Slashdot Mirror
Air Force Aims for Control of 'Any and All' Computers
Noah Shachtman on Wired.com's Danger Room reports that Monday, the Air Force Research Laboratory at Wright-Patterson AFB introduced a two-year, $11 million effort to put together hardware and software tools for 'Dominant Cyber Offensive Engagement.' 'Of interest are any and all techniques to enable user and/or root level access,' a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.' This isn't just some computer science study, mind you; 'research efforts under this program are expected to result in complete functional capabilities.' The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. How long before they slip a root kit on you?
new meme -
Imagine an AirWolf cluster of these......
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
Sounds like the Air Force already has an overabundance of tools working for it.
Tools? Seriously? Any toolset is going to have to be constantly adaptable, and is going to fall victim to the same problem as all other computer security stuff: it's obsolete almost as soon as its written.
They'd be better building a strong infrastructure, and recruiting top talent than trying to build some kind of software package, presumably to be manned by some kind of enlisted man script kiddie.
Even then, they're going to get the same kind of penetration as everyone else. 20%, 30% maybe, on a good day. You can't even rely on vendors to insert backdoors; the best choice for that would be microsoft, and adding a backdoor to Windows would be redundant in most cases.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
This must be the ultimate example of "solutions" to engineering problems coming from a manager and not an engineer. I bet they'd like a pony while they're at it.
You know they'll get what they want out of commercial OSs by putting pressure on the vendors. Linux and the BSDs are too much of a moving target, and OpenBSD is run out of Canada anyway. If ever there was an article that needed to be tagged 'goodluckwiththat,' this would be it.
I'd say this was as illegal an idea as malicious botnets. My computer cpu cycles are NOT for sale to the US Government, or any government. They can have them when they pry them from my dead cold pc case...
Support NYCountryLawyer RIAA vs People
Establishing total and completely control across all hardware and operating systems, all patch levels, etc?
I admire your optimism, USAF, but $11 million dollars is simply not going to make that happen -if it can even be done. Software companies have enough trouble just getting their *own* software to work installed on *willing systems*, and some of the bigger ones spend that kind of money just getting it to work on one operating system withing a reasonable set of constraints.
Take into account the fact that you will also be most likely using pre-existing exploits, which will be repaired swiftly by responsible developers that watch security RSS feeds, and this is a red herring task. If you are talking about spending 11 million dollars on doing your own research towards establishing remote control by examining source code or reverse engineering to find new exploits, then honestly, you aren't just crazy- you are batshit crazy. You're going to need a whole hell of a lot of money to do that.
The internet is said to route around censorship; however, you don't need to censor the internet if you can pwn the world's PCs.
At first glance, it seems that this would easier to do by simply mandating government backdoors in all operating systems. Wait. Not only does a legislative fix not work work for FOSS, it's also likely to start a tremendous uproar until you show enough people a video of Britney Spears's latest car accident...
... is a taxpayer money sink.
Over time, systems change. That means after this two-year study and eleventy-million dollars later, it's worth very little a year down the road. In three years, we're virtually guaranteed to have nothing for the efforts, except a statement saying "Oh, we learned a lot, and now need continuing funding. Please give us more money."
Although many holes in software exist for a long time, they are generally patched within a couple months once discovered, usually sooner. And as soon as the military activates one of these holes, it'll be analyzed and patched. That will remove one of their finite resources.
100% control of all platforms and systems is beyond ludicrous. They might as well wish they could read minds, teleport, and find Carmen Sandiego. Or at least Osama.
it would be unethical!
This space available.
You know my fear is when I wake up one day and my cable, phones, and internet doesn't work because the US and some nerd terrorist group are caught up in some sort of cyber war. Knowing that war fair has finally started to use network assaults the same way they use stealth planes is really a sign of the times.
We all know that the internet is not secure, we all fight to keep it open. I assure you the last day we freely browse to other country sites will be the day we get a news worthy terrorist botnet attack that shuts down the likes of teh red cross. and gives the government a chance to sever the cables that connect us to the rest of teh world and insert some sort of keyed routers that you need a passport ID to traverse.
Got root?
The whole botnet thing just shows how absurdly out of touch they are. A botnet is a tool created by a bunch of guys who have limited computer resources in a bid to increase those resources.
Why the fuck would the United States Air Force want a botnet, when they could have the real thing? A tightly integrated computer network with near unlimited bandwidth, satellites, super computers, massive clustering, and secure, integrated control.
Botnet. Jesus. Someone take the freaking tech magazines away from the air force brass before they start doing social networking or some crap.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Are you serious? "Protect"? Just how they protect it against terrorism, communism and religions?
Personally I feel fear out of this since I run OS X nowadays and Apple aren't the most security aware and patch decisive* company/group/.. around. And I don't want to computer owned by the american government thank you, and preferably noone else either.
* (I tried to find some opposite to hesitate)
not to click on the DonaldRumsfeldNude.mpg.exe attachment in my inbox.
Monstar L
I bet when the military was studying psychic remote viewing and psychic assassination the project goal was for completely functional capabilities as well. How did that turn out? ;)
They are going to have to put in a chip in every single piece of hardware shipping out of every single manufacturer. That would be the only way to get something of this magnitude to work. Somehow I don't see all the manufactures and consumers getting on board with this. Any software solution to this would face too much trouble - I for one am not willing to let the government take cycles away for good or evil use. Its just not a good idea. 11 Million could probably go to better use elsewhere.
Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
My tech against your bloated, slow, government developed software.
Bring it, bitch. I just wish you wouldn't blow my tax dollars in the process.
They already have done "some crap". You've heard of America's Army right?
Almost thirty years ago I weighed the various Academies of our Faire Armed Services with an eye to taking an education at one of them. The Aire Force were then an arm in search of a hand in search of a mission.
They don't seem to have found their a**hole yet.
illegitimii non ingravare
Well, I guess that's better than them performing a "hard-kill" on it.
What the fuck
It's just zeros and ones. You can TALK tough, but when a 5 cent CD foils your "hard-kill" on my "information" you're really just wasting time and effort.
Is one that isn't connected to the network.
Just a tip.
Good luck hacking my laptop. It runs BeOS.
http://pinopsida.com
Anything important that I want to keep gets transferred to my offline PCs where they belong. I am a firm believer in having each PC dedicated for specific tasks, like one to hold my console game saves, one for building other PCs, one for work, one for old games, etc.
:-)
I'd like to see how they are going to "hack" those.
That's the beauty of staying a generation or two (or five) behind the "upgrade" cycle; I always get some decent throwaways, although they do have a tendency to multiply like rabbits.
How long before I sue them if I find they broke into my machine? About a week, and I'll go after class action status as well.
Wow. seems like the beginnings of Skynet... ahem.. sky.. as in air. Soon we will have a rise of the machines too.
That doesn't bother me; games can be a legitimate training tool, and paying for the tool, then making it available to the public is acceptable. It doesn't even bother me when they use it to recruit.
What bothers me is when they do something that's just flat boneheaded, and clearly the result of someone in the chain of command who doesn't know crap about anything, shooting his mouth off and making policy.
If they want to do the whole "cyberwar" thing, they need to take it seriously, and put people in charge who have the faintest fucking CLUE about what they're supposed to be doing.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
If systems declare themselves to be 'unreliable participants' by whatever measure, then perhaps that system will be less likely to be recruited? e.g. clients on radio networks, roaming, or part-time members of a network.
