Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Cyber Command Wants Greater Attack Mentality

Zonk posted about 6 years ago | from the cyber-decker-hacker-commands dept.

The Military 257

superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Fantastic (5, Insightful)

OldFish (1229566) | about 6 years ago | (#22942064)

I think they should start out small by going after spammers all over the world. Just think of the positive publicity!

Re:Fantastic (4, Funny)

Farmer Tim (530755) | about 6 years ago | (#22942142)

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.

Re:Fantastic (3, Funny)

Naughty Bob (1004174) | about 6 years ago | (#22942216)

With that "a bigger bang resulting in collateral damage" line, I thought this guy was a spammer.
No, he'd just had one too many glasses of grain alcohol and rain water.

Re:Fantastic (2, Interesting)

syphax (189065) | about 6 years ago | (#22942680)

Too good [imdb.com] a reference [imdb.com] to be left unexplained [filmsite.org].

I can no longer sit back and allow Communist infiltration, Communist indoctrination, Communist subversion and the international Communist conspiracy to sap and impurify all of our precious bodily fluids.

Actually.... (0)

Anonymous Coward | about 6 years ago | (#22942152)

They should be going after spammers and hiring them. Large, distributed, easily controllable botnets seem to fit their specifications perfectly.

Re:Fantastic (0)

zappepcs (820751) | about 6 years ago | (#22942214)

What? Iran is over there with all those 'nucular' weapons stuff and we haven't hacked into their computer systems yet? oh, ok, that's what those cable cuts were for... hmmmm

Right hand, meet left hand.... Translation: We've been spying on other countries and shit, and someone is about to blow the whistle because:

A - We didn't tell anyone about stuff we found out; like Bin Laden has been ordering room service from a certain hotel in Riyadh. Or... Iranian officials are calling their spies in China to tell them to hurry up with the plans for nuclear weapons, we need them to back up the saber rattling.

B - Someone hacked our spying systems and is about to tell the world how we planned the 9/11 attacks so we really need to create a cyber-threat reason to bomb the bajesus out of them.

An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen, or have happened and we are about to find out about them.

A pre-emptive defense is something like a firewall and NOT something like launching cyber attacks on likely future suspects.

A good defense is a strong offense, unless you are defending yourself from other people's rights.

Truth in Naming (4, Insightful)

Original Replica (908688) | about 6 years ago | (#22942938)

An attack mentality from an organization called Cyber Defense Command can only mean bad things are about to happen

The organization is call Cyber Defense Command for a reason, because they know that they should be "defending". If they were honest in their naming then perhaps it would be call Cyber Attack Command. Hmmm, I wonder what other countries would think of that.... It's probably the same reason that our Department of Defense isn't call the Department of Preemptive Strikes. It was called The Department of War until 1947. I know some here will say "the best defense is a good offense", but when you have organizations with "an attack mentality" they will always find someone and some reason to attack. War without End.

Re:Fantastic (4, Insightful)

s_p_oneil (795792) | about 6 years ago | (#22942422)

Not spammers, bot nets (which often generate spam). Taking down malicious and devious programs like the Storm network would help remove an existing threat and would help them brush up on both offensive and defensive tactics.

Re:Fantastic (1)

Tanman (90298) | about 6 years ago | (#22942454)

See, I think you were trying to be cute. However, fact of the matter is that covert foreign operations probably already utilize botnets and spam as a tool to gain untraceable entries into American systems. There is another reply to this story joking about "hello citizen, install this government stuff blah blah blah PS PPS PPPS PPPPS..." -- but people already got these emails. They just aren't from our government, and the people don't know they have them. Eventually, our cyber division will have to handle this issue.

A great opportunity awaits. (0)

Anonymous Coward | about 6 years ago | (#22942628)

Spammer sends viagra ad to .mil email address.

Cybercommand retaliates against forged sender address's domain.

China launches missile strikes against US targets to halt destruction of its telecommunications infrastructure.

World War III ensues.


