Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

USAF Considers Creation of Military Botnet

CmdrTaco posted more than 6 years ago | from the all-to-steal-wow-gold dept.

The Military 440

sowjetarschbajazzo writes "Air Force Col. Charles W. Williamson III believes that the United States military should maintain its own botnet, both as a deterrent towards those who would attempt to DDoS government networks, and an offensive weapon to be used against the networks of unfriendly nations, criminal groups, or terrorist organizations. "Some people would fear the possibility of botnet attacks on innocent parties. If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them." What does Slashdot think of this proposal?"

cancel ×

440 comments

Sorry! There are no comments related to the filter you selected.

We must defend ourselves (4, Insightful)

slackoon (997078) | more than 6 years ago | (#23379582)

I'm all for the theory that if you attack us we will defend ourselves. The "you" in that sentence does not matter, in other words, if an ant bites us we step on it, if a dog bites us, we kick it and if an enemy country uses pereonnal computers to attack us, we use botnet.

Re:We must defend ourselves (-1, Troll)

ShieldW0lf (601553) | more than 6 years ago | (#23379616)

I'm all for the theory that the USA should be placed under economic sanction and be cut off from the rest of the world to choke on their own spleen.

Insane (0)

Anonymous Coward | more than 6 years ago | (#23379894)

much?

Re:We must defend ourselves (3, Insightful)

gnick (1211984) | more than 6 years ago | (#23380006)

...if an ant bites us we step on it, if a dog bites us, we kick it...
I think you're over-simplifying. Your ant and dog are willing attackers. If civilians were volunteering their computers to participate in the attack, it's a no-brainer. In my opinion, civilians willingly participating in an attack are no longer civilians (military law and technical definition of "civilian" may differ - IANAL).

However, most botnets are assembled from compromised computers belonging to people who lack the sophistication to properly secure them. That's a more complex issue - Maybe we go ahead and nuke their computers anyway, but it deserves more consideration than stomping on a hostile ant.

Re:We must defend ourselves (5, Funny)

boyfaceddog (788041) | more than 6 years ago | (#23380138)

Do you even know what a Botnet is?

I can just hear the Pentagon tech-office now.

TECH GUY 1: "Hey, we go this guy here who WANTS us to infect his PC with that Botnet thingy"
TECH GUY 2: "Lemme check. [CLICKITY-CLICK] Nope, already got 'im"

I'm Suprised (5, Interesting)

zehaeva (1136559) | more than 6 years ago | (#23379586)

I'm Surprised that they are not doing this already. That begs the question, who's computers would host the bots? Patriotic Americans who allow the govt to install software on their machine to attack the enemy is all well and good but what happens when the alphabet soup figures out that the govt has software on most of America's PC's?

Re:I'm Suprised (5, Insightful)

gunnk (463227) | more than 6 years ago | (#23379640)

You hit the nail on the head!

A botnet's great strength is that it is dispersed. House it only on military computers and you cripple it. Put it "out there" in some form, though, and you risk having the CNC reverse engineered and the botnet might suddenly "belong" to someone else.

Bad idea.

Re:I'm Suprised (5, Interesting)

OeLeWaPpErKe (412765) | more than 6 years ago | (#23379778)

you risk having the CNC reverse engineered and the botnet might suddenly "belong" to someone else.

Only if you're stupid and use symmetric encryption. Such a problem would most certainly not manifest with a distributed public-key encrypted network. Obviously this is an area where even good organizations and intellient people have been known to have made utterly stupid mistakes.

But it is certainly possible to create an uncompromiseable botnet.

Actually, to be honest, I'm really surprised such a botnet doesn't exist already. Oh well, perhaps it's just one of the better hidden ones.

One thing bothers me about botnets though : they all seem to originate either in Russia or deep into China. Especially in China I find it very surprising that ip's closer to the command center of those botnets tend to trace deep inside China, and not to the coastal cities, where you'd expect the Chinese script kiddies to be.

So aren't we just kidding ourselves that other nations don't already have these ? Storm might very well be Putin's botnet.

Re:I'm Suprised (1)

Culture20 (968837) | more than 6 years ago | (#23380044)

The thing about this proposed botnet though, is that its control nexus can be known. Part of the other botnets is that the controller wants to remain anonymous. The U.S. military won't care about anonymity. I'm not perfectly sure what this means in terms of security of the CNC, but my gut feeling is that it should make some part of the system easier to design.

Re:I'm Suprised (2, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#23380218)

But it is certainly possible to create an uncompromiseable botnet.
<sarcasm type="heavy"> Right. Because there is such a thing as uncompriseable security.^lt;/sarcasm^gt;

Re:I'm Suprised (4, Insightful)

CastrTroy (595695) | more than 6 years ago | (#23380008)

The US military has bases all over the country, and even all over the world. Put 10-100 computers in at each military base to participate in the botnet, and you could probably have a pretty strong botnet.

Using bots in S.American countries (-1, Offtopic)

BadAnalogyGuy (945258) | more than 6 years ago | (#23379656)

There is a demonstration of bot infestation and parasite removal in this video at the Youtube. http://www.youtube.com/watch?v=23eimVLAQ2c [youtube.com]

This has got to be against Geneva Conventions.

