backtop


Print 73 comment(s) - last by FaceMaster.. on May 21 at 3:25 PM

Sometimes the best defense is a good offense...

The online world is growing to be an increasingly dangerous place, with multiple national governments including Britain, the U.S., and India alleging that their systems are being regularly hacked and probed by Chinese nationalists.  These incidents are the sign of a growing trend and represent the increasing sentiment among military minds that the wars of the future will be waged heavily online.

In the era of online warfare, one of the most powerful attacks are brute force attacks using botnets.  These nets control thousands, or in theory, millions of online computers, remotely coordinating them to perform attacks as simple as simple distributed denial-of-service (DDoS) attacks as well as more sophisticated attacks.

The value of having a strong botnet is becoming readily apparent.  China already appears to have one, if U.S. intelligence is to be believed.  The U.S. is floating plans of building its own botnet to combat its enemies.  And it’s putting the idea out under the public eye to get feedback, as it prefers its actions be discovered sooner, rather than later for fear of public backlash.

Col. Charles W. Williamson III writes in the Armed Services Journal an article calling for the development of a botnet, using the American public's computers.  He wants the botnet to be placed under the U.S. Air Force's command.  The Air Force is becoming increasingly involved with online warfare, with the development of a new sub-branch of the Air Force, the Air Force Cyber Command (AFCYBER).  AFCYBER deals with a variety of online threats from rogue individuals to dangerous nationalists.

Many see the article as more of an announcement as opposed to a question.  Barring massive public feedback, it seems likely the U.S. military will pursue plans to develop a massive botnet for its offensive and defensive purposes.  Williamson raises a valid point that any fortress, digital or real-world, will eventually be penetrated by a determined invader.  He says the only viable solution is to develop and practice a considered offense.

He points out that cyber security circles agree with him on this point; most security experts realize that no method of data protection is currently foolproof.  By merely owning a credible offensive capability, Williamson believes many would-be attackers will be deterred.

How will the botnet be formed?  Williamson suggests first repurposing old military computers.  He goes on to suggest that the military should consider infecting civilian machines with trojans, making them potential zombies, should the need for the botnet's use arise.

Williamson concludes his ruminations on the botnet with an intriguing question.  If another country's civilian infrastructure is attacking our government or civilian infrastructure online, how can the U.S. delicately launch an attack against the attacking infrastructure?

Writes Williamson, "The biggest challenge will be political.  How does the US explain to its best friends that we had to shut down their computers? The best remedy for this is prevention. The US and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I'm all for it
By Rage187 on 5/13/2008 10:02:20 AM , Rating: 5
I'm too old for the military. Feel free to use my PCs against those commie bastards.




RE: I'm all for it
By MrBlastman on 5/13/2008 10:13:27 AM , Rating: 6
Ten Hut! Calling all computers to smack their bits up!

I can see it now, mandatory service in the United States Botnet Alliance - required for all digital citizens to enter into the realm of the online age. Please check your ethernet cables in at the door and hand over all encryption keys.

You're one of the corps now! If you witness an ANSI bomb, please, under all circumstances throw your hard drive on the bomb! You will spare your fellow technozens o-bit-eration! Soldiers, I will have no back-awk from you. This is a direct order!

Aim your ping floods at the whites of their 0's. 10010101101 in rapid succession. If you see a 00000007 do not trust this character! He is one of the enemy and you must report him to the collective Neighbor-net command post. PKA authorization be darned.

You are one of us now soldier, you are one of the corps!

About face, stand at the ready, aim, download!


RE: I'm all for it
By Sieger on 5/13/2008 10:56:29 AM , Rating: 2
This deserves a 6.


RE: I'm all for it
By therealnickdanger on 5/13/2008 11:42:05 AM , Rating: 5
We'd probably all need Patriot memory upgrades...


RE: I'm all for it
By Golgatha on 5/13/2008 2:18:15 PM , Rating: 5
Ready! Aim!.... Right Click!!!


RE: I'm all for it
By ceefka on 5/14/2008 6:48:57 AM , Rating: 2
Fighting@home


RE: I'm all for it
By sporr on 5/15/2008 3:04:28 AM , Rating: 2
Heh, if all the nations of the world just played a multiplayer game of CIV4 instead...


RE: I'm all for it
By Kazairl2 on 5/13/2008 11:08:38 PM , Rating: 5
Look for the following conversation to take place in the near future in thousands of homes in America: "Mom, Dad, I need a new quad-core processor. It's my patriotic duty!"


RE: I'm all for it
By goku on 5/14/2008 6:11:52 AM , Rating: 3
No, that's what the Killer NIC is for. The Killer NIC was released just in time for battle field of the future.


RE: I'm all for it
By winterspan on 5/14/2008 3:25:20 AM , Rating: 2
excellent... :)

On another note, couldn't they prevent this entire thing by keeping classified computers OFF THE DAMN INTERNET. I figured they military would wire their own damn fiber throughout the USA and use satellite communication for overseas stuff. Seriously, WTF? Do they have the nuclear control systems also hosting employee's personal blogs on Apache? ;)


RE: I'm all for it
By lompocus on 5/14/2008 10:31:35 PM , Rating: 2
I've always wondered about this, too.