Re:Fantastic (1, Interesting)

mistermiyagi (1086749) | about 6 years ago | (#22942682)

Kind of related

I have been trying to figure out the easiest and most transparent way to close down botnets and the only thing I could think of was to write a "virus"-like patch that uses the already open door that the botnets use to infiltrate the infected machines and then have them automatically close the doors and send them selves around just like worms do now.

Kind of a Helpful worm "infecting" the net with happy healing and all that crap.

I figure that like all connected things you need to have an Auto-immune system that cleans the net as new vulnerabilities are discovered. Since people cannot be relied upon to protect themselves the white hats ( who have the skills required to create these immunizations ) could be like med-techs making shots for the network. The people who are infected get healed and don't even know that they were sick in the first place.

But I'm not that cool ( and by cool I mean I can't code my way out of a wet paper bag )

Cyber?? (3, Funny)

NeutronCowboy (896098) | about 6 years ago | (#22942086)

This is exploiting cyber to achieve our objectives.

I'm sorry, what? All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????" into his chat field. I have no idea how to exploit cybering to achieve military objectives. Maybe they want to paralyze the target's networks by getting all lonely teenagers to respond to mass cyber requests?

Re:Cyber?? (0)

Anonymous Coward | about 6 years ago | (#22942162)

Good idea, bad execution.

Re:Cyber?? (3, Insightful)

trb (8509) | about 6 years ago | (#22942238)

All I can picture is a pimply teenager sitting in front a flickering screen, typing "Wanna cyber????"

You can only picture a teenager because for you, the implicit noun modified by cyber- is sex - arguably the default focus of a teen's attention. For the military, the implicit noun is war - that is the default focus of their attention. It is clear that cyber- is an adjective prefix that indicates computation. What it means when the noun is implied is in the mind of the beholder.

Re:Cyber?? (0)

Anonymous Coward | about 6 years ago | (#22942408)

Going by the subject of the article the implicit noun would be Air Force Cyber Command (AFCYBER), which would be shortened form AFCYBER, to cyber. Cyber is the noun it's part of the name of the command the article is about.

Thanks for playing though.

Re:Cyber?? (1)

trb (8509) | about 6 years ago | (#22942722)

Cyber is the noun it's part of the name of the command the article is about.

I think that's tenuous. When an adjective is part of a name, that doesn't make it a noun. In the name "the White House," White is part of the name, but it's still an adjective, not a noun.

In the article, and in the name of the organization, cyber a shorthand for cyber-warfare. When they say "Cyber Command," it's not the command that's cyber, it's the warfare. And even if they are using cyber as a noun, they are intending "cyber warfare." Of course, teens use it as a verb.

Re:Cyber?? (1)

PapaSmurph (249554) | about 6 years ago | (#22942880)

To quote Wikipedia [wikipedia.org]:

Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. The term originates in science fiction [wikipedia.org], where it also includes various kinds of virtual reality [wikipedia.org] experienced by deeply immersed computer users or by entities who exist inside computer systems.
Cyber here refers to the use of the entire EM spectrum.

Just what we need (5, Insightful)

Anonymous Coward | about 6 years ago | (#22942088)

Could the US have any more of an "attack mentality" than it already does?

Re:Just what we need (2, Funny)

ohzero (525786) | about 6 years ago | (#22942176)

I've discussed with them, and we've all decided that we're just going to start dropping the new DHB (dozen hippie bombs) on hostile nations. The only question is.. what will we do with all the surplus dreadlocks?

Re:Just what we need (1, Insightful)

moderatorrater (1095745) | about 6 years ago | (#22942232)

How clever. An AC has thoughtlessly blasted the US's foreign policy and gotten modded up. In the past 10 years the US has initiated 2 military actions against foreign powers. Compare this to Germany in WWI or WWII or to Japan in WWII. Compare this to Russia after WWII. Compare this to almost any other large, powerful nation at the height of its power. In comparison, the US is quite benevolent.

There's the counter argument that the US should be better than that, though, and I agree. The US shouldn't just be the greatest nation in terms of military power, it should strive to be the most moral nation in the world. However, criticizing someone for trying to hit the mark and missing is more counter-productive than congratulating them for getting so close.

