Air Force Aims for Control of 'Any and All' Computers

Noah Shachtman on Wired.com's Danger Room reports that Monday, the Air Force Research Laboratory at Wright-Patterson AFB introduced a two-year, $11 million effort to put together hardware and software tools for 'Dominant Cyber Offensive Engagement.' 'Of interest are any and all techniques to enable user and/or root level access,' a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.' This isn't just some computer science study, mind you; 'research efforts under this program are expected to result in complete functional capabilities.' The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. How long before they slip a root kit on you?

Re:The big problem with this...

[powerlord]

I disagree.

Usually the types of holes stay consistent, and a hole can go unnoticed for quite a while (take a look at the recent Debian issue).

Yes, this is the sort of thing that needs to evolve over time, but even then, the computers you want to compromise may not have the latest patches and updates (may not be in the position to get them, may not be undergoing regular maintenance, may be deemed to critical to risk on untested patches leaving them vulnerable which the patches are tested, or the company may have simply EOL the OS/software and there may be no patch to get).

If you were right, and all holes were patched and fixed, leaving computers invulnerable, then there wouldn't be a problem today with malicious botnets being used to send spam, perform DDoS attacks, and for use in Phishing and other Fraud/Identity theft schemes.

USA = United States of Advertising

The land of the free: where nothing is. But you're free to blog about it unless your voice is heard too clearly by the majority of blockheads.

How many marijuana spotting drones are YOUR tax dollars paying for today?

Your country is closer to Communist China's philosophies than you think, but you're too busy working and consuming to care.

Rise, Bill Hicks, Rise from your grave! We have no one like Hicks or John Lennon to rally and speak to the people. SLAVES!

Re:SETI@Home

[r_jensen11]

Umm, America's Army is produced by the US Army, not the USAF. Hell, the US Army logo is everywhere in that game. Two very separate branches of the US armed forces.

Artical reference is a lie and flamebait

[R2.0]

From the article at the root of the Slashdot post to which you are reacting:

"The U.S. would not, and need not, infect unwitting computers as zombies. We can build enough power over time from our own resources.

Rob Kaufman, of the Air Force Information Operations Center, suggests mounting botnet code on the Air Force's high-speed intrusion-detection systems. Defensively, that allows a quick response by directly linking our counterattack to the system that detects an incoming attack. The systems also have enough processing speed and communication capacity to handle large amounts of traffic.

Next, in what is truly the most inventive part of this concept, Lt. Chris Tollinger of the Air Force Intelligence, Surveillance and Reconnaissance Agency envisions continually capturing the thousands of computers the Air Force would normally discard every year for technology refresh, removing the power-hungry and heat-inducing hard drives, replacing them with low-power flash drives, then installing them in any available space every Air Force base can find. Even though those computers may no longer be sufficiently powerful to work for our people, individual machines need not be cutting-edge because the network as a whole can create massive power."

Re:If you ask me.... you didn't but....

[Pantero+Blanco]

Before you call someone ignorant, pause and make sure you aren't about to make an ass of yourself in a spectacular way.

The GP post wasn't speaking literally. He was saying that the Government doesn't regard its own illegal actions as illegal.

Or did you forget about Andrew Johnson, Bill Clinton, and, most notably, Richard Nixon?

It's a Nixon quote that he's referring to. "Well, when the president does it that means that it is not illegal."

http://www.landmarkcases.org/nixon/nixonview.html

Re:SETI@Home

[SanityInAnarchy]

And in that article, it was also mentioned that the US government controls enough points to make a botnet mostly pointless.

The real reason is probably to hide who's doing the attack.

Good Security is a Two Edged Sword

[CodeBuster]

This whole Air Force concept speaks to a larger issue or misconception within our society, particularly among non-IT professionals, that it is somehow possible for technology to be available for use by the "good guys" and yet not also available for use by the "bad guys". There was a similar case (sorry have no citation) where a senator expressed the viewpoint that copyright holders should have the capability to remotely "break in" to any computer system and "destroy it" once they have shown to a judge, perhaps through some warrant processes, that it contains their copyrighted materials (of course nothing was mentioned about how this would be achieved or even could be achieved in practice). If we want the benefits of a secure operating system and strong encryption then we must also be willing to accept the possibility that such tools might be used against us, but in such cases it is wise to remember the words of one of our founding fathers, Benjamin Franklin, who said that, "Any society that would give up a little liberty to gain a little security will deserve neither and lose both."

Re:Pushing rope

[fyrie]

If that cracks you up, you'll love this website which is hosted on a C64

Re:Who comes up with ideas like this?

It might interest you that the article here has a bit of misinformation in it. From http://www.usatoday.com/tech/news/computersecurity/hacking/2008-05-15-military-botnet_N.htm, we have a quote:

The government wouldn't build its botnet by infecting innocent people's computers like criminal hackers, Williamson wrote. Instead, the military could use PCs it was going to throw away. And it could expand that botnet's computing horsepower by implanting its code on other government computers.

So....nobody came up with the whole 'take over the innocent' idea other than the guy who posted it here. (And since no one will ever read this anyway...) Nobody other than a true Slashdot user would be ignorant enough to even propose it. Sorry, but that's how it seems to be. The more I read this site, the more I wonder about the quality of information I'm getting. ~~An Anonymous Coward

Re:Open Farce

[Ungrounded+Lightning]

Better get a few pairs of eyes to start guarding the guards. Since the NSA is a spying organization, it kind of seems silly to take them at their word about trying to make Linux more secure.

The open security community has been turning a jaundiced eye on NSA ever since its existence was leaked.

As far as I can tell, trapdoor algorithms and public-key cryptography in the public sector were developed based on speculation on the sort of thing NSA MIGHT have built into what became DES.

(Eventually - about the end of DES' design lifetime - it turned out that the funny symmetries that were noticed in the NSA-prescribed S-boxes were apparently a defense against a type of cryptoanalysis that the public sector hadn't reinvented yet. NSA has a dual charter: Spy on everybody else, but protect info in the US, both public and private sector, from bad guys foreign and domestic. Apparently they were actually living up to the nicer side of the coin. THAT time. B-) )
I'm sure the private sector crypto researchers will continue keeping a sharp eye out for shenanigans. (But it doesn't hurt to publish a reminder now and then. B-) )

Re:I can think of a few reasons

[Alpha830RulZ]

Because most of those come out of a relatively few access points into the internet, which could be masked for. Part of the power of a botnet is the diverse sourcing.