Re:Using bots in S.American countries (5, Informative)

OeLeWaPpErKe (412765) | more than 6 years ago | (#23380174)

This has got to be against Geneva Conventions.
There is nothing in the Geneva conventions about computers. In fact except for the treatment of prisoners and civilians (and casualties) in war, there isn't anything in any of the conventions.

Did you know that they really don't protect civilians under "contemporary" conditions ? It specifically states that if "the enemy" (anyone whom you're at war with) does not clearly identify itself (which is defined to mean military bases OUTSIDE of population centers and CLEARLY uniformed troops) that civilians, enemy troops AND casualties are fair game ?

As in, if there is a faction using people as human shields, any army fighting them is completely within their rights to shoot all the human shields first. (think about what rights this theoretically gives Israel in fighting Gaza, they go above and beyond what Geneva requires of them, since a genocide in Gaza would be clearly within Israel's rights under the Geneva conventions)

Even in an open war a military is completely within their rights to let a civilian population starve. Everything except direct, unprovoked attacks is not the subject of the Geneva conventions.

The convention also CLEARLY states who gets to judge (obviously without possibility of appeal) whether the provisions of the Geneva conventions allow you to shoot a certain person : the field commander. His decision is final, and he gets to be judge, jury and executioner.

Besides, there isn't a single warring faction in the world today, except the United States (and Israel, Turkey and "maybe" China (insofar you call Tibet a war, besides I doubt you will find China respecting Geneva in Africa)), that even pretend to respect the Geneva conventions. E.g. hezbollah has declared upon multiple occasions that it doesn't, nor does it ever intend to (and then they say something about some prophet not respecting them as justification).

Lots of other warring parties don't respect Geneva : the islamist government of Sudan, Egypt (in it's south), Iran, Pakistan, ...

Never mind civilian computers being fair game. These conventions date from immediately after WWII (not that anyone really thinks Hitler would have respected them if they existed, in fact he would probably have used them to his advantage, but hey, one can hope, right ?)

Also let's not forget, article 29(3) of the Human Rights :

"(3) These rights and freedoms may in no case be exercised contrary to the purposes and principles of the United Nations."

In other words, anyone attempting to abolish the human rights treaty (one obvious party would be islamists) does not have any human rights.

In practice you will find provisions like that in just about any constitution, in constitutions as varied as both the US constitution and the Iranian one (you know the one that requires the state to execute gays).

Re:I'm Suprised (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23379662)

[quote]I'm Surprised that they are not doing this already.[/quote]

What makes you think they aren't?

Everyone said 'wow' when they made the stealth bomber public in '88, but they sat on it for eight years before telling anyone.

Re:I'm Suprised (3, Interesting)

blhack (921171) | more than 6 years ago | (#23379772)

Does anyone remember project Magic Lantern?

My guess would be that they already do, and have been doing, this for years.

And if they're not, do you know how much many computers $1 Billion buys? Now just a few of them in every data center you can find and slap a copy of the Patriot Act on the front. Tell anyone that if they go near them, or question what they are for you will shoot them on the spot. Also tell verizon, qwest, etc. that they have to provide you with bandwidth free of charge.

Re:I'm Suprised (5, Insightful)

apt142 (574425) | more than 6 years ago | (#23379754)

Why would they need to install them on civilian PC's? The US Gov't, unlike a lot of botnet creators, has a hell of a lot of funding. They could just buy a bunch of computers specifically for the task.

Or, they could just take every computer that is upgraded/rotated out of a federal government facility and set it aside for this job.

Or the US Gov't could just add a program to all of their active computers that relinquishes their idle time to the botnet. Sort of a militant version of Folding@home. (Civilians could even opt into this one.)

Or they could do all of the above. They wouldn't need to touch a civilian PC to get a formidable botnet.

Re:I'm Suprised (5, Informative)

hodet (620484) | more than 6 years ago | (#23379840)

Isn't the strength of a botnet that it controls systems behind millions of different broadband connections? It's not the number of PC's that matter but being able to use the sum of all bandwidth available behind a gazillion connections. If the military spreads their botnet on 100,000 systems behind 1000 networks then that wouldn't be very effective.

Re:I'm Suprised (2, Insightful)

peragrin (659227) | more than 6 years ago | (#23379946)

your quite correct but.

If you linked up the FBI, CIA,and DHS windows computers you would have a pretty wide network. your not talking about a single point, your talking tens of thousands.

Re:I'm Suprised (3, Insightful)

gnick (1211984) | more than 6 years ago | (#23380108)

If you linked up the FBI, CIA,and DHS windows computers you would have a pretty wide network...
...with easily determined IP-blocks that can be easily black-listed. Hell, PeerGuardian [phoenixlabs.org] would do a pretty decent job defending against that without even having to get fancy.

