Print 73 comment(s) - last by FaceMaster.. on May 21 at 3:25 PM

Sometimes the best defense is a good offense...

The online world is growing to be an increasingly dangerous place, with multiple national governments including Britain, the U.S., and India alleging that their systems are being regularly hacked and probed by Chinese nationalists.  These incidents are the sign of a growing trend and represent the increasing sentiment among military minds that the wars of the future will be waged heavily online.

In the era of online warfare, one of the most powerful attacks are brute force attacks using botnets.  These nets control thousands, or in theory, millions of online computers, remotely coordinating them to perform attacks as simple as simple distributed denial-of-service (DDoS) attacks as well as more sophisticated attacks.

The value of having a strong botnet is becoming readily apparent.  China already appears to have one, if U.S. intelligence is to be believed.  The U.S. is floating plans of building its own botnet to combat its enemies.  And it’s putting the idea out under the public eye to get feedback, as it prefers its actions be discovered sooner, rather than later for fear of public backlash.

Col. Charles W. Williamson III writes in the Armed Services Journal an article calling for the development of a botnet, using the American public's computers.  He wants the botnet to be placed under the U.S. Air Force's command.  The Air Force is becoming increasingly involved with online warfare, with the development of a new sub-branch of the Air Force, the Air Force Cyber Command (AFCYBER).  AFCYBER deals with a variety of online threats from rogue individuals to dangerous nationalists.

Many see the article as more of an announcement as opposed to a question.  Barring massive public feedback, it seems likely the U.S. military will pursue plans to develop a massive botnet for its offensive and defensive purposes.  Williamson raises a valid point that any fortress, digital or real-world, will eventually be penetrated by a determined invader.  He says the only viable solution is to develop and practice a considered offense.

He points out that cyber security circles agree with him on this point; most security experts realize that no method of data protection is currently foolproof.  By merely owning a credible offensive capability, Williamson believes many would-be attackers will be deterred.

How will the botnet be formed?  Williamson suggests first repurposing old military computers.  He goes on to suggest that the military should consider infecting civilian machines with trojans, making them potential zombies, should the need for the botnet's use arise.

Williamson concludes his ruminations on the botnet with an intriguing question.  If another country's civilian infrastructure is attacking our government or civilian infrastructure online, how can the U.S. delicately launch an attack against the attacking infrastructure?

Writes Williamson, "The biggest challenge will be political.  How does the US explain to its best friends that we had to shut down their computers? The best remedy for this is prevention. The US and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

I'm all for it
By Rage187 on 5/13/2008 10:02:20 AM , Rating: 5
I'm too old for the military. Feel free to use my PCs against those commie bastards.

RE: I'm all for it
By MrBlastman on 5/13/2008 10:13:27 AM , Rating: 6
Ten Hut! Calling all computers to smack their bits up!

I can see it now, mandatory service in the United States Botnet Alliance - required for all digital citizens to enter into the realm of the online age. Please check your ethernet cables in at the door and hand over all encryption keys.

You're one of the corps now! If you witness an ANSI bomb, please, under all circumstances throw your hard drive on the bomb! You will spare your fellow technozens o-bit-eration! Soldiers, I will have no back-awk from you. This is a direct order!

Aim your ping floods at the whites of their 0's. 10010101101 in rapid succession. If you see a 00000007 do not trust this character! He is one of the enemy and you must report him to the collective Neighbor-net command post. PKA authorization be darned.

You are one of us now soldier, you are one of the corps!

About face, stand at the ready, aim, download!

RE: I'm all for it
By Sieger on 5/13/2008 10:56:29 AM , Rating: 2
This deserves a 6.

RE: I'm all for it
By therealnickdanger on 5/13/2008 11:42:05 AM , Rating: 5
We'd probably all need Patriot memory upgrades...

RE: I'm all for it
By Golgatha on 5/13/2008 2:18:15 PM , Rating: 5
Ready! Aim!.... Right Click!!!

RE: I'm all for it
By ceefka on 5/14/2008 6:48:57 AM , Rating: 2

RE: I'm all for it
By sporr on 5/15/2008 3:04:28 AM , Rating: 2
Heh, if all the nations of the world just played a multiplayer game of CIV4 instead...

