Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air Force Aims for Control of 'Any and All' Computers

Posted by timothy on from the we'd-rather-kill-them-off-by-peaceful-means dept.

Noah Shachtman on Wired.com's Danger Room reports that Monday, the Air Force Research Laboratory at Wright-Patterson AFB introduced a two-year, $11 million effort to put together hardware and software tools for 'Dominant Cyber Offensive Engagement.' 'Of interest are any and all techniques to enable user and/or root level access,' a request for proposals notes, 'to both fixed (PC) or mobile computing platforms ... any and all operating systems, patch levels, applications and hardware.' This isn't just some computer science study, mind you; 'research efforts under this program are expected to result in complete functional capabilities.' The Air Force has already announced their desire to manage an offensive BotNet, comprised of unwitting participatory computers. How long before they slip a root kit on you?

21 of 468 comments (clear)

  1. Hmmm... by SatanicPuppy · · Score: 4, Insightful

    Sounds like the Air Force already has an overabundance of tools working for it.

    Tools? Seriously? Any toolset is going to have to be constantly adaptable, and is going to fall victim to the same problem as all other computer security stuff: it's obsolete almost as soon as its written.

    They'd be better building a strong infrastructure, and recruiting top talent than trying to build some kind of software package, presumably to be manned by some kind of enlisted man script kiddie.

    Even then, they're going to get the same kind of penetration as everyone else. 20%, 30% maybe, on a good day. You can't even rely on vendors to insert backdoors; the best choice for that would be microsoft, and adding a backdoor to Windows would be redundant in most cases.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    1. Re:Hmmm... by SatanicPuppy · · Score: 4, Insightful

      The military has a problem with the sort of gifted rule breakers who are good at this stuff...They aren't geared toward using them. That's the whole reason we have organizations like the CIA.

      Trying to use automated tools is exactly the sort of thing I'd expect to see them do, but automated tools are of limited utility these days. Maybe one day computer systems will achieve some sort of "normal" configuration, where one size will fit all, but I don't see that happening for years.

      My home machine takes innumerable hits from scripts trying automated attacks; 95% of them are trying to exploit software I'm not running. The ones that actually have it right still have a very low rate of trying attacks that could possibly succeed.

      Some random hacker in China wouldn't care that they had to run an automated attack against 10,000,000 machines to infect 1,000, but that won't cut it in war. You need trained people. Those people need amazing resources.

      This? This is a joke. That money could be better spent by not buying pre-hacked security appliances.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    2. Re:Hmmm... by tom's+a-cold · · Score: 4, Insightful

      The military has a problem with the sort of gifted rule breakers who are good at this stuff...They aren't geared toward using them. That's the whole reason we have organizations like the CIA.
      I've met a number of CIA people. Analysts, of course-- wouldn't know the covert people, since after all they're covert. "Gifted rule breakers" is not the phrase I'd use. Academically-inclined, diligent, slightly smug preppies would be a more accurate description. The reason we have organizations like the CIA is to evade accountability, not because they are somehow more gifted than military people.

      Anyway, hacking is more likely to be the domain of No Such Agency.

      If you want "gifted," don't bother looking in Washington and environs. Plodders, ass-kissers and shysters, those you can easily find. It's the company town from hell.

      --
      Get your teeth into a small slice: the cake of liberty
  2. Who comes up with ideas like this? by bsDaemon · · Score: 5, Insightful

    This must be the ultimate example of "solutions" to engineering problems coming from a manager and not an engineer. I bet they'd like a pony while they're at it.

    You know they'll get what they want out of commercial OSs by putting pressure on the vendors. Linux and the BSDs are too much of a moving target, and OpenBSD is run out of Canada anyway. If ever there was an article that needed to be tagged 'goodluckwiththat,' this would be it.

    1. Re:Who comes up with ideas like this? by Opportunist · · Score: 4, Insightful

      Dead on.