Re:I'm Suprised (2, Interesting)

zehaeva (1136559) | more than 6 years ago | (#23380030)

It would be more formidable with civilian computers, I would imagine that most govt computer systems are going through choke points to limit attack vectors. That should mean limited attack vectors out as well. You would get more distributed with civilian computer systems.

Re:I'm Suprised (1)

apt142 (574425) | more than 6 years ago | (#23380256)

Yeah, you would. What's to stop the US Gov't from tying into those civilian networks? The government already has a relationship to a number of ISPs for purposes of wiretapping and packet sniffing. What sort of agreements, financial or political, would have to be made to allow them to slip in their computers?

Tin foil hats reasons aside, I don't think many ISP's would think twice at a chance to help the military.

Re:I'm Suprised (5, Funny)

nizo (81281) | more than 6 years ago | (#23379756)

Maybe they could outsource it?

Re:I'm Suprised (5, Insightful)

iminplaya (723125) | more than 6 years ago | (#23379888)

Patriotic Americans who allow the govt to install software on their machine to attack the enemy is all well and good...

And it makes the civilian population a legitimate military target. A little like hiding the missiles in the churches.

Re:I'm Suprised (1)

mi (197448) | more than 6 years ago | (#23380242)

And it makes the civilian population a legitimate military target.

No more so, than allowing a military commander to use your phone — or refrigerator. Your premises get "upgraded" from being "civilian" to "dual use", but none of America's real enemies today care for that fancy legal distinction anyway.

A little like hiding the missiles in the churches.

Not quite, not quite...

Re:I'm Suprised (4, Insightful)

QuantumRiff (120817) | more than 6 years ago | (#23379910)

Wouldn't it just be easier to "accidentally" anchor some navy ships in the wrong spot, and sever many of the connections to the area. We learned this last winter that you don't need to cut off areas, just make their working links so oversaturated that they are essentially worthless.

Now we know (1)

Shivetya (243324) | more than 6 years ago | (#23380034)

what this push for "America's Army" was all about.

Re:I'm Suprised (2, Funny)

Anonymous Coward | more than 6 years ago | (#23380078)

Does that mean my computer can get a purple heart from being a causality during the internet wars?

Wait What? (1)

Bryansix (761547) | more than 6 years ago | (#23379592)

Wait What?

If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them.
Wouldn't this work both ways? Wouldn't the USAF be doing the same thing?

Re:Wait What? (2, Insightful)

chalkyj (927554) | more than 6 years ago | (#23379642)

What makes them think that botnet will be made up of computers located in some other country in the first place? As I remember, a massive proportion of infected computers in existing botnets are in the US. Quick, lets attack our own computers!

Hmm? (5, Insightful)

Kingrames (858416) | more than 6 years ago | (#23379596)

No good can come of this.

A botnet is like a disease. Not a bomb. Deliberately infecting your own computers is a horrible idea.

And this is why the military never works with... (4, Insightful)

localroger (258128) | more than 6 years ago | (#23379732)

...disease pathogens. Oh wait...

The path... (2, Insightful)

FrankSchwab (675585) | more than 6 years ago | (#23379608)

Let's see...
It's a military necessity to have a botnet...so it will become my patriotic duty to allow their malware to reside on my machine. AV will be modified to not report it's existence. I will have no control or knowledge of what it's doing, or what it's reporting.

Then, those in charge of the program will complain that the citizen's computers are "unreliable" - they get turned off, are filled with competing malware, etc. So they will let a contract to Grumman or Lockheed for 10 million computers, to be scattered across the country/world as dedicated US Militarty Botnet computers, at, say, 10,000 dollars apiece. Due to specification changes, additional missions, etc., cost ovveruns will push the cost to 100,000 dollars apiece. The Congress will get involved, and will reduce the number of computers to buy to 10,000, will add additional missions and capabilities, and the per-unit cost will climb to $1,000,000. Five years later, the program will be cancelled.

And, still, the government malware will reside on my machine.

Re:The path... (5, Informative)

CogDissident (951207) | more than 6 years ago | (#23379712)

Read the article. And don't mod people insightful before reading the article yourselves!

It specifically states, in no uncertain terms that they will only use USAF computers for this. And that it will be a way to use retired computers from other sections of the government that would normally be slated for destruction.

Re:The path... (1)

Gordonjcp (186804) | more than 6 years ago | (#23380146)

It specifically states, in no uncertain terms that they will only use USAF computers for this.

Yeah, that sounds like a good idea. Watch how with a single rule the whole of the USAF network gets nullrouted from the rest of the world.

Protect your computer; change the government (0)

Anonymous Coward | more than 6 years ago | (#23379810)

The Metagovernment [metagovernment.org] project is replacing traditional governments with a DRCS. No botnets necessary.

Re:The path... (0)

Anonymous Coward | more than 6 years ago | (#23380022)

You obviously have spent some time in or around the military....right on the money!

New laws (2, Interesting)

pvt_medic (715692) | more than 6 years ago | (#23379612)

Sounds like the Geneva convention needs to be updated to include technological attacks.

reminds me of the NSA backdoor.. (5, Funny)

gbjbaanb (229885) | more than 6 years ago | (#23379624)

You have 4 windows updates to install:

Security hotfix for XML services KB0453456
Security hotfix for Windows
Microsoft Silverlight
US DoD anti-terrorist cyberwarfare battle attack bot v3.1

Do you think they really wouldn't do it?