Re:Just what we need (0, Insightful)

Anonymous Coward | about 6 years ago | (#22942256)

2 overt military actions. The USA, via the CIA, has been covertly funding terrorists in many countries, including rich first-world ones like Ireland (helps keep the British busy).

Re:Just what we need (5, Informative)

jayveekay (735967) | about 6 years ago | (#22942326)

"In the past 10 years the US has initiated 2 military actions against foreign powers."

Off the top of my head, I can think of 4:

1998: US launches cruise missiles at Sudan and Afghanistan
1999: US launches airstrikes against Yugoslavia to get it out of Kosovo
2001: US provides air support to forces in Afghanistan to overthrow the Taliban
2003: US invades Iraq

Re:Just what we need (4, Informative)

jonnythan (79727) | about 6 years ago | (#22942738)

NATO is not the US.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942906)

NATO is not the US.

The reverse, is also true. Despite what Shrub tries to tell us.

Re:Just what we need (3, Informative)

Marcika (1003625) | about 6 years ago | (#22942926)

Well, the US makes up 75% of the NATO forces (by budget) and both strategic commanders of NATO are Americans by law (SACEUR and SACLANT), so nothing happens in NATO against the will of the US. The primary decision maker about any NATO bombing campaign is always first and foremost the White House/the Pentagon.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22943026)

NATO is not the US.

This is true, but it is also true that the forces in Iraq are under Coalition authority and those in Afghanistan are under the Coalition/NATO banner.
Nearly all wars are prosecuted between sets of allies, this does not prevent us from saying that a state itself is conducting operations.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942772)

Off the top of my head, I can think of 4:

Don't forget about me!
2007: U.S. provides close air support and naval bombardment to assist the Ethiopian invasion of Somalia.

Re:Just what we need (2, Interesting)

ElizabethGreene (1185405) | about 6 years ago | (#22942366)

2? Just 2? We are actively nation building in 12 countries right now. Nation building is done by peacekeepers and peacekeeping is done by soldiers. Soldiers on the ground in another country with guns, getting shot at = ? ...


Re:Just what we need (-1, Flamebait)

Anonymous Coward | about 6 years ago | (#22942588)

oh.. and we haven't been hit with any terrorists attacks since 9/11... hmm.. I guess that's just coincidence.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942688)

We haven't been hit by any terrorist attacks because we have instituted the 2 most effective safety measures against them:
1) Locking the cockpit doors.
2) Throwing so much money in pointless wars that we've devalued our currency, double our inflation rate, lost our military strength, weakened our strangle-hold on oil distribution, and lost our status as the #1 world power, and thrown out democracy. Why attack a sinking ship?

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942596)

Wow, we aren't as big assholes as Nazi Germany or Imperial Japan. That makes the evil we do ok then. If I don't kill as many people as Ted Bundy that must make me a saint. How did you come up with the number 2 anyway? Are you saying we get 2 wars of aggression every 10 years? I can't imagine why the rest of the world is sick of us.

Guess again (0)

Anonymous Coward | about 6 years ago | (#22942676)

2 military actions?? 2 WARS perhaps, but military actions doesn't pass the laugh test.

Granted this is a mixed and incomplete list, these are also only the "actions" we know about:
http://en.wikipedia.org/wiki/List_of_United_States_military_history_events#2000-_present [wikipedia.org]

Don't go telling me that the DoD maintains SEAL teams, Delta teams and other various special forces groups and their very expensive delivery methods (*cough*Virginiaclass*cough*) without an ongoing need to conduct "military actions against foreign powers".

Argue the right of the United States to do what they do all you want, that it is done is beyond question.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942962)

Compare this to Germany in WWI or WWII
By beating the be-better-than-mass-murdering-dictatorial-states test, the US has earned a gold star!

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942618)

Could the US have any more of an "attack mentality" than it already does?

Hardly. Just today on the Drudge Report, there's a piece about the the ACLU going after these same bloody fucks for making an end run around legal provisions forbidding them from engaging in domestic surveillance. They have limited authority to do so. According to unredacted documents pried loose under the FOIA, they have been "asking" their always-compliant co-conspirators at the FBI to issue National Security Letters to gather such information, which is then "shared" back to the mil-fux who initiated the requests.