RE: I'm all for it
By Kazairl2 on 5/13/2008 11:08:38 PM , Rating: 5
Look for the following conversation to take place in the near future in thousands of homes in America: "Mom, Dad, I need a new quad-core processor. It's my patriotic duty!"

RE: I'm all for it
By goku on 5/14/2008 6:11:52 AM , Rating: 3
No, that's what the Killer NIC is for. The Killer NIC was released just in time for battle field of the future.

RE: I'm all for it
By winterspan on 5/14/2008 3:25:20 AM , Rating: 2
excellent... :)

On another note, couldn't they prevent this entire thing by keeping classified computers OFF THE DAMN INTERNET. I figured they military would wire their own damn fiber throughout the USA and use satellite communication for overseas stuff. Seriously, WTF? Do they have the nuclear control systems also hosting employee's personal blogs on Apache? ;)

RE: I'm all for it
By lompocus on 5/14/2008 10:31:35 PM , Rating: 2
I've always wondered about this, too.

Why do we have problems when we could just make a separate internet? Just lay down some new wiring.

At least, one would think its that easy.

RE: I'm all for it
By Tsunami982 on 5/13/2008 10:18:24 AM , Rating: 5
In principle I would be for this (its pretty obvious that we are vulnerable and this would be relatively simple yet practical defense), but what's to prevent the government from putting some sort of data mining program on their as well. If you consent to allowing the botnet on your computer... it could be argued that you are consenting to allow other associated code to be installed as well (fine print).

RE: I'm all for it
By Ensoph42 on 5/13/2008 10:31:36 AM , Rating: 5
I don't like the idea of the US Goverment "infecting" my machine any more than I like anyone infecting my machine. That being said, I'd volunteer for it allowing it behaved within the guildlines that I expect software to behave. i.e. I had to install it, I could uninstall it at any time, options to set how updates behave, and some type of reassurance that the software wasn't doing anything it shouldn't be. Even then I'd probably run it on a seperate machine on a limited account for a long time.

RE: I'm all for it
By MrBlastman on 5/13/2008 10:38:36 AM , Rating: 5
You think Folding @ Home is competitive..

Just imagine how competitive Hacking @ Home will be or Nuking @ Home will get.

The PS 3 - console today, military weapon tomorrow. Does this mean that you need to get a permit now to buy one?

RE: I'm all for it
By threepac3 on 5/13/2008 11:03:45 AM , Rating: 2

RE: I'm all for it
By Chapbass on 5/13/2008 5:02:48 PM , Rating: 3
I hope Darik's Boot and Nuke has some trademark rights on the name :P

RE: I'm all for it
By cheetah2k on 5/14/2008 1:48:17 AM , Rating: 2
I was thinking


RE: I'm all for it
By choadenstein on 5/14/2008 7:53:17 AM , Rating: 2
Close... but I would replace Folding with another popular F word.

RE: I'm all for it
By OrSin on 5/13/2008 2:51:44 PM , Rating: 2
My biggest problem is not them using my system. My problem is them losing control of it and someone else taking over the bot net. Sorry but the best and brightest in this field is not in Navy and any contracting out will have its holes. I can see the head lines now. Navy losing control of bot net and Destroyer fires on White house from VA naval yard.

RE: I'm all for it
By lightfoot on 5/13/2008 4:01:28 PM , Rating: 2
I wouldn't call a missile strike a DDoS attack. You seem to misunderstand the capabilities of such a network.

What prevents the Airforce (not the Navy) from having the best and brightest in the field of cybersecurity? Is McAfee or Symantec's or even Microsoft's budget comparable to the Airforce's - I doubt it.

If a hacker is considered a weapon-system, you can bet that the Airforce will find the budget to get them - if only to keep them out of the hands of the enemy.

RE: I'm all for it
By SilthDraeth on 5/13/2008 4:06:17 PM , Rating: 1
Where the heck did you get Navy from. Of course the best and the brightest are not in the Navy, they are in the Air Force, which is why the Air Force will have control.