      It's pretty much the same as in some European countries, where they try to create some sort of "cop trojans" for eavesdropping on suspects. They just heard how effective those bots and trojans are for the criminals and want the same efficiency for themselves.

      Yes, botnets are hell of efficient in bringing down a network. Yes, trojans enable you to control your victim's computer. What they do not realize in either case is that the efficiency comes from liberal shotgun application of the infection. You spread your malware a billion times, it gets looked at a million times, it gets installed a thousand times.

      In the case of the "copper trojan" it won't work because the chance to actually infect a machine is so minimal that it won't warrant the necessary expense (not to mention that it's far more likly to warn your suspect rather than get you any information). In the case of an "Air Force botnet", the fallout from negative PR is certainly going to do more damage than good.

      Both problems don't apply to the criminals. Why should a botnetter care that nobody in the US likes him? Why should a phisher care whether he infects a certain machine?

      And that's what our representatives (and military brickheads) don't get. Using criminal tactics first of all doesn't work. And second, resorting to the same tactics criminals use gives you really, really bad press.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. If you ask me.... you didn't but.... by zappepcs · · Score: 5, Insightful

    I'd say this was as illegal an idea as malicious botnets. My computer cpu cycles are NOT for sale to the US Government, or any government. They can have them when they pry them from my dead cold pc case...

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:If you ask me.... you didn't but.... by sm62704 · · Score: 4, Insightful

      I hope I catch the USAF inside MY computer. The civil rights suit will be worth millions, when I retire I'll retire in comfort instead of poverty.

      In fact I think I'll set up a honeypot just for them. Bastards got 4 years of my life, they're NOT welcome to the contents of my computer. Like you said, it is illegal for them to do so, and whatever lawless nutcake Colonel that thought up this outrage should be court-martialed and sent to Leavenworth.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  4. Eleven million? Good luck. by mckinnsb · · Score: 5, Insightful

    Establishing total and completely control across all hardware and operating systems, all patch levels, etc?

    I admire your optimism, USAF, but $11 million dollars is simply not going to make that happen -if it can even be done. Software companies have enough trouble just getting their *own* software to work installed on *willing systems*, and some of the bigger ones spend that kind of money just getting it to work on one operating system withing a reasonable set of constraints.

    Take into account the fact that you will also be most likely using pre-existing exploits, which will be repaired swiftly by responsible developers that watch security RSS feeds, and this is a red herring task. If you are talking about spending 11 million dollars on doing your own research towards establishing remote control by examining source code or reverse engineering to find new exploits, then honestly, you aren't just crazy- you are batshit crazy. You're going to need a whole hell of a lot of money to do that.

  5. Better than the Great Firewall of China by Enlarged+to+Show+Tex · · Score: 4, Insightful

    The internet is said to route around censorship; however, you don't need to censor the internet if you can pwn the world's PCs.

    At first glance, it seems that this would easier to do by simply mandating government backdoors in all operating systems. Wait. Not only does a legislative fix not work work for FOSS, it's also likely to start a tremendous uproar until you show enough people a video of Britney Spears's latest car accident...

  6. The big problem with this... by bugnuts · · Score: 5, Insightful

    ... is a taxpayer money sink.

    Over time, systems change. That means after this two-year study and eleventy-million dollars later, it's worth very little a year down the road. In three years, we're virtually guaranteed to have nothing for the efforts, except a statement saying "Oh, we learned a lot, and now need continuing funding. Please give us more money."

    Although many holes in software exist for a long time, they are generally patched within a couple months once discovered, usually sooner. And as soon as the military activates one of these holes, it'll be analyzed and patched. That will remove one of their finite resources.

    100% control of all platforms and systems is beyond ludicrous. They might as well wish they could read minds, teleport, and find Carmen Sandiego. Or at least Osama.

  7. Re:SETI@Home by SatanicPuppy · · Score: 5, Insightful

    The whole botnet thing just shows how absurdly out of touch they are. A botnet is a tool created by a bunch of guys who have limited computer resources in a bid to increase those resources.