Re:Just what we need (0)

Anonymous Coward | about 6 years ago | (#22942842)

this is right out of the script of Enders Game series? Hire the kids, train them up, turn them loose? cool.

As silly as it sounds, (1)

Ethanol-fueled (1125189) | about 6 years ago | (#22942116)

Glad to hear that they're bringing "cyber(please excuse the prefix ;)--attacks" out into the open. Hopefully this will lead to a cyber-Geneva Conventions, causing glorified hacking contests to replace bang-boom wars. Just that'd be a shame if some rogue nation hacked some nuclear plant's coolant pumps.

Translation (2, Funny)

Verteiron (224042) | about 6 years ago | (#22942128)

If I run nmap -A on the Cyber Command website, they want to be able to make my head explode in retaliation. With "cyber".

Re:Translation (3, Insightful)

mmkkbb (816035) | about 6 years ago | (#22942264)

You misunderstand. "Collateral damage" means they want to kill your whole family too.

Re:Translation (1)

peragrin (659227) | about 6 years ago | (#22942470)

Well they will get his IP, and then his address from his ISP. A cruise missile to those coordinates would be a simple response.

Use Satellite video feed to see when all the cars registered to said person are parked in the driveway.

The big trick is I don't see that much cooperation in the Government.

Hello Citizen (5, Funny)

RichMan (8097) | about 6 years ago | (#22942144)

Hello US Citizen,

Your ISP has identified you as subscribing to a connection with >1Mbs upload speed. A recent top-secret national security bill requires all citizens with such bandwidth to become part of the national defense infrastructure. Attached to this email you will find an application. Install it. It will self register with homeland defense and be available for defense of the homeland should the need arise.

Thank you for your cooperation.

PS: you have 1 week to register or you will be added to the terrorism watch list and will be subject to extreme rendition if needed.
PPS: we can't show you the bill, this is top-secret national defense stuff.
PPPS: if you are thinking of decompiling or interfering with the operation of this software, see PS:
PPPPS: yes this is MS windows Vista only software. Don't have Vista, see PS:

Re:Hello Citizen (1)

Unlikely_Hero (900172) | about 6 years ago | (#22942212)

If they did that I'd smile I'd smile, and then give them a /very/ broken honeypot. Perhaps it will hurt rather than help their efforts.
Then again...if they're putting it all on windows vista to begin with they've set up the honeypot for me.

Re:Hello Citizen (1)

Mattsson (105422) | about 6 years ago | (#22943044)

As a side-point, I think that use of the word "Defense" is used really wrong in a lot of cases.
Offensive forces and actions should never be labeled with defense.
For one example, nuclear weapons isn't a defensive weapon, it's purely an offensive one.
A force that mainly operate in military (non-peacekeeping) operations outside their own nations borders is an offensive force, not a defensive force.
Money that goes into those operations should be labeled "offense budged", not "defense budget", so that the public can different between how much their government pour into defending themselves vs attacking others.

IPS? (1, Funny)

ohzero (525786) | about 6 years ago | (#22942148)

Active heuristic-based IPS in lieu of firewalling would likely provide the flexibility for outgoing attacks and incoming responses without just blindly blocking important traffic. Ok, problem solved. My rate for providing advice to the military is $1.7m per second, which I believe falls into the regular GSA schedule. Payment due immediately.

Re:IPS? (4, Funny)

db32 (862117) | about 6 years ago | (#22942266)

No problem, we will be sending you the bill shortly. The taxes on this work will be calculated at $1.8m per second. We look forward to receiving your payment in a timely manner. -- IRS

Great... (3, Insightful)

Unlikely_Hero (900172) | about 6 years ago | (#22942166)

This is just what we need. Perhaps if things had been properly defended in the first place there wouldn't be so much of a need for the "Cyber Command" in the first place. Or, here's another idea, perhaps critically important systems

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is.

I can't wait until it's "you're on our side of the internet or you're on their side!!"