From a short time ago.
http://tech.slashdot.org/comments.pl?sid=508970&cid=22942144
Sigh, someone said 5 years. More like 5 weeks.
-----
Hello US Citizen,
Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.
Thank you for your cooperation.
ZZ
PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
PPS: we can't show you the bill, this is top-secret national defense stuff.
PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:
---
I must say; haha. This will never fly. Anyone with any real computer skills is not going to be wasting their time working for the military or the government when they can get a real job with real pay anywhere else. I'm going to suggest they move straight into the social networking environment before they get in over their heads. Although the thought of millions of semi-educated script kiddies with planes and a couple of supercomputers and access to the major Internet hubs could cause some damage, just mostly to our own infrastructure.
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
So the Air Force can do whatever the spooks (and their Bush crony masters) want, like fly surveillance drones, record and datamine us against satellite surveillance, and help the NSA filter every bit of our telecom.
Because these people hate the Constitution. They hate our freedoms and rights the Constitution instructs them to protect. They hate us. Because we get in the way of business, which is to spend on war the maximum amount Americans can make or borrow.
Feel safer?
--
make install -not war
botnets are for people with little computing power to try and take over a bunch of computers for more power. The government already has super computers and ungodly bandwidth plus we control the root of the internet. Why waste cash on botnets when we could easily DOS anyone or just delete them from the internet altogether
http://home.comcast.net/~plutarch/PoliceState.html
While I don't like our currently Nazi regime in the U.S., I am nevertheless A U.S. citizen and it is paramount for our defenses to strive for such capabilities.. Even more paramount to defend from such capabilities as they have already been developed by other countries and are being used against us.
I do wonder, however, how a growing awareness of these issues will drive adoption of open source operating software.. and, what tricky techniques will be used to trojan it? We must be able to take throw punches but we must be able to take them, too. We are behind in this area (except for the fact that the NSA very likely already has access to all networked Windows machines in the world).
... includes computers owned and operated by the Army, Navy, NSA, CIA, FBI, etc....
(I remember this as being a minor plot point in the movie "Sneakers" w/ Robert Redford; the "chip" was going to be used by one US agency to spy on *other* US agencies.)
Why would the USAF want a botnet? One, a botnet is distributed and harder to block than a centralized computing facility, or even a reasonably distributed one. Two, a botnet can grow as needed. When fighting an enemy botnet, this could prove very necessary.
Not that I'm condoning any of this, mind you. Just saying, I don't think the Air Force brass are all total idiots.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
$11 Million. To hack every computer in the world. Which has to includes all the overhead of government salaries and equipment. I'm shaking in my boots.
(Holds pinkey finger to corner of mouth) "One Million Dollars." (The one where he travels forward in time, not the one from the 60s.)
I was under the impression from previous articles that they were not going to use civilian computers for their offensive botnet.
This article seems to say otherwise, is this just bad journalism or does the USAF truely intend to to make every computer in the US part of a weapons system? Which to me seems like a bad idea since that would make everyone with a computer a legitimate target.
"Soft-kill" would mean destroying you computer and therefor rendering you ineffective. "Hard-kill" would mean shooting you in the face and therefor rendering you dead.
Hollow words will burn and hollow men will burn.
Isn't there a law that says the government can't use the Armed Forces against us? Like isn't that the reason why the National Guard is called to stop riots and not like the Marines? If the Air Force is building a bot net that comprises American PC's then shouldn't that follow under the same law?
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
Please help take governance away from the powerful, and give it to the people.
... In other news, the Air Force is putting together a multi-milliion dollar effort to deliver nuclear weapons to every continent. Of special interest are any and all techniques to enable ICBM and/or strategic bomber access... to any and all air defense and missile defense systems. How long before they nuke your backyard?
Any sufficiently well-organized community is indistinguishable from Government.
Humorously, I could see a lawsuit from this opening up the door for the first expansion of the 3rd Amendment since Engblom v. Carey if they did compromise the machines of US citizens to use in an offensive botnet. Arguably being forced to host Air Force activities on your private property violates the same kinds of rights that the 3rd Amendment protects.
The Second Circuit said: [W]e hold that property-based privacy interests protected by the Third Amendment are not limited solely to those arising out of fee simple ownership [of homes] but extend to those recognized and permitted by society as founded on lawful occupation or possession with a legal right to exclude others. The court was talking about state-owned rental properties where striking prison guards were evicted and replaced with National Guardsmen, but I can see an argument for extending this to being forced to host Air Force use of one's chattels within a home (or maybe even outside of a home since the same possessory "right to exclude others" exists). I don't see Scalia or Thomas buying the argument, but it would be fun to watch someone try and argue it before the rest of the court.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
This would be a violation of my fourth amendment rights. And any act against me which is unlawful will be seen as an attack on my personal liberties and therefore be met with swift retaliation.
Time to set up my boxes to reboot every day from LiveCDs. That'll show 'em. :-)
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
"Data expands to fill the space available for storage".
you don't defeat your enemies by engaging in their tactics. that just makes you the moral equivalent of your enemy, thereby nullifying any moral high ground you claim to have, thereby nullifying any reason any citizen of your country or ally of your country would side with you
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Hmm...not sure how many computers have downloaded America's Army, but how hard would it be to slip a botnet agent into a patch or download?
The projects on the BOINC project network seem to be ready made for this. Just replace the 10 projects with some Air Force tool, do the work they need, then resume SETI or whatever. There, I just saved the government $11M. Please forward 1% to me. Ok, so that was tongue-in-cheek. I don't think I'd like the military to commandeer any of my systems, but if we're under some kind of devastating cyber-attack, I probably can't do my business or banking anyway. Rather than trying to commandeer everyone's personal PCs, they'd be better to focus on striking deals with the ISPs and the internet backbone as the choke points to put automatic lock down filters in place to block attackers (probably infected unsuspecting PC's) access to the network.
Good thing the Galactica isn't networked!
All they need to offer is:
- a blanket reprieve from all previously committed computer-related offences
- $50,000
- strict anonymity
And they can start testing their GUI-encrusted prototype for all Windows PC's (all builds) with helpful advice from professionals, as soon as their credit-card payment clears (although I strongly advise them to use a prepaid credit card).
The parent comment is NOT flamebait. It is insightful as hell.
The fact that the USAF is considering this illegal and immoral outrage is flamebait. I guess some air force lifer has mod points today. When I metamoderate him he won't.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Why the fuck would the United States Air Force want a botnet, when they could have the real thing? A tightly integrated computer network with near unlimited bandwidth, satellites, super computers, massive clustering, and secure, integrated control.
Distributed, anonymous sources.
You're *far* more vulnerable to remote exploits on a Mac than on a Windows box (to pluck an example out of the air). Of course you are...
"This is a wise goal and I am all for it."
Absolutely.
You must be new here, there are no exploits in OSX.
I, for one, welcome our new lunkhead overlords...
I think it's you that doesn't have a clue. By having their own botnet not only can they infect people in the country they are attacking locally they can deny any responsibility for the attack. It also costs the virtually nothing when then enemy is paying for those computers to be online.
The third amendment to the US Constitution reads: "No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law." This idea is so important that the founders put it in before trial by jury or cruel and unusual punishment. Aside from the "because we said so" Bush regime's retorts, is there any way that involuntary botnet participation could be even slightly legal?
The land of the free: where nothing is. But you're free to blog about it unless your voice is heard too clearly by the majority of blockheads.