RE: I'm all for it
By JonB on 5/14/2008 7:40:30 AM , Rating: 2
You must realize that Arrogance does not equate to "best and the brightest." The only group I know of (and I spent 8 years in the Navy) more arrogant than the average Air Force officer are "Naval Aviators" (who, of course, think they are all Top Guns!)

RE: I'm all for it
By bhieb on 5/13/2008 11:18:59 AM , Rating: 2
True and that would definately be a big concern, but if they do keep this above board, and make it a volunteer download rest assured it would be one of the most scrutinized pieces of software ever written. I'm sure there would be dozens of groups combing over the code to be sure it was not doing something it was not supposed to. You think the media reports everything that MS/Sony/(insert other company names) does that even remotely hints at private information gathering, the US government would be watched by WAY more people just hoping for a story to jump all over.

RE: I'm all for it
By TechIsGr8 on 5/13/08, Rating: 0
RE: I'm all for it
By Sethanus on 5/14/2008 4:09:42 AM , Rating: 2
Its not only law firms or media that would scrutinize this program (for privacy issues), Hackers would try to crack it, and there goes ur privacy, your money, and your nuke's.

A better idea is to download it onto most government computers, including servers and supercomputers, to increase its power (but that then exposes your govenment computers to agressors).

The best idea is to have a dedicated supercomputer/server farm to play offence and defence (and hopefully contain threats at the site - that includes taking and axe and cutting the internet connection).

RE: I'm all for it
By Polynikes on 5/13/2008 1:10:19 PM , Rating: 5
If this becomes mandatory we're gonna have a lot of pissed off people "breaking the law."

I'll be one of them.

RE: I'm all for it
By NEOCortex on 5/13/2008 12:04:13 PM , Rating: 2
Hope my computer won't have to go to Canada to escape the botnet war draft......

RE: I'm all for it
By MrBlastman on 5/13/2008 12:09:53 PM , Rating: 4
All deserters will have their heatpipes de-oiled and their power supplies cut. Those who partake in the Sparky S. Transistorman underground railroad will also have their SATA cables re-routed to their USB ports.

Heed this warning as a promise!... Else you'll be turned into a keychain bobble!

RE: I'm all for it
By FITCamaro on 5/13/2008 12:30:31 PM , Rating: 1
Bill Clinton's would beat yours there.

RE: I'm all for it
By FITCamaro on 5/13/2008 12:31:39 PM , Rating: 3
All jokes aside, I'm for it. Fight China botnet with botnet. Of course we can also just shut off their internet connection entirely considering we own it.

RE: I'm all for it
By HighWing on 5/13/2008 2:53:09 PM , Rating: 3
Of course we can also just shut off their internet connection entirely considering we own it.

That is the one thing I keep thinking about every time I hear about this. Now maybe not shutoff the entire internet, but when there is an attack coming, or your machine IS being attacked, why don't they ever just pull the net plug? I mean seriously, I could understand not wanting to unplug a server from the net because it would affect other legitimate users. However, if the current attack is slowing a machine down so much that no one can use it.... then dropping it from the net would only help by stopping all incoming traffic and thus preventing it from crashing which could cause even more problems. So why is this not done more often?

RE: I'm all for it
By therealnickdanger on 5/13/2008 3:32:24 PM , Rating: 2

You'd think we would at least be able to throttle overseas connections if we so chose... How hard would that be to do? I ask because I really don't know what's involved.

RE: I'm all for it
By lightfoot on 5/13/2008 4:06:28 PM , Rating: 3
Because Comcast isn't China's service provider.

RE: I'm all for it
By therealnickdanger on 5/13/2008 4:15:37 PM , Rating: 2
I was gonna say it... But seriously, you would think there is some sort of "spigot" at every juntion where undersea cables cross into our country - even satellites for that matter. Seems strange to me that the infastructure wouldn't have a physical, hardware-based method of doing this.

RE: I'm all for it
By croc on 5/13/2008 8:07:46 PM , Rating: 2
Just what part of the 'internet' does the US gov't. own? Last I checked, all of the undersea cables were privately owned, often by companies in other countries. One DNS root server is on US soil, but again is managed / owned by a corporation (Verisign, I believe).

So what is in the US gov't.'s control even?

