When You Put The Military In Charge of 'Cyberdefense', Don't Be Surprised They Want To Go On The Offensive
from the uh,-we're-going-to-need-lots-of-bombs dept
A US Air Force officer says that America should build a military botnet and go on the offensive, so the system acts as a deterrent against future attacks. Who would be attacked? According to the BBC, "he argues that if a computer owner has failed to use anti-virus software and install the latest security patches, that machine may be a legitimate military target." Wow. So not having anti-virus software makes it okay for the military to attack any computer? Why stop there? Why not just blow the thing up, if it is indeed a "legitimate military target"? If these are the sorts of strategies that the military sees for cybersecurity -- which the officer has called "carpet bombing in cyberspace" -- perhaps we'd be better off with somebody else heading up the efforts.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cyberdefense, hacking, military target, offense
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
And again, from what I understand, the really good "hackers" work for the NSA.
[ link to this | view in chronology ]
Re: Re:
Who would you bet on?
[ link to this | view in chronology ]
Re: Re:
Who would you bet on?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
As a former member of the US Navy, this should read "screen door on submarine"
[ link to this | view in chronology ]
Re:
See the problem is the military looks at everything in, well, a *military* manner. They're supposed to. As such, they'll handle things in line of that kind of thinking. It is all perfectly logical and right.
But that is the problem some people don't realize, but the founding fathers of the US did. You do NOT want the military running things as they'll look at everything in their own narrow way. This is why, in theory, the military is controlled by a civilian whom the people elect out of trust.
Please note I mean no disrespect to the military. I actually like the military. There is something to be said about practicality and they have it in bags. But once this kind of escalation starts it doesn't stop until the system breaks down and the Internet is too powerful of a tool for humanity in general for us to let that happen.
We've created something very amazing that increases our survivability (as a species) exponentially. With it, I have faith that we'll eventually be able to unite and expand our civilization both physically from this world, and well I suppose you could say spiritually though that's not entirely what I mean.
The point I'm trying to make was put very well by Bruce Willis' character in the Siege: The military is a broadsword. It has one purpose and it is not subtle about it. Don't draw it without intending to use it, and don't let it control you as it is YOUR tool, not the other way around. If the military wants to go on the offensive, they can wait until a FORMAL declaration of war has been made.
[ link to this | view in chronology ]
Re: Re:
Regardless of what happens--should a large portion of the internet be "destroyed" I believe the public reaction would be the much like what happens when water/electric/telephone services are disrupted. In short, we'd rebuild.
[ link to this | view in chronology ]
Volunteer Army
[ link to this | view in chronology ]
Re: Volunteer Army
[ link to this | view in chronology ]
Re: Re: Volunteer Army
[ link to this | view in chronology ]
Re: Volunteer Army
I think what you are referring to is called China.
[ link to this | view in chronology ]
Re: Volunteer Army
The idea that a botnet using DDOS attacks would even be beneficial is ass-backwards. The Col. seems well-intended but not well informed.
He says that we must abandon a fortress mentality, and then he proposes tactics based on a fortress mentality.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
My advice to the Millitary would be to scrap the idea and start innovating rather than trying to imitate the criminals...
[ link to this | view in chronology ]
Unreasonable Seizure?
[ link to this | view in chronology ]
Re: Unreasonable Seizure?
Personally, I like the idea of a volunteer army of computers. They could even pay a few bucks a month for it. If they could get, say, 10,000,000 signed on that would be a heck of a botnet. If war ever broke out they could even do a "draft" and require everyone to put the software on at least one PC in their home.
[ link to this | view in chronology ]
Re: Re: Unreasonable Seizure?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Get your updates
Lazy bastards...
[ link to this | view in chronology ]
SCARRY!
[ link to this | view in chronology ]
We don't allow unsafe, poorly maintained cars on our roads nor do we allow unsafe planes to fly our skies. So why should we allow poorly maintained, vulnerable computers on our internet infrastructure? The internet is vital part of our infrastructure. We can no longer take a laize-faire approach to dealing with rogue software.