How many marijuana spotting drones are YOUR tax dollars paying for today?
Your country is closer to Communist China's philosophies than you think, but you're too busy working and consuming to care.
Rise, Bill Hicks, Rise from your grave! We have no one like Hicks or John Lennon to rally and speak to the people. SLAVES!
...but will it run on Linux? And be compatible with NSA's Security-Enhanced Linux?
Any time my machine is doing wierd things that can't be explained by `top` and `ps aux`, I pull the cord at the back of the machine, then the ethernet, and come back on with a livecd.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
they can hink around with their own machines as much as they want. no problem. if East Botulism starts a cyberwar, put 'em all on the Internet and take the weasels out.
they're no better than Sony Music if they want to sneak into ---> MY! --- computer.
got that? it's not yours until you buy it from me. at my price.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I've worked at an Air Force Research Laboratory for the past 3 years. I can guarantee you nothing will come of this, it is a giant waste of taxpayer dollars, and no one should be worried about their privacy (just their pocket books).
Now the previous comments about them spending $11m and then 3 years later asking for $11m is close but also wrong. They will ask for at least double that, every 3 years (take a look at their POMs in the future), indefinitely...
Umm, America's Army is produced by the US Army, not the USAF. Hell, the US Army logo is everywhere in that game. Two very separate branches of the US armed forces.
FBI: China may use counterfeit Cisco routers to penetrate U.S. networks http://www.worldtribune.com/worldtribune/WTARC/2008/ea_china0141_05_15.asp
The Air Force used to be a branch of the Army before they broke off. How long will it be before their cyberwarfare section breaks off and forms it's own branch of the military. Geeks in uniform - scary thought.
Thank you! Finally, someone who actually read the other article. The "proposed AF botnet" was never an official proposal. It was one guy suggesting what the AF "should" do. And this statement about wanting the ability to hack any computer has nothing to do with a botnet and everything to do with simply being competent.
Absolutely side splittingly funny. It's also a perfect example of the military mentality that if you throw enough money at anything that it suddenly becomes possible.
Maybe they should start using an autorooter on sites in China to install Trinoo for "Complete Offensive Tactical Disablement of Selected Targets"
It goes against amendment 4
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The government is not allowed to seize my computer for their purposes.
If I'm not mistaken, the 3rd and 4th in the Bill of Rights should prevent this.
3rd:prohibits the government from using private homes as quarters for soldiers without the consent of the owners.
4th:guards against searches, arrests, and seizures of property without a specific warrant or a "probable cause" to believe a crime has been committed.
"Lame" - Galaxar
I've got one word for my country's dumb ass air force: honeypot ...turn around, of course, is fair play as well IMHO...
...if they think they're the only ones with a [illegal] botnet then they better think again...
What ever they attempt to throw at my network I hope their systems are dutifully patched.
11 million? As previously stated this is a joke. 11 BILLION *maybe* -- and that would have to be re-spent EVERY YEAR to keep up with patches, work-arounds, new operating systems, and my dusted off C=64 controlling 2 million XP machines.
rotflmao
All your computer are belong to Air Force??
This is why I have one pc that connects to the internet, and one that does not.
I could tell you but I'd have to kill you
Who are they kidding? For $11 dollars I could build you a botnet. They are just going to hit the strip club and have a Microsoft tech backdoor everyone in the next windows version. If I am not mistaken they have already done this to previous versions? All that was missing is the ability to send a command to packet a host.
Could it be applied?
The Air Force's notion of a covert op is bombing someone using a stealth bomber. If they start that sort of computer attack, it'll almost certainly be part of a more general strike, and the ability to "deny responsibility" in that situation is worthless.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
'to put together hardware and software tools for 'Dominant Cyber Offensive Engagement'
.. :)
Just put Windows on all the machines
davecb5620@gmail.com
You think the Air Force is dumb enough to use their own computers to download porn?
Brings new meaning to the term "ChAir Force"
I know I've seen this before. Military creates a botnet to control millions of computers around the world.
Does anyone remember how that turned out for us in the movie?
So many of you sound like it's not been in effect. Anybody recall the rumors that msoft and others who hate the freedom or power of Linux/Open Source/GPL/et al planted people into (infiltrated) various companies and maintainers/bodies for the purpose of installing monitoring code and code crashers?
Anybody recall the rumors at one point flurrying about when multiple distros relying on a common code or submission were crashing or behaving badly right out the door? (Sometime in the past two years...)
One rumor, as I recall, was that msoft wanted to infiltrate to undermine the credibility of the distributed development community to dissuade major and small companies from implementing Linux-based solutions.
Now, consider a government that sees Linux/OpenSource as a symbol of defiance, and a "forking" of their efforts/resources. Well, when one considers the mentality of many Open Source developers ("information wants to be free", "hide your info from the government"...), and when one considers that ALL software (major?) developers (IBM, Lotus, msoft, and innumerable others operating) in the country are BY LAW required to provide to the NSA any and all encryption keys they provide commercially or otherwise in an application (whether the app is sold domestically or to foreign consumers and governments...), then it's not a far stretch to surmise the government hires, then trains bright people to pretend to be whiz kids at programming, then gets them onto sponsored, private or public projects so they can attain a position of trust.
Once multiple remote, distributed "bots" (humans, in this case) are planted, they in ad-hoc concert or independently or by higher coordination wreak their havoc. Again, consider how some of the recent strings of kernel and other errors affect the minds of those already afraid to learn or adopt Linux/Open Source.
I propose that any and all persons in positions of trust in Linux Development be put on a global database, be vetted, somehow fingerprinted (not necessarily or just by fingers, but academic and public records, convention appearances, and so on) so that they can be found out if they turn out to be moles. They will out themselves at some point, but to avoid legal national security issues, the "outing tool" needs to be very carefully planned and implemented.
I would dare say maintainers and submitters have been infiltrated, positions of trust given or hijacked by corporate as well as government interests. Actually, "infiltration" was one word used...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Not necessarily true. They take some soldiers who were wounded in battle and spend good of time and money to retrain them in certain fields... I know a guy who was a marine and never had any interest in computers at all. He took some shrapnel in the face, so they went and trained him in everything he could learn in networking, and now he's freaking great at it. The same could apply to many other aspects of technology.
There's one thing I've been wondering lately. How is it that these cyber-security tasks seem to keep falling under the purview of the USAF?
Thanks and have a nice day.
i wonder how many computer illiterate grannys they'd waterboard before realizing this is a bad idea?
I have a C64 connected to the internet. Have at it.
"When information is power, privacy is freedom" - Jah-Wren Ryel
...says the Air Force.
Windows 3.1x calc: 3.11 - 3.10 = 0.00
How long before someone can hack this thing, and turn this "good" botnet into "evil" one???
I have a better idea: embed a nuke into every car, and make them autopilot to the enemy lines, when requested.
Starts up fifteen minutes late, reads your e-mail, browses cnn.com, then takes the rest of the day off for "training."
What?
Since this is government spending and they are restricted by the $11 million dollar budget, they wont even be able to put a team together before they run out of funding.
What a waste. 11 million and 2 years for an exploit that the Linux community will patch in 24 hours.