Re:reminds me of the NSA backdoor.. (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23379796)

I was just thinking of something like that. It would be interesting to see someone use a Third Amendment [wikipedia.org] defense against this...

Search for Sarah Connor? (2, Funny)

Anonymous Coward | more than 6 years ago | (#23379650)

One day this botnet will become self-aware...

lol (5, Funny)

Anonymous Coward | more than 6 years ago | (#23379660)

We must not allow a botnet gap!!

Which country would that be again? (5, Insightful)

Ice Tiger (10883) | more than 6 years ago | (#23379668)

"If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them"

It might be found that the enemy botnet just doesn't respect political borders and will be using machines within ones own country. What happens then?

Re:Which country would that be again? (1)

oodaloop (1229816) | more than 6 years ago | (#23379816)

Which country? That would be China, my friend. DoD gets thousands of attacks from China a day and they've trainined millions in various forms of cyber warfare. We are already at cyberwar with China. If botnets are our defense, I say fire em up.

Re:Which country would that be again? (1)

Sir.Cracked (140212) | more than 6 years ago | (#23380254)

Does it really matter? So, say it's some stateless, even goal-less entity that just wants to cause chaos. It doesn't really matter, they attack us, we have to defend ourselves. It doesn't matter if that's on a computer network or in a jungle. And in a military context, defending yourself includes several offensive options.

In Vietnam, do you think guys in the jungle gave a damn if the guy they couldn't see who shot at them was Vietnamese Army, Viet Cong, or just some farmer firing at him? No, offensive action got taken against a military unit, and they have a tendency to return such aggression in kind. Often multiplied. Would it matter even if it was some American who had gone rouge or been brainwashed to attack others? Not really. A shame that you'd had to inflict a casualty on a countryman, but when you are under attack, you tend to return fire. You can contemplate the identity of the attacker afterward, but one must always remember it's only hindsight that's 20/20.

What?! No skynet tag??! (3, Interesting)

Immerial (1093103) | more than 6 years ago | (#23379670)

Somebody needs to correct this! It's even the Air Force, just like in movies.

The flaw in that logic.. (2, Interesting)

spiffmastercow (1001386) | more than 6 years ago | (#23379672)

..is that creating a botnet is a fundamentally offensive tactic. If you're compromising computers to use for "defensive purposes", then you're launching a preemptive attack, which would make the US the aggressor. Unless you think somehow you're going to convince me to put your crappy malware on my machine, in which case you're sadly mistaken.

" The U.S. will perform the same..." (2)

neuromanc3r (1119631) | more than 6 years ago | (#23379674)

The U.S. will perform the same target preparation as for traditional targets
I wonder why that doesn't seem the least bit reassuring to me...

Must.. Not.. Troll.. Ahhhhh (2, Interesting)

EdIII (1114411) | more than 6 years ago | (#23379676)

So.. Ummm... Does this mean that Microsoft has retroactively become a military "equipment" provider?

Ahhh.. That felt good. Mod away :)

where can i get some (5, Interesting)

FudRucker (866063) | more than 6 years ago | (#23379686)

if China or Iran or some other enemy country wants to attack the USA and the US government wants to start a botnet let me know i have 2 PCs on 24/7/365 on cable broadband, i will volunteer my PCs to work for the US Government as part of a botnet, Bush may not be my favorite president but i am still an American and know what side my bread is buttered on (just make a Linux version too)...

Re:where can i get some (1)

cryptodan (1098165) | more than 6 years ago | (#23379760)

if China or Iran or some other enemy country wants to attack the USA and the US government wants to start a botnet let me know i have 2 PCs on 24/7/365 on cable broadband, i will volunteer my PCs to work for the US Government as part of a botnet, Bush may not be my favorite president but i am still an American and know what side my bread is buttered on (just make a Linux version too)...
I would too, and would build a more powerful computer to support the cause as well. Mac Pro with Dual Quad Core Xeons anyone?

Re:where can i get some (5, Funny)

nizo (81281) | more than 6 years ago | (#23379806)

You think Comcast had a cow about downloading movies, just wait until they see the traffic our government botnet generates.

Re:where can i get some (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23379812)

Wake up from that jingoist rubbish. Botnets can't 'defeat' each other. The bandwidth used in the attack comes out of OUR infrastructure as well as theirs. The idea is nothing but fucking stupid and would do nothing but harm to everyone. Nobody wins.

Inaccurate Title (5, Funny)

hoshino (790390) | more than 6 years ago | (#23379698)

"USAF Considers Creation of Military Botnet"?

The views expressed here are the authorâ(TM)s own and do not necessarily reflect those of the Air Force or Defense Department.
Me: I like vanilla ice cream
Slashdot: Internet Ranks Vanilla as the Best Ice Cream Flavour Ever

Re:Inaccurate Title (0, Offtopic)

retupmoca (932711) | more than 6 years ago | (#23379890)

Me: I like vanilla ice cream
Slashdot: Internet Ranks Vanilla as the Best Ice Cream Flavour Ever
Woo-Hoo!