Every time a government, or especially its military, does something stupid in regards to the internet, I feel the strong need to drink.

Re:Great... (0)

Anonymous Coward | about 6 years ago | (#22942290)

Are you out of your mind?! Who would work somewhere where you can't check Facebook? Only people who would not have any other opportunities. For cybercommand we need the brightest. I say, screw it,keep the Internet and use more nukes.

Re:Great... (0)

Anonymous Coward | about 6 years ago | (#22942364)

I dont get the bias I see in posts like this that basically use the equation
Military = Government = Microsoft = stupid

I hope you're aware that it's the military/DoD that basically invented computer security, see "Security Controls for Computer Systems, Report of Defense Science Board Task Force on Computer Security" commonly known as the Ware report.

Re:Great... (0)

Anonymous Coward | about 6 years ago | (#22942452)

I feel the need for a Guinness... Calling all Script Kiddies, 3L33t35, Hax0r5, Uncle Sam Want You!

Re:Great... (1)

0xABADC0DA (867955) | about 6 years ago | (#22942504)

perfect security is impossible, somehow "bringing the fight to the enemy" isn't a solution. Changing the way you think about the internet is. The internet is fine security-wise. Our network organization is fine security-wise. What is not fine is our actual software. There is no reason why software should be hackable. Buffer and heap overflows are not a necessary condition. Kernel bugs do not need to allow arbitrary code to be run. These are fundamental security problems in how we program computers, not in the systems themselves.

For example, programs that are written in Java effectively cannot be hacked due to bugs. Operating system kernels like Singularity or jxos or JavaOS written in typesafe languages cannot be hacked due to any but an extremely small set of possible bugs in them. Bugs can cause these to do things they would otherwise do when they should not, but they effectively cannot be hacked to run arbitrary code. Even a properly designed HTML would not have inline scripts so it would be impossible to run arbitrary code due to not escaping strings (ie scripts could come only after the end of the document and then be referenced by id in the doc instead of appearing inline).

Regardless of whether you are a kernel or application or web developer if you choose to program in C, C++, or any other language where it is possible for bugs to cause arbitrary code to run then you are choosing in your own way to support viruses and spam and security breeches.

Re:Great... (5, Funny)

Chris Mattern (191822) | about 6 years ago | (#22942542)

For example, programs that are written in Java effectively cannot be hacked due to bugs.

Java has so many bugs in it that it can't be hacked?

Re:Great... (0)

Anonymous Coward | about 6 years ago | (#22942844)

You see, this is what Admiral Adama has been saying all along. We should have learned this much from the Cylon wars the first time around.

Re:Great... (0)

Sandbags (964742) | about 6 years ago | (#22942846)

The US government regrets to inform you that due to suspected illegal activites detected from your systems that your systems have been actively neutralized. A virus is now infecting your machine that has already spun your CPU cylces into increasinly higher activity cylcles. This will cause your system to overheat and fail in 5, 4, 3, 2, 1...

PS: the melting of materials in your CPU can emit toxic fumes that are known to be a health hazard. Do not breath fumes that may eminate from your computer or firewall. Also, we suggest you get a fire extingusher...

PSS: if you feel you have been inapropriately targeted, please simply purchase a new PC, connect to the internet from a known secure and untargeted location, and file form "GFYS-2008-A" with your local FBI office so we can file it for 7 years and if your lucky respond by admitting no fault and denying your claim since by then any evidence will have been destroyed by presidential executive order, including the backup tapes plus we've just destoryed any evidence YOU had. haha.

Just what we need (-1, Redundant)

Anonymous Coward | about 6 years ago | (#22942178)

Could the US have any more of an attack mentality?

IT Attack mentality? (2, Interesting)

mveloso (325617) | about 6 years ago | (#22942192)

It's funny - usually the attack mentality gets shot down pretty quickly in the US. There was a thread a few years ago about using your IDS to go after people attacking your server...the consensus was it was a Bad Idea. It's pretty much illegal to do in the US anyway, but it also seen as bad karma.