    Why the fuck would the United States Air Force want a botnet, when they could have the real thing? A tightly integrated computer network with near unlimited bandwidth, satellites, super computers, massive clustering, and secure, integrated control.

    Botnet. Jesus. Someone take the freaking tech magazines away from the air force brass before they start doing social networking or some crap.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  8. what they want and what they'll get rarely match by Danny+Rathjens · · Score: 5, Insightful

    I bet when the military was studying psychic remote viewing and psychic assassination the project goal was for completely functional capabilities as well. How did that turn out? ;)

  9. Re:SETI@Home by SatanicPuppy · · Score: 4, Insightful

    That doesn't bother me; games can be a legitimate training tool, and paying for the tool, then making it available to the public is acceptable. It doesn't even bother me when they use it to recruit.

    What bothers me is when they do something that's just flat boneheaded, and clearly the result of someone in the chain of command who doesn't know crap about anything, shooting his mouth off and making policy.

    If they want to do the whole "cyberwar" thing, they need to take it seriously, and put people in charge who have the faintest fucking CLUE about what they're supposed to be doing.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  10. I can think of a few reasons by spun · · Score: 5, Insightful

    Why would the USAF want a botnet? One, a botnet is distributed and harder to block than a centralized computing facility, or even a reasonably distributed one. Two, a botnet can grow as needed. When fighting an enemy botnet, this could prove very necessary.

    Not that I'm condoning any of this, mind you. Just saying, I don't think the Air Force brass are all total idiots.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  11. Armed Forces used against American Citizens by trybywrench · · Score: 4, Insightful

    Isn't there a law that says the government can't use the Armed Forces against us? Like isn't that the reason why the National Guard is called to stop riots and not like the Marines? If the Air Force is building a bot net that comprises American PC's then shouldn't that follow under the same law?

    --
    I came to the datacenter drunk with a fake ID, don't you want to be just like me?
  12. Re:Seconded. by SatanicPuppy · · Score: 4, Insightful

    The dumb thing is, we've already proven that we are the world leader in unleashing the "hard kill" smackdown on information infrastructure.

    Just putting effort into the software side would only add to that threat, and doing what the NSA does and just smirking and saying, "That's classified" when anyone asks them about their cyber crap would only make the threat more credible.

    This is like watching some script kiddie waltz into an IRC channel and start swaggering. You know people are going to sneer, and you know someone is going to take a shot at them.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  13. dear air force morons: by circletimessquare · · Score: 5, Insightful

    you don't defeat your enemies by engaging in their tactics. that just makes you the moral equivalent of your enemy, thereby nullifying any moral high ground you claim to have, thereby nullifying any reason any citizen of your country or ally of your country would side with you

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  14. Re:SETI@Home by LingNoi · · Score: 4, Insightful

    I think it's you that doesn't have a clue. By having their own botnet not only can they infect people in the country they are attacking locally they can deny any responsibility for the attack. It also costs the virtually nothing when then enemy is paying for those computers to be online.

  15. Third Amendment, anyone? by RJCantrell · · Score: 5, Insightful

    The third amendment to the US Constitution reads: "No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law." This idea is so important that the founders put it in before trial by jury or cruel and unusual punishment. Aside from the "because we said so" Bush regime's retorts, is there any way that involuntary botnet participation could be even slightly legal?

  16. Re:SETI@Home by MobyDisk · · Score: 4, Insightful

    Why the fuck would the United States Air Force want a botnet Because a botnet lets you do a DDOS attack more effectively since it comes from multiple points. There was a Slashdot article about it last week.
  17. From experience... by Anonymous Coward · · Score: 5, Insightful

    I've worked at an Air Force Research Laboratory for the past 3 years. I can guarantee you nothing will come of this, it is a giant waste of taxpayer dollars, and no one should be worried about their privacy (just their pocket books).

    Now the previous comments about them spending $11m and then 3 years later asking for $11m is close but also wrong. They will ask for at least double that, every 3 years (take a look at their POMs in the future), indefinitely...