Slashdot Mirror
France Will Hack Its Enemies Back, Its Defense Secretary Says (theregister.co.uk)
France's defence secretary Florence Parly had a declaration to make this week: "Cyber war has begun." And she said the Euro nation's military will use its "cyber arms as all other traditional weapons... to respond and attack," as well as setting up a military bug bounty program. From a report: Parly made her pledges during a speech to the Forum International de Cybersecurite (FIC) in the northern French town of Lille. Her speech was on a topic that most Western countries shy away from addressing directly in public. "The cyber weapon is not only for our enemies," said France's defence secretary this afternoon, speaking through a translator. "No. It's also, in France, a tool to defend ourselves. To respond and attack." Her remarks will be seen as moving the debate about offensive cyber capabilities -- not just so-called "active defence" but using infosec techniques as another weapon in the arsenal of state-on-state warfare -- to a new level.
A new offensive cyberwarfare department, staffed with white hat hackers and run by a flag officer, and elevated to it's own branch. The French will call it the white flag ministry.
And likely nobody else.
One has to wonder whether stupidity is a job requirement for these positions. Even after minimal consultations with actual experts, this person would know that this approach does _not_work.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The problem here is that you have to at least demonstrate that you have the capability to destroy your enemies or it's kind of pointless and very dangerous to try this tactic. You are just asking for trouble if you cannot back it up. I'm thinking this is misguided.
Has France invented something more effective hacking tools than their Maginot line was during WWII? (Asking for a friend...)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
You know Hitler did just this, he'd just go on and invade, forget the formality of declaring war. It just wastes time.
In fact, some argue that it was his departure from this principle, declaring war on the USA, that eventually got his head handed to him. Had he not formally got the USA into a war with Germany, it's possible that with the provocation of Japan's bombing of Pearl Harbor the USA would have been content with "Lend Lease" a lot longer, perhaps long enough for Germany to lock up Europe and get Russia to surrender before having to fight the USA on a second front.
But, it doesn't matter. In my estimation, you will have wars where you have them and declaring them isn't but a formality anyway.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
With how trivial it is to hide an attack in another country and blame it on another group, I hope France at least gets some surety of whom they are hacking back, because it seems like this can harm innocent parties, or parties which already have been breached.
Also, what is the end goal of "hacking back"? "rm -rf --no-preserve-root /" on the bad guys' machines may sound cool, but the bad guys likely have better backups than 95% of the companies out there and would be back in business in no time. Finding out whom the attacker is? At best, you may net a zombie "client", and maybe find a C&C IP address range.
State on state warfare as in going after another nation's power grid. Oftentimes hacking are asymmetric attacks. There may not be a power grid to speak of in some countries. Others would take that as an act of war, and respond with nukes or other weaponry.
Instead, maybe France needs to take a page from China and other countries, and that would be to see about better firewalling at their physical border routers, so attacks from foreign sources are stopped there, rather than at the hosts themselves. It might be wise to just block entire countries' IP space completely, if it is confirmed without a reasonable doubt that that country has state actors trying to do stuff.
Or, create an organization like UL and have component makers pass basic security testing before it is allowed to be sold, especially IoT stuff. It may not even hurt to make top brass of companies (you know, the guys who say "security has no ROI", then short the company stock before a security breach announcement is made) personally and criminally liable for breaches.
There is a lot countries can do to make themselves less of a target. "Hack them back" just doesn't sound feasible. Way too easy to launch attacks from someone else's territory. One thing countries can do is just not play ball. If Lower Elbonia is always a source of attacks via their state government, block their IP ranges at the routers, and call it done. If a corporation in another country is causing issues due to lack of security, block their range, or put the range in a blackhole list and let the ISPs do the blocking.
If you don't like Macron then vote against him. Destroying the property of others, risking the lives of innocents and threatening diplomatic representatives are terrorism and yes those that do those acts or condone those acts are the enemy of France as a state and as a people.
the Cyber War has.
#DeleteChrome
I remember listening to a talk from the Chaos Communications Conference called "We Lost The War". In it, the presenters posed the question of why there's so much talk of cyberwar, which they answered by saying that your standard warmongers are relevant only in war, so they want to shift as much discussion as possible toward war. Importantly, this means that the only reason cyberwar is being mentioned is to give relevance to warmongers. The fact is, computer security is inherently asymmetric. That means that retaliation is ineffective. Buying into the framing that's given by people such as Florence Parly makes absolutely no sense. Cyberwar doesn't have to exist at all; it only exists if we want it to. If not, traditional defensive computer security, as has always been done, is extremely effective.
Anyone who protests about tax rates and new taxes all around France.
Anyone who questions what France is spending its new tax on.
Domestic spying is now "Benign Information Gathering"
Cyber war FUD aside, I find it an interesting change to reward people who find holes in military systems instead of imprisoning them for "putting brave soldiers life in danger".
When cyber attacks are perpetrated, it can be extremely hard if not impossible to confirm who actually initiated the attack. Worse, the attackers may plant evidence pointing to an innocent party, causing the French to attack that target, which it turn can cause that target to retaliate, initiating a full out cyber war back and forth...
Japan gets all the credit for getting the US into the fight. The last thing the Germans wanted was for the US to enter the war. Japan handed Roosevelt the ammunition he needed to shit can the Neutrality Act which was supported by almost 80% of the US public before Pearl Harbor. Once the US formally declared war on Japan the Germans were forced to declare war on the US in support of their allie. Roosevelt had already exceeded his authority with his novel interpretation of the Neutrality Act. He had already unilaterally extended US territorial waters in the Atlantic to make it harder for the German U-boats to sink supply convoys to England.