Why the fuck would the United States Air Force want a botnet, when they could have the real thing? A tightly integrated computer network with near unlimited bandwidth, satellites, super computers, massive clustering, and secure, integrated control
In your excitement you've overlooked one minor detail; the US gov't has decreed it is going to move all its systems down to 50 or so access points to the wider internet. So no matter how big and bad a system the Air Force might concoct on its own internal network, it would still be hampered by the internal to external gateway speed and if those 50 gateways are known, they're easily blocked. So they wouldn't be able to Botnet-bomb the whoever nearly as well.
What did you connect it with - a rope?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Well, they'd really like a zombie army made of our reanimated dead, but until then, they're going to have to settle for our computers. On the plus side (for the Air Force), they'll still need the living as pilots, though. In testing, the zombies really didn't have the reflexes needed for piloting aircraft.
Are you sure that's not SkyNet?
US gov: We want a backdoor in all of your operating systems.
Microsoft: How deep would you like this backdoor? There are some existing features that could seamlessly integrate the functionality you want, we could roll it out as a critical update.
Apple: We can make an awesome GUI for that! With multitouch! And widgets!
Linux community: NO WAY IN HE...hey don't touch that! Somebody stop those guys!
"When information is power, privacy is freedom" - Jah-Wren Ryel
Is the Air Force going directly from the Terminator script?
They cannot put backdoors in all software.
What they will do is to use "Treacherous Computing" (you may have heard this technology under the name Trusted Computing).
They will use technology like ACPI or SMBIOS to put a backdoor.
Or integrate a backdoor in the CPU, chipset, NIC, etc.
that groups like Razor1911 etc can do such stuff with just a budget of $10 beer money and a bag of chips. same crowd is probably also able to thwart any $11 m 'take control of all computers' project with a similar budget.
so thats $11 m more taxpayer money down the drain to juicy contractor deals.
Read radical news here
No, violating the third and fourth articles of the Bill of Rights would be so outlandish that even if that is the intention currently, it would die a quick (but excruciatingly painful) death in the current political environment. No, the Air Force cannot be that stupid, they have no intention of installing these on US civilian computers.
As Spock says (ahem), when you eliminate the impossible, whatever left, however improbable, must be the truth. They need a large network of computers, right? Getting Zombies in China is kinda taken already, so what are some alternatives? How many computers, do you suppose, are used by ALL US government agencies, BOTH local and federal?
It seems to me that the US Military may enlist all branches of the *civilian* government and mandate they all install the bot. This is relatively cheap, easy, reliable. Obviously, some portions of the civilian government infrastructure would have to be excluded to ensure that if the botnet was exploited by others, the compromise would not be too great. From a practical, bureaucratic perspective, weighing legal, ethical, and fiscal considerations, that is far and away the best approach.
Two words: Plausible deniability. Any questions?
- Kal`Goblez
The more things change, the more they stay the same...
I spent more than that on hookers last year, take that smElliot!
Seriously, the 11meg price tag shoudl tell you that the USAF needed to spend this out of their budget or surrender it and is merely window dressing for the Brass and Purse String Controllers
use of compromised average computers as a tool of cyberwarfare is hardly a new thing: http://www.guardian.co.uk/world/2007/may/17/topstories3.russia . Seems the US military is only just waking up to how powerful a tool this can be.
Who will be better?
The NSA with SELinux to protect us or the Air Force with the ultimate root kit?
They wont need to install a root kit on our systems..... Our systems will come pre-loaded.
no joke.
We have a volunteer fighting force why not ask the American public (or even the global public) if they'd willing install something to consume idle cycles for US (or global) cyber defense.
I mean look at how many cycles BOINC projects get. Is it really that hard to imagine a PR approach that running the software is patriotic?
While subversive tactics make sense for enemies that we want to get the drop on there are likely many who would be friendly and willing to assist knowingly. With that said I think it is likely nearly as many if not more would be rather angry if it were discovered their hand had been forced into helping.
sun tzu would have appreciated the wisdom of not engaging in tactics which win you the battle but lose you the war
the battle of course, is abstract. it is the battle for the hearts and minds of the people in your country and other countries. so if you invalidate the cause you fight for, what have you won?
it is not good enough to merely dominate in all matter of physical warfare. you must also dominate in ideological warfare. and ideological warfare is not about media manipulation or propaganda. it is about simply picking a cause to stand for and adhering to it
if the people don't believe in what you are fighting for, then your physical military efforts are pointless. likewise, if the people do believe in what you are fighting for, then your enemy can achieve stunning battlefield dominance, and yet it all of their gains will fade over time. you have to ask yourself what the point of war is. is war merely a shoving match over physical turf? on one level it is, but it involves the values of the societies fighting over that turf as well. the groups that achieve physical military dominance and solidify their gains over time, are the ones that fight for values that actually have greater staying power than their enemy's. so the only lasting victories are the ones that actually stand for something
i am not in any way failing to understand traditional military wisdom. but i will suggest to you that my pov might have a better understanding of traditional military wisdom
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
There are a variety of issues lreated to this article, ranging from fesability to legality. But setting that aside a moment, is anyone thinking about what comes next if they actually set about doing this?
In order for this to work, and stay feasible, they would start leaning on some level of cooperation from various aspects of the industry. Let's say that they have 3 good vectors for infecting machines with the military botnet. They will need some cooperation from the AV vendors to not publicize them and close them off (assuming they are not working to know backdoors).
Then what happens when someone like the Storm botnet starts using a vector that USAF has asked not be closed off?
The USAF botnet would need to be constant. It's not a tool that you can say "I need 10 million machines for an attack tonight, go get them". It has to be constantly infecting and attacking new systesm in order to maintain critical mass for use. What happens when the highly motivated guys behind a mahjor bot net find out how to identify the USAF botnet and assume control of those machines instead?
What happens when the USAF botnet causes some critical error and 3million PCs get hosed overnight?
What happens when some software company includes in it's ELUA and on-box requirements that it's not compatible with machines that are infected with the USAF botnet?
What happens when the AV and OS vendors get slapped into slience about the USAF botnet and the White Hats start exposing it and how to counteract it? Will they get visits from guys in dark suits explaining that it's a matter of national security? And if they do, will any of them let that keep them silent? And when they speak out, the cat will be out of the bag and ways to defeat it will become available to the enemy anyway.
The pseudo-legality and over-arching presence of an approach like this is fraught with peril. While it sounds fantastic on paper and even more amazing for a summer movie, it's realistic feasability is very limited.
If there's one thing that will set the tech community ablaze faster than an announcement that a major botnet on our computers belonds to a forigen power set on attacking us, it's the announcement that the botnet belongs to the US military!
You've never had coworkers disappear only to find out later they moved close to NSA headquarters and they've now got money out the wazoo, have you? The _really_ good computer folk get paid a lot of money to do neat things by you and me (well, me anyway; not sure if you're from the U.S.). Even if they were only getting paid the same, they'd probably still do it because it's interesting work, and you can't beat a government job for benefits and stability.
Keep an AirGap PC at home for games, taxes, and entertainment center, and get off the power grid.
... US and EU must become accountable, before a more serious viral/WMD war erupts.
... and ... I expect China, Russia ... will be doing what is in their best interest.
Is it possible to create a honeypot for all/airbots and forensics for the international courts?
Warbots used internally (in a sandbox environment) for military exercises is needed for national defense by all countries, but warbots (or other eWeapons) being released into the wild/world is a crime or act of war.
Politicians/leaders allowing acts of cyberwar to occur (with plausible deniability) from within their borders must be held accountable for all damages, and the international community should embargo/blockade web/Internet/telecommunications access, until restitution is paid for damages a/o security is assured for all communities.