Why do we have problems when we could just make a separate internet? Just lay down some new wiring.

At least, one would think its that easy.


RE: I'm all for it
By Tsunami982 on 5/13/2008 10:18:24 AM , Rating: 5
In principle I would be for this (its pretty obvious that we are vulnerable and this would be relatively simple yet practical defense), but what's to prevent the government from putting some sort of data mining program on their as well. If you consent to allowing the botnet on your computer... it could be argued that you are consenting to allow other associated code to be installed as well (fine print).


RE: I'm all for it
By Ensoph42 on 5/13/2008 10:31:36 AM , Rating: 5
I don't like the idea of the US Goverment "infecting" my machine any more than I like anyone infecting my machine. That being said, I'd volunteer for it allowing it behaved within the guildlines that I expect software to behave. i.e. I had to install it, I could uninstall it at any time, options to set how updates behave, and some type of reassurance that the software wasn't doing anything it shouldn't be. Even then I'd probably run it on a seperate machine on a limited account for a long time.


RE: I'm all for it
By MrBlastman on 5/13/2008 10:38:36 AM , Rating: 5
You think Folding @ Home is competitive..

Just imagine how competitive Hacking @ Home will be or Nuking @ Home will get.

The PS 3 - console today, military weapon tomorrow. Does this mean that you need to get a permit now to buy one?


RE: I'm all for it
By threepac3 on 5/13/2008 11:03:45 AM , Rating: 2
Nuke@Home


RE: I'm all for it
By Chapbass on 5/13/2008 5:02:48 PM , Rating: 3
I hope Darik's Boot and Nuke has some trademark rights on the name :P


RE: I'm all for it
By cheetah2k on 5/14/2008 1:48:17 AM , Rating: 2
I was thinking

FOLDING-CHINA @ HOME


RE: I'm all for it
By choadenstein on 5/14/2008 7:53:17 AM , Rating: 2
Close... but I would replace Folding with another popular F word.


RE: I'm all for it
By OrSin on 5/13/2008 2:51:44 PM , Rating: 2
My biggest problem is not them using my system. My problem is them losing control of it and someone else taking over the bot net. Sorry but the best and brightest in this field is not in Navy and any contracting out will have its holes. I can see the head lines now. Navy losing control of bot net and Destroyer fires on White house from VA naval yard.


RE: I'm all for it
By lightfoot on 5/13/2008 4:01:28 PM , Rating: 2
I wouldn't call a missile strike a DDoS attack. You seem to misunderstand the capabilities of such a network.

What prevents the Airforce (not the Navy) from having the best and brightest in the field of cybersecurity? Is McAfee or Symantec's or even Microsoft's budget comparable to the Airforce's - I doubt it.

If a hacker is considered a weapon-system, you can bet that the Airforce will find the budget to get them - if only to keep them out of the hands of the enemy.


RE: I'm all for it
By SilthDraeth on 5/13/2008 4:06:17 PM , Rating: 1
Where the heck did you get Navy from. Of course the best and the brightest are not in the Navy, they are in the Air Force, which is why the Air Force will have control.


RE: I'm all for it
By JonB on 5/14/2008 7:40:30 AM , Rating: 2
You must realize that Arrogance does not equate to "best and the brightest." The only group I know of (and I spent 8 years in the Navy) more arrogant than the average Air Force officer are "Naval Aviators" (who, of course, think they are all Top Guns!)


RE: I'm all for it
By bhieb on 5/13/2008 11:18:59 AM , Rating: 2
True and that would definately be a big concern, but if they do keep this above board, and make it a volunteer download rest assured it would be one of the most scrutinized pieces of software ever written. I'm sure there would be dozens of groups combing over the code to be sure it was not doing something it was not supposed to. You think the media reports everything that MS/Sony/(insert other company names) does that even remotely hints at private information gathering, the US government would be watched by WAY more people just hoping for a story to jump all over.


RE: I'm all for it
By TechIsGr8 on 5/13/08, Rating: 0
RE: I'm all for it
By Sethanus on 5/14/2008 4:09:42 AM , Rating: 2
Its not only law firms or media that would scrutinize this program (for privacy issues), Hackers would try to crack it, and there goes ur privacy, your money, and your nuke's.

A better idea is to download it onto most government computers, including servers and supercomputers, to increase its power (but that then exposes your govenment computers to agressors).

The best idea is to have a dedicated supercomputer/server farm to play offence and defence (and hopefully contain threats at the site - that includes taking and axe and cutting the internet connection).


RE: I'm all for it
By Polynikes on 5/13/2008 1:10:19 PM , Rating: 5
If this becomes mandatory we're gonna have a lot of pissed off people "breaking the law."

I'll be one of them.