We have the capability of identifying infected and vulnerable hardware on our networks. We should be more proactive in blocking infected devices from public networks. Granted, the methods available aren't 100% effective nor do they need to be. You only need to effective enough to make malware unprofitable and more risky.
[ link to this | view in chronology ]
Re: #17
No thanks.
In my view, it would only take one proxxied ip address, and the military takes control of some foreign national's computer and you are talking an act of WAR.
On another note, You are talking about the military blocking systems that have malware. So teh military is going to clandestinely install software to restrict a machines access, because the machine has software already that is restricting access. So effectively, you are replacing one malware with a government sanctioned malware?
Once you start giving away your freedom, it will only stop when you have none.
[ link to this | view in chronology ]
Re: Re: #17
The Internet is global. The infrastructure is physical and exists where it is. So, by definition, infrastructure within the US is "our" infrastructure," especially when it is taxpayer subsidized.
Not that I am agreeing with the plan proposed. A requirement of protecting your computer in order to have Internet access may be necessary in the near future. Having the military attack without warrant is not, however.
"...so you are effectively wanting to place one country's military in charge of a global infrastructure?"
No, not really. In most cases, the IP address will tell you if a computer is within the US. If some dumbass overseas decides to spoof a US IP in this situation, that's his problem.
"We don't allow unsafe, poorly maintained cars on our roads nor do we allow unsafe planes to fly our skies. "
No, but the military does not blow up, or even confiscate, unsafe cars and planes (unless the planes violate military airspace). A court of law handles the situation and hands out a fine.
[ link to this | view in chronology ]
Re: Re: Re: #17
Depends on the country. I think you meant to say they don't blow up unsafe cars/planes in the USA, though some theories on the 4th 9/11 plane might disagree w/you.
[ link to this | view in chronology ]
Re: Re: Re: #17
[ link to this | view in chronology ]
Re:
Because people don't die when a PC* isn't properly maintained.
* meaning something sitting on someone's desk, no need to talk about nuclear control systems, hospital computers, aircraft control computers, etc.
[ link to this | view in chronology ]
Laughable
Also, any retard who has even a few brain cells dedicated to computer smarts doesn't get viruses, and only uses an anti-virus in the most extreme cases and when a problem is known. With the advent of internet-based virus scans that use a repository of multiple virus databases, there really isn't a need for an anti-virus for personal use anymore in my opinion. Corporate networks should have them to protect against stupid employees who don't know anything. But you should be allowed to install what you see fit on your own system. Going "carpet bombing" on the internet against private citizens is a ridiculous idea.
[ link to this | view in chronology ]
Sensationalize much?
Secondly, the clarification that this summary doesn't include is that the COL only discussed viewing a PC as a miltary target when that PC was actually "attacking" the DOD computer system. Basically, if the PC was either being actively used (read: someone sitting at the keyboard) to attack the DOD network or it was part of a botnet that was attacking the network.
That's a lot different than, "any computer without AV and updates can be a military target." Especially since this is just one COL's opinion.
[ link to this | view in chronology ]
conficker anyone?
my theory is that it is a "for hire" botnet, and just hasn't gotten much business yet.
he also noted how researchers have been impressed with it's command and control system and it's ability to propagate and evade detection in spite of the fact that MS has produced a fix for it.
his conspiracy theory is that conficker is the product of some US government/military thinktank for use as some sort of attack fleet. he suspects the NSA or DARPA.
it has all of the ingredients of your classic conspiracy theory (unanswered questions, blaming the usual suspects, etc.) but you have to wonder if there isn't some truth to it.
[ link to this | view in chronology ]
"speaking in a personal capacity"
Note that this was merely one colonel specifically "speaking in a personal capacity". He no more represents the DoD's position than does some mid-level manager in MS get to determine their software strategy.
I'm working with the Navy on IT policy, and I can tell you that any time someone in a meeting edges up to something like trying to control the Internet (in whole or part), they get quickly swatted down.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I always wanted
Maybe the US government trying to create it's own malware would be reason enough for some white hat with actual programing skills to create this. You know, help prevent possible international incidents and help millions of people at the same time.
[ link to this | view in chronology ]
Re: I always wanted
[ link to this | view in chronology ]
Just how much can you really do with cyberspace?