*runs off to buy vanilla ice cream*

This is great... (0)

gowen (141411) | more than 6 years ago | (#23379714)

If this goes ahead, I guarantee the next US spammer in court will claim that possession of a botnet is covered by his 2nd Amendment rights.

Incidentally, why doesn't the 2nd Amendment apply to tactical thermonuclear weapons?

terrible idea (0)

Anonymous Coward | more than 6 years ago | (#23379720)

Anyone who would trust the US government with its own botnet is insane.

Every day we learn more details of how it has absolutely no problem deceiving the public and generally acting like immoral scum to get what it wants with no repercussions. Take your pick from a very brief list: FBI misuse of NSLs, warrantless wiretapping, politically-motivated firing of career employees, illegal wars of aggression to make rich people richer while lots of poor people on both sides get killed, etc. etc.

And every other day there is another serious incident that brings into question their ability to manage the simplest IT-related tasks, like the laptop thefts and buying chinese knockoff routers infested with who knows what.

So yeah, let's let those immoral morons operate a botnet. That is an excellent idea.

Net Neutrality? (1)

i_ate_god (899684) | more than 6 years ago | (#23379734)

No wonder Net Neutrality is such a hot topic. If the military wants this I'm sure they will expect full bandwidth for their bo

He is NOT proposing the use of malware (4, Informative)

The Iso (1088207) | more than 6 years ago | (#23379740)

The U.S. would not, and need not, infect unwitting computers as zombies. We can build enough power over time from our own resources.

Rob Kaufman, of the Air Force Information Operations Center, suggests mounting botnet code on the Air Force's high-speed intrusion-detection systems. Defensively, that allows a quick response by directly linking our counterattack to the system that detects an incoming attack. The systems also have enough processing speed and communication capacity to handle large amounts of traffic.

Next, in what is truly the most inventive part of this concept, Lt. Chris Tollinger of the Air Force Intelligence, Surveillance and Reconnaissance Agency envisions continually capturing the thousands of computers the Air Force would normally discard every year for technology refresh, removing the power-hungry and heat-inducing hard drives, replacing them with low-power flash drives, then installing them in any available space every Air Force base can find. Even though those computers may no longer be sufficiently powerful to work for our people, individual machines need not be cutting-edge because the network as a whole can create massive power.

Use embedded devices (1)

hbr (556774) | more than 6 years ago | (#23379924)

I think you would be nuts to bother with old hardware.

You can probably make simple TCP/IP devices for less than $5-10 a piece that would consume hardly any power. Embedded, low-power, low-footprint devices, which you can mass-produce.

Not sure how you manage to distribute these around the internet though - I expect this is where most of the cost would lie.

Re:He is NOT proposing the use of malware (1)

travdaddy (527149) | more than 6 years ago | (#23380010)

Because botnet sounds WAY COOLER and FIERCE than distributed computing!

Re:He is NOT proposing the use of malware (0)

Anonymous Coward | more than 6 years ago | (#23380068)

He's also an idiot, half of the usefulness of a botnet is its distributed nature. The "most inventive part of this concept" of loading up the airforce bases with tons of botnet computers just ends up choking on it's own bottlenecks.

hmmm (1)

ZenDragon (1205104) | more than 6 years ago | (#23379742)

As another poster stated; Im surprised they are not doing this already. I could see the benefit of this from the military standpoint. Were I a person with the power to make a decision to do such a thing I would have done so a long time ago, as it would infinitely increases my technical capability for reasons previously stated. If they can, they should, use every available method at their disposal within their own infrastructure to gain an advantage.

However, this kind of thing should be limited to only military PCs. If the idea here is to create bots out of ordinary civilian PC's, the results could only be disastrous. It would be susceptible to poisoning and a multitude of other types of attacks. The first thing I thought of after reading this was, Skynet from the Terminator movies.

kdp (1)

kdp007 (1089941) | more than 6 years ago | (#23379750)

How will they deal with Linux users? Arrest us for daring to use a non-conformist O/S? Demand that all systems use Windows by a set date (oh, how Bill G. would dance at that one)? It boggles the mind...

Re:kdp (1)

milesje (1164875) | more than 6 years ago | (#23380164)

What does this have to do with linux users??? Did you not read the artical. This botnet will ONLY be install on US Mil. computer systems, NOT on CIVILIAN computers!!!! I wish for once people would read the artical before they make some suped remark on here. And yes a botnet can be writen to be run on Linux, they arn't only because windows is run on over 90% of the worlds computers, and right at 99% of computers in the U.S.

'Collateral Damage' (1)

Stanistani (808333) | more than 6 years ago | (#23379752)

... If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them.
So... if the enemy is using civilian computers in our country... will the USAF still take them out?

What if these computers (in our country or another, third country) are running critical infrastructure? Or are essential to a hospital, school, or business?