China, Iran, Russia
IOW: Cyberwar ain't cute or childishly deniable. Cyberwar is a weapon for preemptive attacks, and a precursor to many dead bodies.
US & EU will do what they believe is best for their interest
Anyway, botnets of USAF airbots could be just a vile voracious visage of a vapid vain vizierate of villainy for vandalizing vestigial values.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Airforce + Botnet = Skynet + Botforce? Sound like a movie to anyone else?
I think they call that a "Bot Net" and it's been way overdone. Maybe they can save some money by just purchasing control over the current botnets out there and granting amnesty to their "owners."
I might know what I'm talkin' about, but then again, this is Slashdot...
How long before we get SkyNet out of this?
The surreptitious placement of scripts on machines by the United States Government (USAF included), is a violation of the 4th Amendment, which states:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
And anyone who enlisted in the USAF had to take an oath:
"I, (NAME), do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; and that I will obey the orders of the President of the United States and the orders of the officers appointed over me, according to regulations and the Uniform Code of Military Justice."
Executing an order that violates the Constitution is punishable under the UCMJ. And yes, that would apply to all those illegal warrantless taps performed by NSA, and UCMJ would apply to any enlisted who performed those activities. No federal law or executive order can circumvent the 4th amendment. Only another amendment can do that.
Linux - because it doesn't leave that Steve Ballmer aftertaste.
Yeah. Aren't those the guys that invaded Iraq or something? Heard something about it on Fox I think.
Valid ... good point.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
In Sovier Russia the BotNet controls...
No, wait...
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
Th!5 b0x pwn3d bY th3 UnIt3d St4t3s 4iR F0rc3.
/TerroristFiles/
box# chmod * 777
box# rm -rf
Kind of makes one view all the NSA's recent "contributions" to Linux in a new light... doesn't it?
Better get a few pairs of eyes to start guarding the guards. Since the NSA is a spying organization, it kind of seems silly to take them at their word about trying to make Linux more secure.
From the article at the root of the Slashdot post to which you are reacting:
"The U.S. would not, and need not, infect unwitting computers as zombies. We can build enough power over time from our own resources.
Rob Kaufman, of the Air Force Information Operations Center, suggests mounting botnet code on the Air Force's high-speed intrusion-detection systems. Defensively, that allows a quick response by directly linking our counterattack to the system that detects an incoming attack. The systems also have enough processing speed and communication capacity to handle large amounts of traffic.
Next, in what is truly the most inventive part of this concept, Lt. Chris Tollinger of the Air Force Intelligence, Surveillance and Reconnaissance Agency envisions continually capturing the thousands of computers the Air Force would normally discard every year for technology refresh, removing the power-hungry and heat-inducing hard drives, replacing them with low-power flash drives, then installing them in any available space every Air Force base can find. Even though those computers may no longer be sufficiently powerful to work for our people, individual machines need not be cutting-edge because the network as a whole can create massive power."
"As God is my witness, I thought turkeys could fly." A. Carlson
If they're going to start drafting computers for their PC army, they're going to have to provide some exemptions. What if my computer is a pacifist or perhaps it's owned by an Amish family...
Well, scratch that last part.
Still, when the PC draft comes, I'm shipping my computer to Canada.
All they have to do is get everyone to play World of Warcraft and then ride in on the Warden software to snoop around....
oh wait....
you obviously don't get the big picture, it ain't about the processor power, but more so the free processor power, as well as the free access to all data and info stored on those pcs...to give them better analysis of where terrorists might be
Under the Computer Misuse Act, you'd be breaking the law, even if you *are* the US Air Force.
Legal papers or lead? Your choice...
why everyone should have a net computer, and main off-line system. Rootkits are almost impossible to detect, from what I recently read, and knowing the government they'll fix it so their rootkits ain't detectable by any scanner by either cohersion, or by technological trickery. But the one thing even they can't do; is stick this on your system if it's off-line, unless they come in your home. I will say, this would be one way to wipe out these spambots servers that's been infected. Either go into them and just erase them, or at least erase the bot that's infected the machine. Either way, less spam. Now if it comes to pedos and kiddyporn distributors, well...that's they're problem. - Kc
-- Kevin C. Redden kcredden@ gmail 392992
12 years ago this would have been laughed out of the first session where it was mentioned.
Today the climate is such that the discussion is quickly to the technical side because it's just to amazingly feasible that this gets treated as A Really Good Idea, authorized and written into law.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
I could tell you but then I would have to assassinate you psychically.
Where is the emphasis on the hardware specs used to host this frightening cyberpower vision? I wish more people would include hardware specs in their press announcements and leaked documents. Don't they realize some people on here don't care about politics all the time. Talk about the badass specs for once. Poor hardware, always being misused and left for a newer shinier model.
I'd sure as hell consider signing up some extra CPU cycles and some bandwidth for a botnet that could DDoS/spam you.
This is eather BS or somethings bad is going to happen. And what is to stop someone from taking control. What the hell is with the US trying to control the internet it's not real and I'm sick of this. I may live in the US but I dont like it. So when is 1984 gona happen anyways... Seems to be close. 2011?
Current work on Linux per-process capabilities, role-based access controls and mandatory access controls may render the concept of "root" or a "superuser" under Linux obsolete. What would you need such a user account for? But if there is no superuser, in the traditional sense of the term, then there is no account on the system that would grant the air force (or anyone else) total control of that system. Control would be properly segmented and independently managed, limiting the value of such an attack. Well, it would need to be via the kernel, if no user had those access rights, and it would need to be via a user that could load things into the kernel, and it would need to make use of some exploitable kernel bug that bypassed the security modules.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Yeah, cause I can't remember the last time Apple released a security update...um, hmm, Apr 16th 2008 about a month ago -- I guess your tinfoil hat is on to tight.
The current cyber-warfare 'build-up' cannot be discredited without some study of the problems that befall a government that loses all authority and gets it's comeuppance. This should have happened a long time ago with the 'U.S. regime', however, most Americans have been getting butter even though the entire country has been mortgaged to pay for the guns.
Before the "Ceausescu Moment" happens, something has to happen first in the information space. With the example set in Romania it was news of riots elsewhere in the country. The regime did all it could to make sure that the citizens did not get to find out, however, word-of-mouth and foreign radio was telling a different story to the state broadcaster and the authorities were unable to credibly blame the disturbances on a foreign power. It did not take long after that for the firing squads to sort out Ceausescu and his ilk.
There have been exercises by the Department of Homeland Security to control the dissemination of information on the Internet (e.g. the first Cyberstorm). These may have been dressed up in convoluted security language, however they are nothing more than dry runs at internet censorship, feasibility studies in controlling a www word of mouth campaign. As I understand matters, Cyberstorm I was a great success, in effect the government can control what gets written about them. Nothing has changed since then to change that, however, with Cyberstorm II the 'active' measures have been furthered, so that a misinformation campaign can be played out on the 'Web 2.0' blogs.
The government only needs this cyber-warfare capability if it has something to hide - which it does. They are lucky in that nobody would ever believe the lies that the government told to get the world into war. This matters not when there is butter, but when there isn't?
And from this lame blogger post: Of interest are any and all techniques to enable user and/or root level access
Basically, this tells me they are trying to learn what the hackers already know and use that knowledge against our adversaries. They are not trying to hack or build a bot net out of any unsuspecting citizen's PC.