RE: I'm all for it
By FITCamaro on 5/13/2008 9:38:20 PM , Rating: 2
I didn't mean the government. I meant major Internet backbones are owned by an American company. That undoubtedly has close ties to the US government. At least close enough that the UN wanted control turned over to them.

RE: I'm all for it
By lompocus on 5/14/2008 10:36:42 PM , Rating: 1
Turning anything over to the UN is like signing an execution warrant for it. It's fucked!

Then again, we own the little piece of land the UN is on, so we could just say "Do what we want or we deport you, accidentally misplace your papers, and have to dump you in the middle of the atlantic ocean"

Why don't we do the obvious?

RE: I'm all for it
By rudy on 5/13/2008 1:43:51 PM , Rating: 4
Why not just shut down access to of foriegn links. Reopen only to allies or those that also shut off the enemy. In fact I think that the US and any country should be doing this already. Give China a taste of what an internet embargo can do and they will shape up their act.

RE: I'm all for it
By lightfoot on 5/13/08, Rating: -1
RE: I'm all for it
By rippleyaliens on 5/13/2008 1:52:13 PM , Rating: 2
My fear is that if China, or whoever.. does an attack, that can take over the controlled BOTS.. Then where are we then?
My thoughts, would be to
1. Plant underwater demo- on internet pipes from China. (worst case, but highly effective if it came down to it)
2. Have our government on a national level, be able to block ALLLL traffic from an attacking country, (wether the rogue country military is doing it or some random idgets), just block ip's on the national router level
3. Spend the $$$$, and just hire 100 of the best hackers, give them a black bag budget, let them go to town on china..
fight fire with WATER HOSE!!!!,

RE: I'm all for it
By FaceMaster on 5/13/2008 4:27:39 PM , Rating: 2
All Americans are paranoid about communism. You're all brain-washed. And so is your Mum.

RE: I'm all for it
By Ensoph42 on 5/14/2008 10:42:25 AM , Rating: 2
...says the socialist who doesn't study history.

RE: I'm all for it
By FaceMaster on 5/20/2008 12:34:03 PM , Rating: 2
ACTUALLY the cold war was to blame on both the Americans and Russians, just as two people pointing guns at each other are equally responsible. You may think that you're right, but that's because you're American. Hey, I've solved the mystery!

Your Mum taught me lots of history last night, so I think I know what I'm talking about.

By LyCannon on 5/13/2008 11:24:14 AM , Rating: 5
He goes on to suggest that the military should consider infecting civilian machines with trojans, making them potential zombies, should the need for the botnet's use arise.

Am I the only one who see's a problem with this???

By DCstewieG on 5/13/2008 11:31:33 AM , Rating: 5
I totally agree. Why would it need to be a trojan anyway? Make it freely accessible and I'm sure plenty of people would run it. Maybe take a few bucks off their income tax. And then, instead of criticizing someone who doesn't wear a flag pin on their lapel, you blast them for not participating in the botnet! Unpatriotic bastards!!

Preferably this thing would be open source but I would seriously doubt that.

By FITCamaro on 5/13/2008 12:35:00 PM , Rating: 1
Hell I'd settle for getting to choose where my tax money goes. Military, NASA, education, and roads. That'd be about it. At least I get something out of those things(of course the public education system is a joke). F*** welfare, medicare, medicaid, social security, foreign aid, etc.

By mvpx02 on 5/13/2008 2:23:47 PM , Rating: 2
but but but if we don't work and pay taxes for those things, the people who rely on them might have to work themselves! Oh the humanity!

} ;end sarcasm

It would be nice if we could choose what we didn't wanna pay for, especially with all this talk of socialized healthcare

By HeavyB on 5/13/2008 3:08:20 PM , Rating: 3
Yea, I'd like to make sure my tax dollars don't go to those lazy ass government contractors that do nothing but pay for lobbyists and collect their fat government subsidized industrial welfare checks without ever delivering on their contractual promises.

By Mr Perfect on 5/13/2008 1:10:43 PM , Rating: 4
No, you're not. Voluntary participation is one thing, but infecting citizens' computers without their permission is outrageous.

Could you imagine the havoc this would cause in the business world? One day every thing's humming along fine, the next your company's whole IT infrastructure is crawling because it's been assimilated into the botnet, Borg style.