In fact, unless your own internal hardware is infected on a large scale just turning off the internet would do the most good. It happend way back when the RPC bug was going around (which shut down our internet for a week back in 2002ish).
The problem is china or korea or whoever else with physical access to the fiber could do the same thing, ONOOOS the US is attacking our Puters! get an axe!
Someone has been watching Hackerz a few to many times.
[ link to this | view in chronology ]
Its quite simple Private...
[ link to this | view in chronology ]
Re: Its quite simple Private...
[ link to this | view in chronology ]
The article
Read the article fellas. He makes a proper argument that warfare nowadays could easily involve who can keep their information systems running more effeciently than the other guy.
[ link to this | view in chronology ]
I have an antivirus. It's called "Unix." I'm sick and tired of people telling me I need another one. I don't need that bull that I can override the security with my password. You can override an antivirus without a password.
But now we pick on the military. We couldn't pick on something like bankers or insurance companies. No, we have to pick on the military. Whatever, have your fun.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Think Local Act Global
[ link to this | view in chronology ]
I thought it was the WORLD wide web...
Granted, I like my privacy WAAAAYYY too much to do anything but pull the plug if something like this really happens, but it's still scary that someone with little to no computer savvy (like most of Congress has proven itself to be or most of the higher ranking military officials - they're hell on a battlefield, but aren't really known for their computer expertise)will probably pass something like this without realizing the ramifications!
George Orwell, you were right - just a little off with the date.
Lady Grey
[ link to this | view in chronology ]
Read The Article
I makes some very valid points.
I find it very interesting that it was written by a USAF JAG Officer.
[ link to this | view in chronology ]
RTFA
[ link to this | view in chronology ]
Huh...
No thank you, sir. This is one officer's opinion. The military's network defense strategy will remain exactly that.
As always, I'm amazed at the number of people here who don't even think about a) the validity of the source and b) Techdirt's shameless slant and bias before letting loose with the textual diarrhea.
[ link to this | view in chronology ]
Anyone seen this before?
[ link to this | view in chronology ]
re: military in charge of cyberdefense?
[ link to this | view in chronology ]
Re: re: military in charge of cyberdefense?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Oh, and they don't eat ham, stupid.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Uh, doubter here. 100 years and we've been attacked on our soil twice...I'm going to call that a win, particularly since they're are questions in both instances (Pearl Harbor and 9/11) about WHO was attacking, and who ALLOWED the attacking. So yes, there are those of us that just don't see the threat.
"Lots of people are planning our demise and they don't seem to care about the rules we love to live by. We have war planning documents from the military officers of other countries that show plans for asymetric warfare -- attacking our infrastructures i.e. things that cause massive loss of lives when they fail... get it? So stopping their abiltiy to execute such plans seems like a reasonable response."
Lots of people? Who? And where are these documents describing planned attacks on our soil? Why haven't we seen them, if we truly have them? And don't give me that "you can't see them because of nat'l security" crap. You have them, then show them, or else you don't get to claim you have them.
"Oh, you don't like defending ourselves against sick evil killers who would kill and mutilate you and yours, then sit on your cold dead body and eat a ham sandwich? Shoulda guessed from the comments. You don't want to be defended and you don't want to defend. Interesting delima that will resolve itself in time, meaning you will change your mind if and when people you care about are hurt by the ones you pretend we don't need to stop"
I certainly can't speak for others, but a quick question: did you ever serve? I did, and nothing pissed me off more than people saying they loved what we did in Iraq and supported us. If you wanted to support us, you should have done something to get us the fuck back home (which, to their credit, the American people eventually did). So I DID defend, and it was a pointless endeavor, because we didn't FIX THE PROBLEM. All of this BS is going to continued until the Israel problem is solved one way or the other, end of story. Two state solution, letting them fight it out, holding Israel's feet to the fire about the humanitarian crises in Gaza, bitch slapping Syria/Egypt for their repeated bullshit...I don't know, but THAT'S the problem, not the scary boogie man created by the military industrial complex.
[ link to this | view in chronology ]
One Small Problem
[ link to this | view in chronology ]
Not quite...
[ link to this | view in chronology ]