OTOH, there's no technical reason not use snort + script kiddie tools to automatically detect intruders and try to whack them. You can identify botnet members pretty easily from the pattern of accesses (the probes tend to come in waves, as various parts of the swarm poke your boxes).

The US could just hide in that swarm of accesses, poking servers and doing slow scans to figure out what's where. It's pretty easy these days to do signature profiling on systems, and to just stash this info in a database somewhere. Update each entry every few weeks, and be able to update ranges on demand.

The only really hard part is getting your own botnet up and running. The US Government could, theoretically, tap into the search engines to do this for them, which would be pretty amusing. Nobody pays attention to web spiders, and well, if the spider does a slow port scan 'accidentally' who cares?

No One Expects The IT Inquisition (1)

N1ck0 (803359) | about 6 years ago | (#22942546)


Seriously this just depicts how the Military/Cyber command doesn't understand operating inside domestic world. As some of the smartest commanders have advised politicians before: you basically don't want our military policing things; as they go in with the mentality of destroy/conquer/dominate.

If your saying IT staff should actively attack those who seek to do wrong to their infrastructure, how do you address the fact that most activities of those individuals are completely legal until they actually do the attack. What of root-kits and exploits used for commercial purposes? Should we attack them too? People who do operations within the legal confines of their governing body, but can potentially impact others who's government classifies it as illegal...attack them too? Or what about someone who actively goes out and fetches something not intended for them, but also causes harm...attack the person who made it available? What about legitimate patches that break IT infrastructure if applied...Should we go destroy IBM, Microsoft, or Cisco because they distributed something harmful? Or even more broad...what if one of these companies indirectly helps the 'enemy'...are they open to attack too? What a tangled web we weave.

Sorry but Attack mentalities are dangerous 'domestically', and require real tight constraints. Such an organization should have an understanding on how information travels and how IT works; and should therefor be very careful with what it says publicly. But in the go destroy/take-down/remove world of the military you just go attack the 'bad people' right?

AFCYBER - division patch (1)

RichMan (8097) | about 6 years ago | (#22942194)

Ok, someone needs to get a hold of, or make up AFCYBER division shoulder patches.

US Air Force Cyber Command (AFCYBER)

http://en.wikipedia.org/wiki/Shoulder_patch [wikipedia.org]
http://www.tioh.hqda.pentagon.mil/DUI_SSI_COA_page.htm [pentagon.mil]

Where's hypno-toad... (2, Insightful)

mbaGeek (1219224) | about 6 years ago | (#22942206)

...when you really need him?

random quote from forgotten source:

"Most wars could be prevented with 1 motivated soldier in the right place at the right time and a well placed bullet"

Too many fronts to fight (0)

Anonymous Coward | about 6 years ago | (#22942218)

Tasked with basically securing the entire world, I don't see how they intend to succeed.

They don't go after hacker groups in poor developing nations,
they CANT go after state sponsored groups without escalating into
a full blown war (which they can't afford now, thanks Mr. Bulsh)
and their supply chain is basically everywhere in the world.
That's a lot of vectors.

All they can really do is cry for more funding and attention... and the best way to do that?

They are right (1)

mi (197448) | about 6 years ago | (#22942250)

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense. You have to be able to retaliate. In "cyber" world this would mean some of the "hacking back", identifying him, putting him to jail, confiscating his computer, fining him.

This "active defense", however, is full of legal (and ethical) pitfalls and thus it is now wonder, the private companies are mostly sticking to passive defense. Private sector is also the main source of professionals for the government institutions, so those are quite conservative too.

Now we are seeing the military waking up to the problem... Indeed, if it is Ok to destroy a building, from which somebody is trying to kill you, why should we hesitate putting to jail someone trying to steal secrets and/or money?

Re:They are right (3, Insightful)

Dunbal (464142) | about 6 years ago | (#22942400)

If all you do is defense, then eventually the enemy is likely to figure out, how to break you.

Attack is the best defense.

      Spoken like someone who has no understanding of the art of war.

      The first rule of war is: don't go to war.

      The second rule of war is if you have to go to war make yourself invulnerable before you attack.