You a patriot?
By adrift02 on 5/13/2008 11:53:50 AM , Rating: 2
I would be all for the military "limiting" my control over how my computer is used, but only if they could show me some evidence that there is a threat of WMD and terrorists are involved. If thats the case then they can just have a direct hook up!

RE: You a patriot?
By Strunf on 5/14/2008 4:35:54 AM , Rating: 2
"if they could show me some evidence that there is a threat of WMD"

Like it was the case for the Iraq war ?...

RE: You a patriot?
By adrift02 on 5/14/2008 1:31:03 PM , Rating: 2

I was making a point that through fear people piss away their rights and freedoms.

RE: You a patriot?
By ok630 on 5/20/08, Rating: -1
RE: You a patriot?
By FaceMaster on 5/21/2008 3:25:00 PM , Rating: 2
Die painfully okay? Prefearbly by getting crushed to death in a garbage compactor, by getting your face cut to ribbons with a pocketknife, your head cracked open with a baseball bat, your stomach sliced open and your entrails spilled out, and your eyeballs ripped out of their sockets. Fucking bitch

I did that to your MUM last night... but she seemed to enjoy it. The fucking bitch.

I Disagree
By Quiescent on 5/13/2008 10:08:11 AM , Rating: 2
I have seen what botnets are capable of. It's not so fun when you're chatting on IRC and suddenly a 1k botnet hits your channel. If you have a crappy computer or just use a crappy IRC Client, most likely your computer will freeze and/or just lag for as long as the botnet hits you.

In further addition, being infected by a botnet can consume your bandwidth and your computer's resources. And me having a 256k up and down connection, I prefer not to have someone else use me to their advantage at the cost of me paying for the internet connection I have.

Sure if they paid me a lot of money to use my computer as a botnet and secure it so that only they can access my computer, I would absolutely be all for it. But otherwise, it would be a waste of my time, a waste of my bandwidth, a waste of my money, and a sore for me.

Great, now the military wants to be skiddies!

RE: I Disagree
By Shawn5961 on 5/13/2008 11:09:07 AM , Rating: 2
I'd rather have a 256k up/down connection than having a connection with a bandwidth limit like I do. Too much bandwidth in one day and I get shut down to dial-up speeds, with one major difference. Whereas dial-up gets about a 400-600ms ping, mine is usually around 1250.

RE: I Disagree
By Quiescent on 5/14/2008 9:39:02 AM , Rating: 2
I feel like I have a dialup connection sometimes. When I'm downloading a torrent, no matter how much I limit my upload speed, I end up not being able to load sites as well, sometimes they just time out. With my modem, I actually get 1mbit/256k. The download isn't the problem, but my upload is only as much as 32kb/s. If I limit it to 10kb/s for seeding, I still can't load sites well. It's pretty terrible, I was told it's a problem with the ISP and how they have things setup, because I shouldn't be having this problem at all.

WTF is the AirForce responsible for this?
By ninjit on 5/13/2008 2:10:28 PM , Rating: 2
I see no reason at all why the Air-Force should be the ones in charge of this - it doesn't make any sense.

There's already a branch of the government dedicated to IT intelligence, the NSA, they should be handling this.

If the Military feel like they must be involved, start a separate cyber-warfare division.

Having the Air-Force in charge of internet defense makes as much sense as nominating Dr. Seuss for chairman of the federal reserve!

By Donkeyshins on 5/13/2008 2:26:03 PM , Rating: 2
Probably because this command falls under the rubric of NORAD - if you look up the AFCYBER logo, it looks virtually identical to the old SAC (Strategic Air Command) emblem.


SAC Logo:

By Reclaimer77 on 5/14/2008 1:02:15 AM , Rating: 2
Dude didn't you watch War Games ??

Fire up the USAF W.H.O.P.E.R.

By Ensoph42 on 5/13/2008 10:11:05 AM , Rating: 2
Huh... the more sadistic side of me would think it might be fun to voluntarily join a botnet. Just so long as everythings done over the table and I have a nice client with spiffy stats to look at.