Re:'Collateral Damage' (0)

Anonymous Coward | more than 6 years ago | (#23380050)

If a business running a critical machine lets their machine become part of a botnet, then if it gets taken down they kind of have it coming. They should have some sort of security measure in place to prevent things like that...

So this official government botnet (1)

localroger (258128) | more than 6 years ago | (#23379780)

...would it be illegal to take anti-botnet measures, such as running rootkit revealer on your own machine and wiping the infection? Or would that get you swimming lessons at Gitmo?

How do we defend ourselves if... (3, Interesting)

meisenst (104896) | more than 6 years ago | (#23379784)

... the government decides to turn this botnet against the civilian population in some way?

I mean, at some point (if I recall correctly, I am not American, I am Canadian), there were laws created saying that Americans have the right to arm themselves in case their government turns against them. Does that include the case of computer warfare?

What would happen in the case of other countries that this botnet could be used against? Would that be considered an act of war?

Re:How do we defend ourselves if... (0)

Anonymous Coward | more than 6 years ago | (#23380160)

Yes, with totalitarian regimes building nuclear weapons, Islamic terrorists trying to fight holy war, and various ex-communist superpowers gaining in influence, surely the biggest threat we have to worry about is our government suddenly deciding to DOS our internets.

Re:How do we defend ourselves if... (0)

Anonymous Coward | more than 6 years ago | (#23380214)

there were laws created saying that Americans have the right to arm themselves in case their government turns against them.

That law must have been repealed by the Civil War.

Historical Perspective (5, Insightful)

nick_davison (217681) | more than 6 years ago | (#23379802)

"But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians."
Remember that much celebrated tea party in, where was it, Boston? The one where none of the protagonists war uniforms or abided by the laws of armed conflict and then slipped back in to the public masses? The one where, today, the U.S. would classify them as illegal combatants and deny them access to any legal protection?

The one where the superior military, that could crush its opposition anywhere they stood and fought, couldn't defeat an army that kept slipping in to the countryside?

The one where the "evil" greater power could be demonised every time they caused collateral damage or took reprisals on the people the weaker force hid behind?

The one where the great general George Washington brilliantly used geurilla tactics to make up for never having more than 17,000 men in the field at any one time?

The one where, soon after winning its largely guerilla war, they wrote the second ammendment to their constitution to enshrine the right to that kind of combat?

The one where the larger but distant power regarded the attacks on its own holdings as terrorism - the term just wasn't widely used yet?

It's ironic that a nation formed on, and celebrating in its constitution, the principles of armed insurrection, guerilla warfare and terrorism when it was the weaker power gets its panties in such a collective bunch when people do exactly the same thing that worked so well for it back again.

Remember: If you win and you're powerful enough to write the history, it's noble. If you lose, it's evil terrorism. Until it's decided, which one it's viewed as simply depends on which side you're on.

Re:Historical Perspective (1)

Lord_Frederick (642312) | more than 6 years ago | (#23380194)

This really shouldn't be modded troll. On a sidenote, I've always wondered how the history of the Revolutionary War is taught in the UK.

Why don't they (0)

Anonymous Coward | more than 6 years ago | (#23379836)

Just infect the computers of enemy governments...that should bear the brunt of it.

It goes without saying (1)

davide marney (231845) | more than 6 years ago | (#23379852)

... that the only way to fight a network is with another network. Do they really have any other choice?

just who is this enemy?? (0)

Anonymous Coward | more than 6 years ago | (#23379864)

is it "belligerents"? Does that mean American citizens who are unhappy with the present state of things or current administration? Members of a certain political party? How do you differentiate between a real enemy and someone who accidentally fits the profile? How do you control abuse of this?

Hoisted by their own petard! (2, Insightful)

^_^x (178540) | more than 6 years ago | (#23379870)

Given their track record, once the botnet comes online I give them three months tops before someone else hijacks it and uses it to drop US gov't websites just to show them it can be done. Watch as they scramble to bring even more offensive capabilities online in response to the demonstration.

Hahaha... welcome to the digital cold war.

But can the US win? (4, Insightful)

AmiMoJo (196126) | more than 6 years ago | (#23379874)

In a traditional war, the idea is that the US could win by having a larger, better equipped and high tech army. Of course, it doesn't always work in places like Iraq or Afghanistan, but that's the theory.

On the internet, small groups of individuals can wield as much power as the US armed forces could hope to. Massive botnets are hardly new.

Also, how exactly would targeting infected civilian PCs help? The first 'D' in DDOS stands for "distributed", i.e. blasting PCs off the internet one at a time isn't going to help much.

Re:But can the US win? (2, Insightful)

eagl (86459) | more than 6 years ago | (#23380080)

Dismantling botnet clients is one possible use of a military botnet. Assume a hostile botnet has 1,000,000 computers, and 100,000 military computers are used. That means each military botnet client only has to disable 10 hostile clients. And the military clients are behind generally robust firewalls making counterattacks difficult without first compromising the entire .mil infrastructure.

Go for it (1)

eagl (86459) | more than 6 years ago | (#23379906)

I don't seem to have much sympathy for people who's computers have been compromised any more than I have sympathy for drunk or reckless drivers who get into car accidents.

It would be nice if the response would be to either remotely eradicate botnets through antivirus or other "friendly" measures, and at least it would be nice if the response gave the user some clue why their computer no longer works. Something like a blue screen with the message "your computer was compromised and was part of botnet [insert identifier here]. You must re-install your operating system to fix this problem" would be the least I'd hope for...

As for starting their own military botnet... That seems to be FUD. They're talking mostly about taking down adversary botnets both at the server and client levels, which means taking down individual computers that have been compromised.

Re:Go for it (2, Informative)

eagl (86459) | more than 6 years ago | (#23379974)

To clarify - the "military botnet" in the article uses computers owned by the military, not unsuspecting civilian computers. That's the FUD part, people equating botnet with the computers of unsuspecting people who aren't competent enough to protect their computers from compromise.

Uh, guys... (3, Funny)

fuzzyfuzzyfungus (1223518) | more than 6 years ago | (#23379942)

Even if true, the assurance that all the usual standards will be upheld in choosing targets to attack just isn't all that reassuring. Building a botnet means attacking systems. Lots and lots of them. In order to be effective, a botnet has to be widely distributed and scattered amidst legitimate systems, otherwise you can just ignore it. Building a botnet would mean compromising a metric fuckload(possibly an imperial fuckload, depending on the department and contractor in question) of individual and business machines. Using domestic computers for this purpose had better be illegal, and even if it isn't, tolerating vulnerabilities in domestic systems just to build a botnet is lousy security policy. I suspect that our allies would not be happy to hear about us trying it on their citizens and our enemies might well raise a serious diplomatic stink about it.

Knowing us, of course, we'll probably take the even less palatable option and hire scummy contractors and subcontractors to do it. How could a DoD/Raytheon/Ukrainian Mob joint venture with a giant black budget possibly go wrong?

Idiot (0)

Anonymous Coward | more than 6 years ago | (#23379988)

This is stupid, and appears to be illegal. It is outright malicious and a bluntly obvious invasion of privacy. I'll dig up some research for you if you want, but do I really need to?

Did Microsoft put you up to this?

Don't be silly... (4, Insightful)

FrankSchwab (675585) | more than 6 years ago | (#23379994)

A botnet succeeds in DDOS because it's able to leverage the bandwidth of 10's or 100's of ISPs to overwhelm the resources of the 1 ISP or server that a site is hosted on.

For a US Military operation, you wouldn't bring the headache of maintaining 1,000,000 crappy old PCs stuffed in unused closets to bear on the problem. You'd build big machines, and you'd locate them on major backbone networks. When it came time to bring a little DDOS to bear on the enemy, you would have your big machine fire packets. It could spoof IP addresses as it wished; it could use yours, and you wouldn't even know it!

No one other than the technicians on the backbone could tell the difference between this and a hacker's botnet. But it would at the same time be much larger scale, cost more, and be theoretically more efficient - all positives in the military contracting arena.

Mod parent up. (3, Insightful)

khasim (1285) | more than 6 years ago | (#23380248)

Yep, that's the logical way to do it.

The problem is that this is an illogical response. What are they going to actually do with this patriotic attack system? DDoS a zombie? A few zombies? A hundred zombies?

At some point, the battle becomes worse than the attack. The attacker has thousands (hundreds of thousands? a million?) zombies. What use is "attacking" them like this?

I'd enroll all my boxes in a citizen based bot-net (2, Interesting)

idommp (134503) | more than 6 years ago | (#23380024)

We could build a voluntary enrollment bot net that could be loaned to the government in time of crisis. Other times we could use it for basic research or rent it out for LEGAL super computer use.
It might also come in handy for keeping our own government under our control in case some over zealous patriot gets their hands on the military's control equipment.

How long would it take? (2, Funny)

jmcwork (564008) | more than 6 years ago | (#23380046)

How long would it take to design and deploy something like this as a government driven project. Maybe if they would write it in Ada....

Well since no one else will say it... (1, Informative)

swordgeek (112599) | more than 6 years ago | (#23380056)

This is absolutely the definition of a weapon of mass destruction.

"If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us."

In other words, there will be massive civilian collateral damage that we can't control. It's the electronic equivalent of nuclear, chemical, or biological warfare. How wonderful.

Bill Joy's excellent (albeit dystopian) article "Why the future doesn't need us" talked about this. He said "Thus we have the possibility not just of weapons of mass destruction but of knowledge-enabled mass destruction (KMD), this destructiveness hugely amplified by the power of self-replication." He also pointed out that unlike NBC warfare, the tools required for KMD aren't large, expensive, or hard to get. You need a plant to build a nuclear bomb. You need a good lab to create chemical or biological weapons. You need a cheap computer and a minor internet connection to create a knowledge-based weapon, i.e. a botnet.

It's crap. The international community needs to get together and stop this nonsense before they 'try it out' a few times. With strong international laws and buy-in, they'd also have a better chance at fighting the Russian crime gangs responsible for the existing botnets.