The 20th century power curve was defined by two of the most boneheaded military decisions. Japans bright idea to hit Pearl Harbor and Hitler's decision to invade Russia. The Pearl Harbor decision was bold but Japan miscalculated the effect their attack would have on US public. And Hitler would have been better served reading up on Napoleon's misadventures during a Russian winter.
Some historians argue that getting Japan and the USA involved in a dust up was EXACTLY what Germany needed, and indeed encouraged. Japan and Germany didn't have a mutual defense treaty, not really, they had an "understanding" but Germany was NOT committed to enter the war when the US declared war on Japan. Yes they had talked, but Hitler would NOT have allowed himself to be drawn into that conflict as he was busy enough and stretched thin already fighting two fronts in Europe.
Hitler was very much unwilling to fight on more and more fronts, he didn't need the formal involvement of the USA (though "Lend Lease" had already started to creep the US into the war in Europe) and although he encouraged Japan to harass the USA and keep them engaged in the Pacific, I don't think he expected they'd do what they did. I guess he figured that once the fight was joined by the Japanese, he really didn't have much choice but roll the dice, hoping this would take the pressure off of him in Europe. And if you think about it, it almost worked. What sunk him was the industrial production capacity of the USA for making the materials for war and his inability to blockade the UK well enough to invade and take the island before the Russian front sucked all his power east and the opening of the African campaign drained more resources trying to control ports in the med and forestall an invasion from the south of Europe.
And, the Russian campaign was inevitable. He gravely underestimated the logistics and distances involved so his plans where very optimistic about how long it would take, but it was a war he HAD to have and one he had to complete BEFORE the USA came on the scenes. Napoleon would have cleaned the Russian's clocks had it been him instead of Hitler. Hitler's problem was he obviously over confident in his abilities.... Not that invading Russian was impossible, but that he didn't recognize the obvious tactical risks that his plans involved and didn't effectively deal with these risks, even when the Russians used them over and over to bludgeon him. Then, when winter came, the Russians just let the weather do what they could not. Hitler could have had that front licked, he just was stupid about logistics until it was way too late to do anything. (And let's not forget that was a really bad winter too. )
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Sites that let people see where the new tax money went.
People who are creative and make funny political memes.
Protesters who want tax reform.
Freedom of speech and to publish.
Domestic spying is now "Benign Information Gathering"
It has to be a modem at the end of the ISP on that one IP.
One IP, one ISP, one powerful politically active desktop computer.
Its always only one desktop computer.
That has the computer power needed to do the layers needed to make funny political meme art.
Stop the meme computers and French politics can sell the extra big tax rates.
A very East German way of preventing any comment on what a government is doing.
Domestic spying is now "Benign Information Gathering"
If there was a new vote now, its obvious Macron would have absolutely no chance of being elected. This means that France is now ruled by someone who does not represent the will of its population. This is not democracy, this is dictatorship and only the enemies of France would support dictatorship.
Of course, it is sad that people have to use violence to force an elected president to listen to them (or to resign), but don't blame the people for that. Blame Macron. He is the one who forces people to use violence.
I doubt Hitler would have ever completely subjugated the Soviet Union. They could continually fall back through the Urals and beyond and the German supply lines would have been extended even further. German logistics were a mess - it still relied on mainly rail movement and horses for movement close to the front. The transport vehicles it did have were mainly taken from France and other countries - the Allies in contrast were highly mechanised.
Time and time again German supply routes were it's weakest point. Rommel's strategy only worked if he could keep moving forward all the time, bypassing pockets of resistance. The hammering German convoys got in the Mediterranean from Royal Navy and the Royal Air Force meant he never got the fuel, ammunition and replacement armour needed to keep the momentum going. The "all-the-eggs-in-one-basket" strategy of spending all the naval money on submarines and capital ships meant bugger-all destroyers to protect their own supply ships. The Taranto action also kept the Italian Navy out of the frame.
If Germany had focussed it's industrial capacity better and had one view instead of all the competing voices, the history of WW2 in Europe would have been rather different - almost certainly Berlin would have recieved some instant sunshine in 1945.
>> How will France confirm who the attacker really is
Easy. Throw dice.
If you get a 1,2,5, the attacker is China
If you get a 3 or 4, the Attacker is Russia
If you get a 6, it's China and Russia acting together.
aaaaaaa
But I am le tired
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
You know Hitler did just this, he'd just go on and invade, forget the formality of declaring war. It just wastes time.
A thousand tanks rolling over your border is declaration enough.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
The Pearl Harbor decision was bold but Japan miscalculated the effect their attack would have on US public.
Pearl harbour was just one of a number of attacks designed to secure the pacific, one of the reasons ironically to provide them more safety from the US. It didn't work.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
and owns, controls or regulates most of the local internet infrastructure.
minitel doesn't count
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
I agree. I propose we declare war on war to end it once and for all.
The phrase makes no sense - "The cyber weapon is not only for our enemies," said France's defence secretary this afternoon, speaking through a translator. "No. It's also, in France, a tool to defend ourselves. To respond and attack." " Anyway, isn't declaring yourself to be up for some internet fisticuffs a recipe for disaster? A million script kiddies just realised how much fun it would be to deface French websites and turn off their power!