RE: Botting@Home
By Quiescent on 5/13/2008 10:13:46 AM , Rating: 1
Don't forget that most likely for a botnet, people can actually take things such as your personal information and the serial keys to your legitimate copy of Windows. Botnets are not only used for DdoS attacks, but to farm information.

RE: Botting@Home
By Ensoph42 on 5/13/2008 10:18:56 AM , Rating: 2
Not forgetting that, I'm specifically referring to if the American Military developed a botnet and asked for civilian volunteers. I would hope it wouldn't be taking my personal data.

And they have it already anyway.

By Lord 666 on 5/13/2008 10:20:14 AM , Rating: 5
Skynet wasn't in the hardware itself, but in combination of the massive parallel use of personal computers everywhere when the system became self-aware.

A Terminator picture is called for on this one.

Puts on tinfoil hat...
By Golgatha on 5/13/2008 2:26:09 PM , Rating: 5
Coming to the latest patch for America's Army?!

Colonels don't make policy.
By Reclaimer77 on 5/13/2008 12:49:54 PM , Rating: 2
I think we're all jumping the gun here.

He goes on to suggest that the military should consider infecting civilian machines with trojans, making them potential zombies, should the need for the botnet's use arise.

With all due respect to Colonel Williamson, military men are trained to respond to threats and situations in a very linear and direct approach with maximum effectivenes. While I think this is a quality to be praised, there is a reason we are not a police state.

While this solution might seem like the most effective and simple, installing sleeper trojans on civilian PC's with or without their permission is simply out of the question. For a wide variety of reasons. A military man like Col. Williamson would weigh these against the threat China posses and might consider them acceptable measures. But again, civilians and law makers see things differently.

I see this as nothing more than a Colonel using his freedom of speech to publish an idea in a magazine. Colonels, however, don't set policies in the military or the government. Lets just all take a step back and realize this report for what it is, and not make too much out of it :)

RE: Colonels don't make policy.
By snownpaint on 5/13/2008 4:32:49 PM , Rating: 2
sometimes direct and simple are best. Especially, when dealing with almost unlimited resources.. remember the Govt is not like a private company.. They do not have to worry about economic feasibility or profits vs costs.

By bobsmith1492 on 5/13/2008 10:59:53 AM , Rating: 2
"attacks as simple as simple (...) attacks as well as..."

volenteer yes, infecting? no way!
By tastyratz on 5/13/2008 11:31:14 AM , Rating: 2
if they wanted to talk about a volunteer software botnet that would be 1 thing, but a trojan to infect people like a virus and use their machines unauthorized? That just doesn't fly for me. I would take a mandatory enrollment for all internet users in the country long before a sneaky virus infection from dubya

What If I could get paid??
By Vertex112 on 5/13/2008 12:42:43 PM , Rating: 2
What if you already had a fairly large botnet?? I would imagine the military wanting to use your already existing network, and even pay for it.

Otherwise, If The military where distributing trojans, They would be seeing a Massive amount of critisism.


Hummm.. BOTI @ HOME
By snownpaint on 5/13/2008 4:05:53 PM , Rating: 2
I would be all for it.. As long as I can choice which machine runs this, maybe only as a screen saver (like SETI@home).. If they wanted to make a big CPU cluster in some underground bunker (you know, where they store the Ark of the Convenient) I could donate some PCs for the cause.

I'm kind of surprised that the Air Force is dealing with this. I would have thought it would have been NSA, CIA, HLS, "Section 2Z" or even the Army.

Also, what about using their own ammo against them. Taking over the bots to attack the controllers. Or setting up Bot networks in other countries to call upon when needed. Use up their compute cycles and B/W. Iran, Lebanon, France, Venezuela, Cuba, Estonia and China..

Stupid name
By on 5/14/2008 4:38:11 AM , Rating: 2
the Air Force Cyber Command (AFCYBER)?

Eh hem....the chAirForce.

Potential to be used against us?
By 7Enigma on 5/15/2008 7:41:48 AM , Rating: 2
So what's to stop a hacker (located either in or out of the US) to take this over and use it against us. Is there REALLY a foolproof way to make sure all of these computers only obey the "true" master? I'd be more scared of us starting a huge network of zombies like this only to have some 17yr old genius from either China or the US have some fun....

I don't like it one bit.

"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki