Slashdot Mirror

← Back to Stories (view on slashdot.org)

Germany Readying Offensive Cyberwarfare Unit, Parliament Told

Posted by timothy on from the approve-or-face-our-blackmail-threats dept.

concertina226 writes to note that it's not just the U.S. that's increasingly open about using malware as an offensive tool of state security: From the TechWorld story: "According to German reports, the Bonn-based Computer Network Operations (CNO) unit had existed since 2006 but was only now being readied for deployment under the control of the country's military. 'The initial capacity to operate in hostile networks has been achieved,' a German press agency reported the brief document as saying. The unit had already conducted closed lab simulations of cyber-attacks." "Unlike physical attacks," concertina226 writes, "cyber-weapons can't be isolated from their surroundings with the same degree of certainty. If, as a growing body of evidence suggests, the U.S. Government sanctioned the use of cyber-malware such as Stuxnet, are the authorities also held responsible should such campaigns hit unintended victims?"

7 of 55 comments (clear)

  1. so we must prepare now by Anonymous Coward · · Score: 3, Funny

    for a bitskrieg?

  2. Re:It's our own damned fault by Slyfox696 · · Score: 2

    Then what is your alternative?

    The return of Sneakernet.

  3. Why not? It's cheap. by Beardo+the+Bearded · · Score: 5, Insightful

    Bombs are expensive. You want to stop enemy production in a war, right? So you blow up the factories, the power plants, etc.

    What if, instead of blowing them up, you just shut them all off? It worked with Iran's atomic development and ushered in a new era of warfare. Up until WWI, war was a grand and glorious adventure, swords and arrows, showing the bad guys what for! Then chemical weapons killed so many people all at once, the game wasn't fun anymore, but you could still send your plebians out to rattle your sabres. Once atomics showed up, we go to the point where war could kill the country's leaders as well as the people sent out to the front lines.

    This new era lets anyone, anywhere, pick off any target. You can shut down an Iranian centrifuge. You can dig up dirt on the Prime Minister and give it to the newspaper. Everyone with an Internet connection has the potential to hold a weapon far more dangerous and far more powerful than anything that goes "bang". We can make anyone, anywhere, go "whimper".

    That's why we're seeing cyberwarfare units and Internet censorship / monitoring. We can't have people rocking the boat.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  4. Re:It's our own damned fault by ka9dgx · · Score: 4, Interesting

    Instead of running processes with all the rights of the given user account, use Capability Based Security. This means that for a given process, at run-time (not before hand like app-armor), you tell the OS which files and access type a process will need. This doesn't fix everything, but it does let you isolate security decisions and eliminate the side effects of running any code (trusted, untrusted, or downright evil) to the capabilities you chose to give it. This means that even if you confuse a process, you can't get more capabilities than it was given. Privilege escalation goes away, which is a major attack vector, along with stack injection, buffer overflows, etc. (Of course it does require a secure kernel, which you have to trust).

    It's my firm believe that capability based security will eventually be what we all use... but due to the need to make people aware of the concept (which is several layers of abstraction away from what we usually deal with) and the cost of revamping everything... we're still 15 years out.

  5. 'capacity to operate in hostile networks' by NettiWelho · · Score: 3, Funny

    "'The initial capacity to operate in hostile networks has been achieved,'" Took them 6 years to notice their ethernet cable wasnt plugged in?

  6. Re:It's our own damned fault by 0123456 · · Score: 2

    We already have that with Apparmor and SELinux. The problem is that common attack vectors such as web browsers already need access to all files on the machine; how can you upload that Lolcat picture to Facebook if your web browser is restricted to only accessing specific files on your system? How can you prevent a malware addon installing by blocking writes to the addon install directory if the web browser supports automatic installation of addons?

    So it's an improvement, but still leaves big holes.

  7. Re:Why not? It's cheap. by TubeSteak · · Score: 3, Insightful

    This new era lets anyone, anywhere, pick off any target.

    And that right there is the problem.
    In the past, when war was purely about bombs and boots on the ground, you could rely on your physical defenses and alliances to protect you from retaliation.
    The USA and Germany don't have to worry about Jihadist drones dropping bombs on New York or Dusseldorf,

    But they certainly have to worry about malicious hackers with a grudge.
    Today, the internet is such a soft target that it's tragic.

    The developed world may be starting a war where they can't project numerical or tactical superiority.
    LulzSec and Anonymous show that you don't need the resources of the NSA to go after big targets.
    http://cryptome.org/2012/06/lulzsec-sneak-preview.htm

    --
    [Fuck Beta]
    o0t!