultural? Carpet-bombing bibles, blue jeans, and Britney Spears?
Agricultural? Secretly infect the fields with weeds rendering crops far more difficult to grow? Or perhaps poison the gene pool of whatever the enemy is producing?
These are SILLY examples, I'll admit, but to me the notion of the military being the stewards of the internet is equally as silly...
I wish we were a better nation. I wish we'd turn the other cheek on stuff like this, all the while keeping up international pressure for others to do likewise. Sure, sure, China, Russia, blah blah blah. No amount of what the neighbor is doing makes this acceptable to me.
In my humble opinion, some things should be hands-off to the military, just as their planes, tanks, and ships are hands-off to the rest of us...
It is prohibited to attack, destroy, remove or render useless objects indispensable to the survival of the civilian population, such as foodstuffs, agricultural areas for the production of foodstuffs, crops, livestock, drinking water installations and supplies and irrigation works, for the specific purpose of denying them for their sustenance value to the civilian population or to the adverse Party, whatever the motive, whether in order to starve out civilians, to cause them to move away, or for any other motive."
Text available at http://deoxy.org/wc/wc-proto.htm
Let's take some of your statements:
What the conventions actually say is that it's forbidden to perform certain acts. However, if one party commits such acts, it doesn't mean that any civilian population is then "fair game". Civilians are never "fair game".
The fact that some of the acts of one party are forbidden, doesn't mean the other party may commit crimes in response. Specifically, the Geneva conventions talk of proportionality: "Art. 53. Any destruction by the Occupying Power of real or personal property belonging individually or collectively to private persons, or to the State, or to other public authorities, or to social or cooperative organizations, is prohibited, except where such destruction is rendered absolutely necessary by military operations." Given furthermore the fact that Israeli's occupation of Gaza is illegal by international law in general, any action taken by Israel to keep Gaza occupied is in fact a crime (though not necessarily by the Geneva conventions, which only deals with very specific humanitarian issues).
Actually the Geneva conventions cover several aspects about war that have humanitarian consequences: the treatment of prisoners of war, the treatment of a population by their occupier, and so on.
It's the responsibility, not the discretion of the commander.
It's very true that no army ever respects the Geneva conventions. Israel, the United States and many other countries tend to profess how humane their acts of war are. Ofcourse, the harder they claim this, the more of a lie it usually is. (Collective punishment in Palestine, 10,000s of civilian prisoners of war without any outlook on a trial, but with rampant torture going on, the United States ofcourse has Guantanamo Bay, the en-masse destruction of civilian infrastructure in Iraq during both wars there, and so on). Regarding the statement you make about Hezbollah's declarations on multiple occasions, would you mind providing a reference to one such declaration?
Then why does Israel continue to give the Palestinians water and fuel?
:
Because they're Jews. The basic doctrine that makes them do this goes something like this (I'm no Jew, don't shoot me if I get the details wrong) :
The Jews work to be the best of the people in God's image, and one way to do this is to care for all living things within the provisions set in the Torah. All humans are to be cared for, including their worst enemies, and it is utterly irrelevant how much of the help is used to attack Jews.
That's why they provide the fuel that gets converted into kassem rockets and fired into Jewish schools. Because a lot of that fuel also goes into keeping kids alive on cold nights (despite the general opinion, it gets quite cold in Gaza, certainly as cold as in, oh, say Denmark, so you really, really need the heating operational).
That's why they provide hospitals for Gazans to give birth to the very babies that will be indoctrinated with Jew hatred in every mosque and every school in Gaza and the west bank. That's why they treat even terrorists who blow themselves up making explosives.
The same goes for plants in Israel : if at all possible, the irrigation systems are extended to sustain both agrarian crops and trees and whatever that grows nearby (please don't interpret this as that I say gazans and plants are the same, people *are* more important in Jewish/Christian doctrine than plants).
This attitude is the reason Israel looks like the south of France (every last tree in Israel is irrigated), and Gaza and the west bank look like the sahara, despite being about 10km apart.
Obviously you won't find this on CNN or the BBC.
Can we not afford our own fuel?
No. Gaza has an economy that AS A WHOLE makes less money than 1 average american.
Water we have nowhere from where to get
Have you noticed the mediteranean sea ? Israel also has to get it's water, except for portions of the Golan, out of the sea.
Yes you have to create power plants to desalinize the water. But so does Israel.
but fuel we can buy. So why does Israel keep us dependent on them?
Israel is not preventing anyone in Gaza from buying fuel across the Egyptian border. How could they ?
Hamas has blown up that border twice in the last year, which is obviously not helpful. But Mubarak decided to forgive and forget.
I want Hamas to stop buying Qwsam rockets and to start buying fuel. So does everybody else.
They claim a certain prophet does not want this. Here's the way Hamas puts it in their charter
First, why they think the way they think :
"Article One: The Ideological Aspects
The Islamic Resistance Movement draws its guidelines from Islam; derives from it its thinking, interpretations and views about existence, life and humanity; refers back to it for its conduct; and is inspired by it in whatever step it takes."
All that hamas does, including "keeping you dependant on Israel" is only what (they think) islam requires of them :
"Article Thirteen: Peaceful Solutions, [Peace] Initiatives and International Conferences
[Peace] initiatives, the so-called peaceful solutions, and the international conferences to resolve the Palestinian problem, are all contrary to the beliefs of the Islamic Resistance Movement. For renouncing any part of Palestine means renouncing part of the religion"
ANY peaceful solution is, to hamas, apostacy, it's against islam, which carries the death penalty as you probably know.
I happen to think they're right. Islam does require this of muslims. Therefore the solution for palestine is simple : drop this part of islam. And acknowledge publicly that you've dropped it. Whatever excuse you want, nobody cares, because it kills too many Gazans for example. Then Gaza can start growing and caring for it's people.
You might notice that NONE of the suicide bombers ever was anyone with even a minor rank within hamas. So if you think the leadership of hamas actually believe in islam, think again (and check their bank accounts).
What about Geneva Conventions, 1977 Part IV, Chapter 1, Article 51
...) doesn't matter in the least.
Yes what about it ? It refers only that an army has to respect the other rules, which includes the rule that if civilians are used as human shields by a non-regular army, the use of violence against said civilians is allowed.
If you honestly read the convention you'll see it comes down to "an army must give it's opponent the chance to face it in an abandoned area, away from any civilians. If (and only if) the opponent complies, civilians are protected from harm of either of the parties". If the opponent refuses to do this, whatever their base is, even if it is a child daycare center of unrelated people, can be attacked without recourse.
This rule was once considered as being part of canon law, and is distinctly Christian in origin (e.g. both Thoraic and Sharia law consider it an acceptable tactic of war to poison the water supply of an unsuspecting city merely because they *might* oppose you)
"Starvation of civilians as a method of warfare is prohibited
Just "not caring" (ie not directly attacking them
So combine a government botnet (monitored, or not, by the "tech savvy" *snort* legislative and judicial branches of gov.), our executive branches willingness to violate individuals rights under the guise of "terrorist investigation", and the military's pledge to protect us from enemies "foreign and domestic" and you have an almost perfect recipe for ... well I don't know exactly, but I suspect us individuals won't be considered much.