RE: I'm all for it
By NEOCortex on 5/13/2008 12:04:13 PM , Rating: 2
Hope my computer won't have to go to Canada to escape the botnet war draft......


RE: I'm all for it
By MrBlastman on 5/13/2008 12:09:53 PM , Rating: 4
All deserters will have their heatpipes de-oiled and their power supplies cut. Those who partake in the Sparky S. Transistorman underground railroad will also have their SATA cables re-routed to their USB ports.

Heed this warning as a promise!... Else you'll be turned into a keychain bobble!


RE: I'm all for it
By FITCamaro on 5/13/2008 12:30:31 PM , Rating: 1
Bill Clinton's would beat yours there.


RE: I'm all for it
By FITCamaro on 5/13/2008 12:31:39 PM , Rating: 3
All jokes aside, I'm for it. Fight China botnet with botnet. Of course we can also just shut off their internet connection entirely considering we own it.


RE: I'm all for it
By HighWing on 5/13/2008 2:53:09 PM , Rating: 3
quote:
Of course we can also just shut off their internet connection entirely considering we own it.


That is the one thing I keep thinking about every time I hear about this. Now maybe not shutoff the entire internet, but when there is an attack coming, or your machine IS being attacked, why don't they ever just pull the net plug? I mean seriously, I could understand not wanting to unplug a server from the net because it would affect other legitimate users. However, if the current attack is slowing a machine down so much that no one can use it.... then dropping it from the net would only help by stopping all incoming traffic and thus preventing it from crashing which could cause even more problems. So why is this not done more often?


RE: I'm all for it
By therealnickdanger on 5/13/2008 3:32:24 PM , Rating: 2
^^^

You'd think we would at least be able to throttle overseas connections if we so chose... How hard would that be to do? I ask because I really don't know what's involved.


RE: I'm all for it
By lightfoot on 5/13/2008 4:06:28 PM , Rating: 3
Because Comcast isn't China's service provider.


RE: I'm all for it
By therealnickdanger on 5/13/2008 4:15:37 PM , Rating: 2
I was gonna say it... But seriously, you would think there is some sort of "spigot" at every juntion where undersea cables cross into our country - even satellites for that matter. Seems strange to me that the infastructure wouldn't have a physical, hardware-based method of doing this.


RE: I'm all for it
By croc on 5/13/2008 8:07:46 PM , Rating: 2
Just what part of the 'internet' does the US gov't. own? Last I checked, all of the undersea cables were privately owned, often by companies in other countries. One DNS root server is on US soil, but again is managed / owned by a corporation (Verisign, I believe).

So what is in the US gov't.'s control even?


RE: I'm all for it
By FITCamaro on 5/13/2008 9:38:20 PM , Rating: 2
I didn't mean the government. I meant major Internet backbones are owned by an American company. That undoubtedly has close ties to the US government. At least close enough that the UN wanted control turned over to them.


RE: I'm all for it
By lompocus on 5/14/2008 10:36:42 PM , Rating: 1
Turning anything over to the UN is like signing an execution warrant for it. It's fucked!

Then again, we own the little piece of land the UN is on, so we could just say "Do what we want or we deport you, accidentally misplace your papers, and have to dump you in the middle of the atlantic ocean"

Why don't we do the obvious?


RE: I'm all for it
By rudy on 5/13/2008 1:43:51 PM , Rating: 4
Why not just shut down access to of foriegn links. Reopen only to allies or those that also shut off the enemy. In fact I think that the US and any country should be doing this already. Give China a taste of what an internet embargo can do and they will shape up their act.


RE: I'm all for it
By lightfoot on 5/13/08, Rating: -1
RE: I'm all for it
By rippleyaliens on 5/13/2008 1:52:13 PM , Rating: 2
NOT I,
My fear is that if China, or whoever.. does an attack, that can take over the controlled BOTS.. Then where are we then?
My thoughts, would be to
1. Plant underwater demo- on internet pipes from China. (worst case, but highly effective if it came down to it)
2. Have our government on a national level, be able to block ALLLL traffic from an attacking country, (wether the rogue country military is doing it or some random idgets), just block ip's on the national router level
3. Spend the $$$$, and just hire 100 of the best hackers, give them a black bag budget, let them go to town on china..
fight fire with WATER HOSE!!!!,


RE: I'm all for it
By FaceMaster on 5/13/2008 4:27:39 PM , Rating: 2
All Americans are paranoid about communism. You're all brain-washed. And so is your Mum.


RE: I'm all for it
By Ensoph42 on 5/14/2008 10:42:25 AM , Rating: 2
...says the socialist who doesn't study history.


RE: I'm all for it
By FaceMaster on 5/20/2008 12:34:03 PM , Rating: 2
ACTUALLY the cold war was to blame on both the Americans and Russians, just as two people pointing guns at each other are equally responsible. You may think that you're right, but that's because you're American. Hey, I've solved the mystery!

Your Mum taught me lots of history last night, so I think I know what I'm talking about.


"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki