Overclock.net banner

[ARS] Preparing for cyber warfare: US Air Force floats botnet plan

1K views 24 replies 18 participants last post by  Mako 
#1 ·
By Jon Stokes | Published: May 12, 2008 - 08:30PM CT



Quote:
Back in the Cold War era, the military's plans for developing the next generation of war-fighting capabilities were always a closely guarded secret; programs for developing cutting-edge bombs and missiles were highly classified, and you certainly didn't need the public's permission to invent new ways to roast the enemy. But in the Internet era, the technical realities associated with carrying out cyber warfare on a largely civilian network infrastructure dictate that if you build a massive military botnet aimed at shutting down enemy networks with distributed denial-of-service (DDoS) attacks, then you can expect that the public will find out what you're up to sooner or later. And they may not be all that happy about it.

Hence articles like the one that Col. Charles W. Williamson III recently published in the Armed Services Journal (via Slashdot), wherein he tries to make the public case for a military botnet as a prelude to actually building such a beast and placing it under the Air Force's control. Williamson's article fleshes out a number of things that have been hinted at so far in the ongoing public relations offensive that has followed the official unveiling of the new Air Force Cyber Command (AFCYBER).

First, the mere fact of the article's existence suggests that the Air Force has decided that the ability to mount DDoS attacks is a major offensive ability that our enemies already have, and they definitely intend to close the gap. Indeed, a big part of the military's AFCYBER PR blitz has involved articles and interviews with officers who talk quite openly about need for offensive capabilities, but are reluctant to spell out exactly what those are. Seeing the case for DDoS capabilities made so explicitly and forcefully serves to flesh out the picture of what those offensive capabilities would look like.

So while the article presents the military botnet idea mainly as a proposal for something that the Air Force should consider, one gets the feeling on reading it that this is more of a "speak now, or forever hold your peace" type moment for anyone in the public who objects to the idea.

Second, Williamson makes a pretty decent case for the military botnet; his points are especially strong when he describes the inevitable failure of a purely defensive posture. Williamson argues that, like every fortress down through history that has eventually fallen to a determined invader, America's cyber defenses can never be strong enough to ward off all attacks. And here, Williamson is on solid infosec groundâ€"it's a truism in security circles that any electronic "fortress" that you build, whether it's intended to protect media files from unauthorized viewers or financial data from thieves, can eventually be breached with enough collective effort.

Given that cyber defenses are doomed to failure, Williamson argues that we need a credible cyber offensive capability to act as a deterrent against foreign attackers. I have a hard time disagreeing with this, but I'm still very uncomfortable with it, partly because it involves using civilian infrastructure for military ends.

A bigger concern centers on where the machines that will power the botnet will come from. Williamson suggests that old military computers can be repurposed as botnet drones, instead of being decommissioned. He also raises and rejects the possibility that the military would infect civilian machines with Trojans and turn them into zombies. I hope for all our sakes that the military has indeed rejected this option, but the fact that our enemies probably haven't rejected it suggests to me that the Air Force may be eyeing it as another "gap" that will need to be closed eventually.

Finally, Williamson raises the issue of the political ramifications of targeting another country's civilian network infrastructure if that infrastructure is being used to launch an attack on the US.

"The biggest challenge will be political," writes Williamson. "How does the US explain to its best friends that we had to shut down their computers? The best remedy for this is prevention. The US and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk."

It's probably no coincidence that this week will bring news of just such an international effort to combat cyberterrorism, but we'll have more on that Wednesday.
[SOURCE]

The new (Cyber)Cold War approaches!


The funny thing is I called this a while back... Just need to find that old post now.
 
See less See more
1
#2 ·
Even better than DoS attack.... The US has control of most of the DNS servers. We can just blacklist countries or IP ranges. This was done during the attack on Estonia where a few special people authorized blacking out IPs to help end the DoS.
 
#4 ·
Quote:

Originally Posted by DuckieHo View Post
Even better than DoS attack.... The US has control of most of the DNS servers. We can just blacklist countries or IP ranges. This was done during the attack on Estonia where a few special people authorized blacking out IPs to help end the DoS.
Don't bite the hand that feed's you.


I would especially be interested to hear about what sort of things the US has been doing to stop / counterattack the Chinese hacking that has been going on.
 
#5 ·
Quote:


Originally Posted by trueg50
View Post

Don't bite the hand that feed's you.


I would especially be interested to hear about what sort of things the US has been doing to stop / counterattack the Chinese hacking that has been going on.

We're not going to,we can learn alot about the Chinese methods and networks just by watching them come in and poke around. Why get them to stop when you can get valuable counter intelligence for the future.

But really, they should just recruit the chans as cyber shock troops, that amount of stupidity and blind fanaticism is enough collapse any network when aimed properly.
 
#6 ·
Quote:


Originally Posted by redfroth
View Post

We're not going to,we can learn alot about the Chinese methods and networks just by watching them come in and poke around. Why get them to stop when you can get valuable counter intelligence for the future.

But really, they should just recruit the chans as cyber shock troops, that amount of stupidity and blind fanaticism is enough collapse any network when aimed properly.


Very true.

Why not "Leak" info on Nvidia/ATI/Intel/AMD plans stored x or y server and just let the fanboys go wild?
 
#7 ·
Cyber warfare is't all that scary... That time when some Estonian servers were attacked only a few were completely down or on backup servers (
P.S. Estonia is one of the most "wired/wireless" countries in the world). There were reports that several bank sites were attacked, but still stood up to it. My favourit news site was down. I got a bit paranoyd and now i have 3 firewalls on my laptop. The attacks were just client connection spoofs which made the servers overload.
 
#10 ·
This isn't news to me...We have all known for years (or you should have if you are the kind of person who sits back every once in a while and thinks about things) that as we get more and more dependent upon technology that sooner or later it will become a problem. We have quite simply put all of our proverbial eggs in one basket. History shows us that often what appeared to be the most amazing eventually becomes something very terrible.

We have built our modern day society on technology which, as helpful as it is, could potentially lead to a complete collapse of society if tampered with.
 
#11 ·
Quote:


Originally Posted by Humanfactor
View Post

Cyber warfare is't all that scary... That time when some Estonian servers were attacked only a few were completely down or on backup servers (
P.S. Estonia is one of the most "wired/wireless" countries in the world). There were reports that several bank sites were attacked, but still stood up to it. My favourit news site was down. I got a bit paranoyd and now i have 3 firewalls on my laptop. The attacks were just client connection spoofs which made the servers overload.

3 firewalls? Doesn't that cause you massive problems due to conflicting?
 
#13 ·
No i doesn't (i've never thought of that). But all of them complete eachother + i have a Buffalo wireless router with an 11 digit WEP encription and a built in firewall so that makes up 4 firewalls!!!
I guess that for me it's safety first, second, third and fourth...
P.S. I am not that kind of a paranoyd freak you might think i am.
 
#14 ·
Quote:


Originally Posted by voice
View Post

3 firewalls? Doesn't that cause you massive problems due to conflicting?

Rarely. I think you may be thinking of conflicts between multiple DHCP allocations on the same network, which is usually only possible with routers that play nicely with multiple DHCP protocols.
 
#17 ·
Quote:


Originally Posted by Humanfactor
View Post

No i doesn't (i've never thought of that). But all of them complete eachother + i have a Buffalo wireless router with an 11 digit WEP encription and a built in firewall so that makes up 4 firewalls!!!
I guess that for me it's safety first, second, third and fourth...
P.S. I am not that kind of a paranoyd freak you might think i am.

Lol @ WEP, you should change to WPA2 and grab a full ASCII 63 character key from https://www.grc.com/passwords.htm if your serious.

As for the gov't conducting DDoS attacks, I'm sure if enacted it will be used to take down non-savory sites in the US and enforce police state philosophies, ect.
 
#18 ·
Quote:


Originally Posted by Humanfactor
View Post

Cyber warfare is't all that scary... That time when some Estonian servers were attacked only a few were completely down or on backup servers (
P.S. Estonia is one of the most "wired/wireless" countries in the world). There were reports that several bank sites were attacked, but still stood up to it. My favourit news site was down. I got a bit paranoyd and now i have 3 firewalls on my laptop. The attacks were just client connection spoofs which made the servers overload.

That's a very shortsighted view. Nothing major has ever happened in the cyber warfare front, but that absolutely does not mean that it is not threat. Every part of our economy, infrastructure, military, and every other facet of our lives is increasingly wired and increasingly dependent on the tubes. Computers are big juicy targets that will not go forever without organized, state-backed, malicious, devastating attacks. Malware aside, computers are used exclusively for peaceful purposes. How long can that really last?

Btw - using 3 firewalls is like using 3 condoms. It doesn't actually make you safer and makes it a pain in the *** to do your thing
 
#20 ·
This has severe 3rd amendment implications.

What is the definition of "peacetime" ?

Are bots considered soldiers? Are American's PC's considered houses? Regardless, the bot "soldiers" would be "quartered" in a PC within a house. I'd venture to say that if they do this without our consent, it's a severe 3rd amendment violation. The key is, in peacetime.

Technically we are "at war" right now, so they say. They could be infecting us, RIGHT NOW!!! Gaahhh!

I doubt this will happen to home PC's. The govt. would sooner turn to it's more powerful and trusting ally, Big Business. Satellite TV, POS systems (a huge potential bot housing, as they are all already connected online)

How does the NYSE system work? What protection do they have? Just even a single day down really really screws things up for us. This is more likely to happen than the govt. using civilian PC's for a botnet. They don't have to worry about the 3rd amendment with business, the FCC and Patriot Act could force it upon any business that uses connects remotely with another server.
 
#21 ·
Quote:


Originally Posted by MasterBillyQuizBoy
View Post

This has severe 3rd amendment implications.

What is the definition of "peacetime" ?

Are bots considered soldiers? Are American's PC's considered houses? Regardless, the bot "soldiers" would be "quartered" in a PC within a house. I'd venture to say that if they do this without our consent, it's a severe 3rd amendment violation. The key is, in peacetime.

Technically we are "at war" right now, so they say. They could be infecting us, RIGHT NOW!!! Gaahhh!

I doubt this will happen.


Bot's aren't soldiers since they are not autonomous. They are a tool. Now, is the government allowed to store a weapon in your home?
 
#22 ·
Quote:


Originally Posted by DuckieHo
View Post

Bot's aren't soldiers since they are not autonomous. They are a tool. Now, is the government allowed to store a weapon in your home?

I thought bots were autonomous, hence the name "bots" and "zombies"

You set em loose and they do their thing, like a virus? I'm no expert so correct me if I'm wrong.

The 3rd amendment says the govt. cannot force it's citizens to house soldiers in their homes during peacetime. I'm not sure about being forced to store weapons.

It's all semantics and whether or not we are at peace or war. James Madison probably never imagined anything like this. We probably need a cyber bill of rights or something.
 
#23 ·
Quote:


Originally Posted by MasterBillyQuizBoy
View Post

I thought bots were autonomous, hence the name "bots" and "zombies"

You set em loose and they do their thing, like a virus?

The 3rd amendment says the govt. cannot force it's citizens to house soldiers in their homes during peacetime. I'm not sure about being forced to store weapons.

It's all semantics and whether or not we are at peace or war. James Madison probably never imagined anything like this. We probably need a cyber bill of rights or something.

Zombies PCs and botnets are controlled by a master. The master directs them to do something. Some of these botnet owners sell their services to criminals. The criminals pay to utilize the thousands of PCs under the botnet owner's control.
 
#24 ·
Quote:


Originally Posted by DuckieHo
View Post

Zombies PCs and botnets are controlled by a master. The master directs them to do something. Some of these botnet owners sell their services to criminals. The criminals pay to utilize the thousands of PCs under the botnet owner's control.

Replace zombies and botnets with soldier, and master with General and you see the kind of semantics that tend to happen with this stuff. It's why making laws takes sooo long.

In any case, the US public would never go for this unless the lower 48 were physically under attack.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top