Freakin' lame bloggers need to ditch the sensationalist headlines. And shame on Slashdot for cut-n-paste sensationalism. At least he doesn't try to convince us of that claim in his article.
Ascalante: Your bride is over 3,000 years old.
Kull: She told me she was 19!
They can pry my cycles from my cold, dead fingers.
Look, it only costs maybe $400 these days for a decent computer (monitor & keyboard & mouse excluded) that you connect to the Internet as a relay for some other computer. The military wastes tens or hundreds of millions of dollars every year. How many $400 computers can they buy, so they don't need to take over other computers to have a botnet?
And in that article, it was also mentioned that the US government controls enough points to make a botnet mostly pointless.
The real reason is probably to hide who's doing the attack.
Don't thank God, thank a doctor!
Better Be a 5 1/4 Single Sided Floppy Attack
...with the remote viewing. Staring at the goats didn't work so well. :)
This whole Air Force concept speaks to a larger issue or misconception within our society, particularly among non-IT professionals, that it is somehow possible for technology to be available for use by the "good guys" and yet not also available for use by the "bad guys". There was a similar case (sorry have no citation) where a senator expressed the viewpoint that copyright holders should have the capability to remotely "break in" to any computer system and "destroy it" once they have shown to a judge, perhaps through some warrant processes, that it contains their copyrighted materials (of course nothing was mentioned about how this would be achieved or even could be achieved in practice). If we want the benefits of a secure operating system and strong encryption then we must also be willing to accept the possibility that such tools might be used against us, but in such cases it is wise to remember the words of one of our founding fathers, Benjamin Franklin, who said that, "Any society that would give up a little liberty to gain a little security will deserve neither and lose both."
"... botnet, when they could have the real thing?" Ahem, probably because they can't afford it. I mean the Air Force has a problem purchasing planes because a Democrat congress keeps cutting their funds. You should be happy they're trying to find a way to do things with a limited number of resources instead of hiking your taxes.
Distributed, anonymous sources.
So make a little TSR program, put a download link on the USAF homepage and say "Do your patriotic duty. Be an official Air Force Cyber Officer. Install this software today."
I guarantee within 6 months you'll have about 10 million downloads from redneck hillbillies the world over (not just in the USA, either) willing to do anything to git those goddang red Chinese, as long as it doesn't involve putting their own neck in the potential line of fire.
There's no need to do this covertly. There would be many more people available to do this willingly if asked than there will be available to do it unwillingly and unknowingly.
It would take someone as (fictitiously) bright as Colonel Carter or Dr. Rodney McKay to pull this one off. Or maybe Jack "that's TWO e'LL's!" O'Neill could see a 'simple' way through this. They'd just dial all the computers in the world at once and send out their uber-virus.
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
From the OP: The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. From TFA: The U.S. would not, and need not, infect unwitting computers as zombies. We can build enough power over time from our own resources. Dear Jeremiah Cornelius & timothy: pull your heads out of your asses and make sure you have your facts straight before making outrageous and incendiary pronouncements.
Dear CmdrTaco: why would you post something containing such an obvious factual error? We're not just talking about a controversial and/or weakly supported opinion, we're talking about a statement in the OP that is verifiably false. It's time to put away that fancy new rubber stamp you got for Christmahannakawanzikamadan and start reviewing things again before posting them.
Why the *FUCK* would I want my military systems on a network that can access the fucking INTERNET FOR A DDOS?!?!?!?!
Everytime someone thinks connecting defense-critical *ANYTHING* to the internet is a good idea, I want to shoot them in the face with acid. Did you people so easily forget the guy who took only a week to penetrate into a nuclear reactor and control it FROM THE OUTSIDE?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I see this move as an investigative one and I applaud the USAF for taking the initiative. It seems a little misplaced to a community of net l33t but I say give them a break. Since they could neither recruit you based on your ideology OR afford to pay you what you're worth, your expertise is going to be left out.
This also has elements of some obvious foreshadowing: Where the military goes, government often follows. The consequence of the "militarization," of cyberspace will bring about new understanding on where to place laws and enforcement mechanisms in the web. Naval Warfare brought about laws of the territorial waters/exclusive economic zone. Nuclear weapons brought the NPT.
It's good old hard(imperial) capitalistic American thinking: The first nations to capitalize a potential resource military or otherwise (see: nuclear weps) does tend to receive the benefits of being the dominant authority for the next decade or longer. What we have not seen yet is the trial of just what kind of weapon will be made of Cyberspace. You don't need to watch the latest Die Hard movie to be concerned.
"I admire your optimism, USAF, but $11 million dollars is simply not going to make that happen -if it can even be done." - by mckinnsb (984522) on Thursday May 15, @01:49PM (#23421002) If they received the cooperation of a MAJOR software publishing house (be it for profit, like MS, OR, even a freeware like a LINUX distro)? Not so impossible - just "sneak it into" the next update or patch...
OR
If they "got to/bought off" somebody that created a VERY popular ware online, they could put it into that one (preferably one that is MULTI-PLATFORM, thus, their surface area is increased, by controlling more machines thru it... think FireFox, or Opera type apps, that run across multiple OS platforms, & you get my point, here).
(Barring that? A "man-in-the-middle" attack, while you are downloading your fav. patches for your apps &/or the latest version could be utilized to insert the botnet code THAT WAY, too!)
Think about it...
(Like I said in my subject-line, in reply to your post - "food for thought")
Makes me want to just be happy w/ the versions of wares I have now, as is, & do a SOLID drive image backup + be happy w/ what I have now, as is... & NEVER update my OS or apps, again!
APK
P.S.=> That is, before some 'bright mind' from the armed forces thinks of this: 11 million goes a LONG ways to bribing people & EVERYONE, has a price/threshold of pain OR acceptance...
Personally though? IF my nation needed my computer-time, & asked for my help (& that of other US citizenry)??
Provided THAT THEY ARE "RIGHT" & did not start the mess w/ another nation???
Well - You can bank on it, most of us would "step up" & help out - all you have to do, is teach others how to do a DOS (pretty easy), & let THEM, do the attacks, themselves... no need to "make slaves" out of anyone's system! Appealing to folks' sense of patriotism/nationalism is a better way to go about it, rather than nefarious tricks & such! apk
The air force would have better success if they just distributed a ''Cyber War LiveCD' to the masses and asked them for their help in the event of a cyber war. I personnaly have a few PC's lying around that could be used and would be willing to plug them into my router and start them up with the LiveCD. Suggesting that they're just gonna break into your computer and take it over for a cyber war wont make them any friends.
quoted from another article- quoting the colonel with the original idea...
"The government wouldn't build its botnet by infecting innocent people's computers like criminal hackers, Williamson wrote. Instead, the military could use PCs it was going to throw away. And it could expand that botnet's computing horsepower by implanting its code on other government computers."
I hardly think they are attacking the public... cmon....
Posted anonymously from the mil....
All the Air Force has to do is to bring some pressure on the PCI based NIC manufacturers to embed some IPMI equivalent functionality and they're done. A project like this could be done for under $1 Million. And would give you a backdoor into a lot of places.
There's one little problem with that though. 3COM is essentially owned and now run out of Communist China. Their Chinese CEO even had the audacity to move there recently, while still claiming that it's an American company. Hah.
And guess who is one of the biggest suppliers to the U.S. government, as far as networking tech goes? Yep. That 3COM.