Identifying the attackers? (2, Interesting)

Dekortage (697532) | more than 6 years ago | (#23380082)

It seems like the author wants to run a legal botnot from military computers around the world, as a way to respond to attacks. That's fine, but since criminal botnets are distributed among computers around the world, some of the attacking computers will be from allied countries. Heck, some of them may be the very same military computers that are part of our botnet. The author writes about attackers spoofing IPs to appear to come from friendlies, but what if the computer is actually a friendly that has been zombied? That's where other "intelligence" sources comes in, I suppose, but I am skeptical that the attacker could be accurately identified quickly enough.

What do I think of this? (2, Insightful)

Glock27 (446276) | more than 6 years ago | (#23380086)

Army and Navy will want botnets too! Seriously, cyber warfare will be a big issue of two high-tech countries ever go to war against each other again... ;-)

Useless with only 50 gateways (1)

dongola7 (698011) | more than 6 years ago | (#23380088)

Wouldn't this be rather useless when all of those bots are behind only one of the fifty government gateways? Can you say bottleneck? http://news.slashdot.org/article.pl?sid=08/04/20/1217259 [slashdot.org]

Enlist only US computers? (2, Informative)

chiph (523845) | more than 6 years ago | (#23380116)

How will they ensure that they're only enlisting US-based computers?
The geo-location algorithms are only so accurate.

Chip H.

Cue international funding for net cafés (1)

Dekortage (697532) | more than 6 years ago | (#23380124)

Next up: USAID -- the United States Agency for International Development -- will begin funding for Internet cafes in developing countries. "Really, we are only trying to advance their economic and technological potential!"

Hmm... can you install a bot zombie on an OLPC?

Alternatively (1)

Xeth (614132) | more than 6 years ago | (#23380148)

Wouldn't it just be easier to install this sort of thing directly at outgoing US cables? Instead of pumping a bunch of crap across the domestic lines, why not just spew it at the border?

why? (0)

Anonymous Coward | more than 6 years ago | (#23380180)

why a botnet? surely people here and the people incharge realise that a "botnet" the way mischivous people do it.. is dumb..

If they want to make a distributed computer system for making this type of attach.. the government could easily design a computer for this specific purpose and distribute them to isp or at least major network choak points and do a lot more efficent/usefull attack/counter attack.

Leave it to the government to fuck up the internet (2, Interesting)

Durdenator (1288094) | more than 6 years ago | (#23380188)

The next thing you know its going to be the Nato-net and the Comu-net.

Since Military Intelligence is an Oxymoron... (2, Insightful)

ctdownunder (816383) | more than 6 years ago | (#23380220)

What sane person would even think of letting our military (but god bless the soldiers, wave the flag now, sing the anthem etc...) -or any other acronym based "service/agency" for that matter- do something so dangerous to the common U.S. citizen John Q. Public?

Why don't we just let the government blatantly spy on us, arrest us without warrants? Or make a mockery of our constitution? Ohhh sh.. wait they already did and are! If the people have the government they deserve. It seems that "we the people" are not very smart!

Our new arms race..... (1)

postbigbang (761081) | more than 6 years ago | (#23380250)

Yeah, let's ratchet this one up. They have bots, now we must have bots. Our bots will be better than their bots. Our bots will wreak havoc on their stuff.

Next will be mutually-assured folder deletion, e-commerce tracking (we must find terrorists, after all, will be the mantra), and the military's machines will crawl to a halt because the bots will take over the CPU strokes in the machines.

I can see a command that governs bot defense and blocks at NAP points. Otherwise, it's another arms race.

T3? (2, Funny)

WoodburyMan (1288090) | more than 6 years ago | (#23380252)

Whoever decided this DID NOT see Terminator 3.... Skynet = large botnet! It will turn on us!! AHH

Democracy and the volunteer Army (2, Insightful)

mlwmohawk (801821) | more than 6 years ago | (#23380262)

Hey, while I think the current administration is repugnant and creates military enemies out of greed, and regards government and the military as nothing but a means to a financial end, I have to say I still think the military fights for the nation, and sometimes, must follow a corrupt president to prevent constitutional destruction. Honor our troups and all. I agree with it. These guys do their duty regardless of the ahole in the whitehouse sending them heaven knows where to fight for oil.

That being said, China, Iran, etc. have nothing on patriotic americans. Americans will do what they think is right and good for the country when ever asked to do so. The current problems with the U.S.A. are about what "right and good" are, not about whether or not to do it.

We don't need a botnet. Just tell america why it "right and good" to do something, put proper protections and limitations in it to ensure that the wrong people don't exploit your patriotism and it will happen.

I know that is naive, but part of me still believes that America has a noble streak that lately has been obscured by corporate greed.

I'm for it. (0)

Anonymous Coward | more than 6 years ago | (#23380272)

In the interest of national security, I'm for it.

I don't mind my ISP going down in the event the USAF Botnet takes down an attack from China or whoever.

In case you all haven't kept tabs on China, they're up to all sorts of no good and we should all be prepared for the worse.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>