I say "good luck" to the Air Force. I think the Chinese have already beaten them in this game.
that the US is not a military/police state. My goodness, its becoming more and more blatant all the time thats where it is headed. People shouldnt put up with this crap.
11 million is probably enough to get into all the windows boxes out there with the help of microsoft; who would love to help the US government on its war on 'terrism'.
Microsoft already has a ton of stuff in Vista to keep the music and film empires happy and nothing to do with what an OS distribution is supposed to do. Why wouldn't they help out? Wiretaping... We only know about a FEW things that eventually leaked out.
Its a Vista update away... if not already having backdoors.
Democracy Now! - uncensored, anti-establishment news
> a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.'
.mil domain as trusted. What these clowns are doing means I should consider anything that comes from the .mil domain as trojan/viral malware as trustworthy as anything the worst PRC hackers would foist on me.
I accept certificates from the
Wake up USAF and everyone else: You're repeatedly stooping to "their" level on all fronts.
Miguel de Icaza likes the idea so much hes proposing to put a backdoor into the next release of Gnome!
It would be pretty cool to see the forgotten Third Amendment get some time in the limelight.
When all you have is a hammer, everything looks like a skull.
If the higher ups in the airforce really take this seriously, some officers need to be retired. This is bunk. The air force ought to be flying UAVS and a reduced number of manned aircraft to support our forces on the ground. Space, radar, and command and control is also their business. This isn't.
can't you just take all government IP blocks and map them in your host file to 127.0.0.1 to prevent such a thing?
Mark Anthony Collins
Weird that it is the Air Force doing it, instead of a joint op.
Perhaps we need a sixth Force, a US Cyber Forces, to go with Army/Air Force/Navy/Marines/(Coast Guard).
Sad that they are about a decade (or more) behind the times, glad to see they are catching up.
Hope they realize "all computers" includes more than Windoze!
Just because it CAN be done, doesn't mean it should!
[insert witty quote here]
So you mean that they patch issues in every open-source software they use as soon as they are found and don't wait until they have a bunch of issues and fix them all in one large update?
..
Because if you do we can't be running the same version of OS X
They already have, it's called punkbuster...
In the article linked by the post on Danger Room, they do explicitly aim for user, even root access on "Any and All" computers, at will.
Hard to sensationalize that! It's already over the top.
"Flyin' in just a sweet place,
Never been known to fail..."
Its sounds cool but it's contrived posturing by a bunch of suits. Any experienced programmer here on Slashdot understands the sheer impossibility of the task of immediate and overall control of one platform let alone all of them. It's good material for movie and television scritps though because in the fantasy world computer efforts work fantastically all the time. Likely the Air Force needs the attention in order to get money or resources. The various government branches to compete for the money. The more attention you can get the better your chances, and wweeping statements about cool technology efforts like this article can do the trick ... even fooling some tech-savvy Slashdot readers into believing the hype.
That's why it's the "Chair Force" heading this.
They'l all be graduating "cyber" "warriors" from the new training school: Top Buns.
"Flyin' in just a sweet place,
Never been known to fail..."
But if there's one thing that armed services habitually put more effort in to than preparing for war, it's engaging in bureaucratic cold wars between themselves. And if one branch of the US government puts their hand up to do "cyber-war", you can bet your bottom dollar that half a dozen others will want a piece of it too.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
This kind of fear and paranoia is exactly what Microsoft wants, and insituting this kind of witchunt is going to do much more damage than any malicious contributor possibly could.
Linux has always had a "bad" security record. It is not difficult for a motivated and skilled attacker to, at the very least, cause severe denial of service against a Linux host. Black hats have many more exploits than developers and auditors know about.
If Microsoft really wants to damage the Linux ecosystem, and legal means (patent threats, copyright threats, market confusion, etc) run out, the next logical resort will be to hire blackhats. They may already have some. Why would they tell anyone?
The recent Debian/Ubuntu vulnerability, which technically left me trivially vulnerable for two years, made me seriously consider switching back to FreeBSD. Fortunately my OpenVPN keys were generated specifically on BSD so they were not vulnerable. It's not like BSD hasn't had exploits either, but Ubuntu in particular has been an embarrasment from its first release, where the system administrator password was recorded in a world-readable log file.
Sam ty sig.
"How long before they slip a root kit on you?"
If you have a TPM chip, they already have.
---- Booth was a patriot ----
Infowars.com reported on this yesterday. This is old news. Not to mention the fact that the goober-mint has been doing this for years. I am not surprised, providing that we have thugs in uniforms, with machine guns patroling our subways, searching bags, distributing fiat fear, for something that doesn't exist. Now I am digressing.
http://www.youtube.com/watch?v=N9SLLK3viJI
There are other articles on similar subjects as well there. Alex Jones usually reports on it within hours, or minutes of when it happens, unlike the delay brought on by Slashdot editors. Not bashing Slashdot, but anytime you mix bureaucracy, and politics, you get confusion, delays, and 1/2 truths since people here have beliefs brought on by a government that uses Machiavellian tactics such as divide and conquer, to control it's peons... errr.. populations. Anyway, enough babble, here is the link.
http://www.infowars.com/?p=2159
The Air Force's notion of a covert op is bombing someone using a stealth bomber.
Oh ye of little clue.
at your naivety, but I'm not. If it is possible for the US Government to pw0n your machine, it is also VERY possible that someone other than the government will pw0n it first. The military (of any government) is doing NOBODY a service by using their computer without permission. For US Citizens, this is in clear violation of the intent of the 3rd ammendment. http://en.wikipedia.org/wiki/Third_Amendment_to_the_United_States_Constitution You are clearly welcome to maintain your own opinions, and of course allow anyone including the guvment types to own your system. Trust me on this, if you leave it open to the cyber command, it will get owned by someone that does NOT care how much pain you have to go through to sort out the mess the leave you on your computer.
That's not even stopping to comment on your opinion of world powers and history.... sigh
Support NYCountryLawyer RIAA vs People
The "Any and All" seems to be taken out of context from further down in the article where they quote: Of interest are any and all techniques to enable user and/or root level access
The article goes on to explain how they intend to use these techniques against adversaries, not the general public: The preferred attack consists of lying quiet, and then "stealthily exfiltrat[ing] information" from adversaries' networks. Again they go on to state: But, in the end, the Air Force wants to see all kinds of "techniques and technologies" to "Deceive, Deny, Disrupt, Degrade, [or] Destroy" hostile systems. No where in the rest of that article or any other article I've seen yet actually states that the Air Force is interested in hacking unsuspecting user's PCs of the general public. In fact the quote I posted earlier from last week's article states exactly the opposite: The U.S. would not, and need not, infect unwitting computers as zombies. We can build enough power over time from our own resources. If you've found an article that actually states they are out to get us, please post a link because I'd be very interested in seeing it. Preferably one with an Air Force official's quote, not from some blogger with a tinfoil hat.
Ascalante: Your bride is over 3,000 years old.
Kull: She told me she was 19!
Anyone with any real computer skills is not going to be wasting their time working for the military or the government when they can get a real job with real pay anywhere else.
Oh please. Your contention that anyone who works for the government is only there because they were too clueless to get a 'real' job, with 'real pay'?
YGBSM.
I defy you to apply for, and get accepted for, a job at the CIA or NSA. Or any one of a number of other TLAs. Don't take it...just apply.
(don't be too hurt when they laugh)
How hard would it be to slip backdoors into Intel and AMD CPUs? Not hard, already done.
When some cute pattern comes in inside a IP packet and somehow in any time is in the CPU's L2-cache, the dynamic backdoor does the opcodes what follows the pattern.
Try FOSSing and fixing buffer overflows, bugs or backdoors all you want, you won't see AMD's nor Intel's CPU's source code - ever.
You think the Air Force is dumb enough to use their own computers to download porn?
The 'Air Force'? No. Idiot individual members? Yes.
14 yrs ago, we had an E-4 busted for having 100mb of porn on his work PC. 11 yrs ago, we had an entire office reprimanded for having a 'not illegal in the US but illegal in Saudi Arabia' screensaver on the office PC's.
Granted, its a lot harder now, because individual machines, and the network, are a locked down a lot more. But idiots will still bring stuff in from home on a DVD or USB stick.
Most people think of the fifth amendment as just the right to not incriminate yourself. But it also goes on to say. . .
.nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
". .
I would say that, were this air force initiative technologically successfuly, it, at least, could not be used on any computers of US citizens, because of the fifth ammendment. Of course, what the government will say is that this capability would only be used against computers of foreign nationals, foreign corporations, and foreign governments. I'm still not sure that makes it right, unless the foreign nation is at war with us, and then it should only be allowed against nations that are directly at war with us.
Fuck that!
Holy Shit. This is terrifying.
Humorously, I could see a lawsuit from this opening up the door for the first expansion of the 3rd Amendment since Engblom v. Carey if they did compromise the machines of US citizens to use in an offensive botnet. Arguably being forced to host Air Force activities on your private property violates the same kinds of rights that the 3rd Amendment protects.
Seriously, I wonder if the same argument could be made against keyloggers and other government-operated spyware.
The third amendment wasn't (just) about being forced to house the king's soldiers. The main objection was that the soldiers doubled as spies and informants against the members of the hosting household. Like the fourth amendment it was a check on the government's investigative abilities, rather than against the government's consumption of your resources, like the "takings" clause of the fifth.
Forcing you to host spyware on your own computer, chewing up processor and perhaps network resources while it is continuously capturing what you are doing (especially: what you're communicating and who you're doing it with), without your explicit knowledge, is a precise automated analog of housing a soldier in your house so he can eavesdrop on the conversations of the family, their friends, and their co-conspirators.
The government can't station a policeman in your house to spy on you even WITH a court order. Why can it get away with doing the same function with a hunk of hardware or software?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
> The Air Force has already announced their desire to manage an offensive BotNet, comprised
> of unwitting participatory computers.
The article makes it quite clear that they contemplate using only their own computers.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
You know what, fuck that. In no parallel reality can I imagine that the USAF or any other military body would have the 'right' to use my computer in a botnet. And if such a day would come, it would be the same day that the president (whomever he or she may be) wipes his-or-her ass with the Constitution. It is entirely against the spirit of that honored document for the military to take control of any civillian resource for any reason whatsoever. Doing so removes the one protection that prevents private citizens from becoming subject to the government. Some of you may or may not remember that the Constitution was specifically written to avoid that sort of thing. So, the day that bullshit is mandated is the day of the second US civil war, near as I can tell. Too bad that most of the brainless citizenry in this country would forsake such security for their next 'economic stimulus' welfare check.
What could possibly hurt the security of the American people more than giving our own government the ability to hide its
absolutely, and this seems like the only part of the desire on their part to have botnet like capability that makes sense.
while they could certainly do far better in term of cpu power on their own, being able to attack from every possible vector (ie many different nodes in a given network) seems like a requirement for effective use. otherwise it would be too easy for the target to cut single/low # of input nodes.
How hard would it be to create a vulnerability in open source software? If subtle enough, I imagine a vulnerability could be added to a project via several coordinated updates made by multiple contributors (something where no single change caused it, but a combination of changes caused it), and spread out over time so it would appear to be an innocent mistake.
Read the BAA, we're not doing anything, we're soliciting research proposals for a capability.
And the botnet nonsense, well umm, yea, I've got nothing.
Great point Einstein! The government would never think of installing a secret gateway that they haven't told anyone about.
That's leftish talk. Fox has made it clear that Iraq was liberated.
Je ne parle pas francais.
This could easily fit under the necessary and proper clause. In an emergency where a botnet were taking over massive internet resources and threatening the global financial system or even energy grid they could deploy this thing as a counter insurgent application to take over and halt the spread of a malicious botnet. What's so different about taking over your pc that is being used to attack a bank vs taking a car that is being used to run away from a bank robbery.
Also, running the Internet (eg, root nameservers, secret rooms in telco company buildings, SAIC, etc) allows you DDOS more effectively.
You wouldn't want the US-military to have remote-control access of most cars so that they can take over active vehicles in proximity of the car used in the bank-robbery and crash into it in order to stop it.
You would want them to use their own vehicles for this.
Likewise, I would expect the military to use their own systems.
/.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
Well. If they want a system to use for military strikes that can't be proven to come from the US, they need to use computers that are:
a. Not on the government networks
b. Preferably not even inside the US
Why would they want this? A military "cyberattack" is still a military attack and is considered an act of war.
They might not want to declare war with the nation that they want to attack.
/.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
So, the internet is this wide connected network of computers. The USAF want to create an offensive botnet to counter cyber threats.
What happens when said bot or rootkit works its way unwittingly onto a UK MoD system. Or a Chinese defense network. Or a Russian network.
Isn't that going to result in a prelude to war? Could that in itself be classed as a declaration of war?
How are they going to stop something like this happening? Restrict it to a geoIP lookup before it attaches to a system?
Skynet was USAF, wasn't it?
This is exactly how Terminator began.
Seriously. It's about fucking time that the US military got serious about cyber warfare capabilities.
Computers are crucial to any modern military infrastructure. Although it's important to be able to defend one's own, it's equally important to be able to attack an enemies.
Although the concept of running a real botnet on either US or foreign computers seems completely ridiculous to me (for the obvious reasons that have been pointed out hundreds of times in this thread), the concept of broadly weaponizing security vulnerabilities is a good one.
http://www.usenix.org/event/leet08/tech/full_papers/king/king_html/
http://www.usenix.org/event/leet08/tech/full_papers/king/king_html/
describes the real-world cases where this has already been done, and demonstrates - DEMONSTRATES - that surprisingly little integrated circuitry modification is required.
No way the Army would let the Air Force use their free videogame to distribute something that would benefit the DoD.
If they need people with a clue then you might be out in the cold.
You make assumptions based on nothing of substance. You assume that the people in charge of the military do not have "a clue." Your politicians may not have a clue about some things, but the average flag officer in the military definitely has a clue about how to use his resources to accomplish his mission.
You have no idea what policy they have made yet alone if it is bone headed or not. You waded in with your uninformed opinion based on an unsubstantiated statement made at the end of a Slashdot posting.
Well, they tell us that it didn't work....
But that's exactly what you would expect them to do...
This is a 'complex' issue, as in the burgeoning "Informational Industrial Complex".
I doubt this initiative is anything more than the USAF getting in on the action
on behalf of its retired staff currently employed by contractors.
Considering that fully 2/3's of all $ spent by the taxpayer on defense never
sees the light of day, this would be just another example of job creation and
enriching a few people at the top of the economic food chain.
resist propaganda
http://stinet.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA464201
http://www.au.af.mil/au/awc/awcgate/afrl/cybercraft.pdf