      "Attack is the best defense" did not work for Germany in the 2nd world war. It didn't work in Vietnam or Korea. It's certainly not working for the US at the moment.

      If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.

Re:They are right (1)

Artuir (1226648) | about 6 years ago | (#22942646)

No, it didn't work for Germany. However, it *very* nearly did. It wasn't a one sided war.

I think WW2 is a poor indicator of what kind of strategies worked. There were so many variables (and luck) involved - it's difficult to simplify something so grand into "Germany lost due to their attack based strategy".

Re:They are right (2, Insightful)

Robert1 (513674) | about 6 years ago | (#22942718)

You're right. I guess Douglas McArthur, like you, really UNDERSTOOD the art of war. After the bombing of Pearl Harbor he withdrew all marine craft from the pacific and focused entirely on defense. The next several years saw Japan make several unsuccessful invasions of the American heartland, thankfully America's invulnerable defense ensured our safety. Eventually Japan became disheartened and gave up attacking America, thus ending WWII. Sure we lost the Philippines, Australia, and eastern China is still part of the Great Japanese Empire, but that's all history.

Re:They are right (1)

D Ninja (825055) | about 6 years ago | (#22942894)

If your defenses are so strong that your enemy will require all his concentration in order to understand/penetrate them, he won't see that guy sneaking behind him and about to bite him in the ass.
Wow, dude...you fight dirty.

Re:They are right (1)

TheWizardOfCheese (256968) | about 6 years ago | (#22942858)

Military people are naturally predisposed to favour attack over defense. That is because armies select their leaders for initiative and aggression, not sloth and complacency. Sloth and complacency creep into the war room all the same, and the reality is that attack is sometimes a very poor defense.

The second world war offers famous examples of this. The most obvious is submarine warfare. Neither the navy nor the merchant marine officers liked convoy; the navy preferred to aggressively chase after submarines rather than tie themselves to a slow convoy, and individual merchant captains were generally convinced that they stood a better chance on their own than as part of a fat juicy target. But in fact, any ship, even a fast one, had a much better chance of survival in convoy than on its own, even with no armed escort! Any escort, even a tin can corvette, raised these odds even higher. Meanwhile, sending expensive destroyers to chase phantoms over leagues of empty ocean achieved nothing.

The interesting thing is that this lesson was not learned but relearned: exactly the same process happened in the first world war. That lesson in turn was relearned from convoy against surface raiders in the Napoleonic wars; in those wars, convoy was rediscovered from even earlier eras dating back to the middle ages. It is just hard for most military minds to accept the value of a defensive procedure - it runs against their training.

Another example is bombing - before the war, people thought that interceptors were pointless - "the bomber will always get through." This belief was based on a rational calculation of flight speeds, climbing times, and geometry. But it didn't take into account the invention of radar.

Collateral damage? (1)

PhasmatisApparatus (1086395) | about 6 years ago | (#22942262)

"We're looking for real physics -- a bigger bang resulting in collateral damage."

That's what missiles are for. That's what special forces are for. I'm not sure how much "collateral damage" can be caused by hackers.

Then again, maybe General Elder has been reading the World Weekly News [flickr.com].

Re:Collateral damage? (1)

db32 (862117) | about 6 years ago | (#22942406)

Tons of damage, they have managed to blow up a generator using SCADA controls in one test. Because in this wondeful new world of Interconnected Expanding Horizons Where Do You Want To Go Today Whatever crap every critical control computer has been plugged into a network for some dumb reason. Varying from "I don't want to have to work next to the loud device that the computer controls" to "The PHB said we need to be more "integrated"".

There are all manner of systems that handle hazardous materials that are computer controlled. To top it off, most of those control systems are VERY specialized software, and many are just Win32 progams that you can't simply fiddle with patching the OS without risking breaking something very important.

Oh, and as dumb as that WWN article is, in the long long ago I remeber reading about a virus that could cause physical damage to the hard drive. It had to do with how hard drives were controlled at the time. I don't remember all of the details, but the jist was that it could cause the drive to spin down while the heads were over the platter. This removed the air cushion the heads ride on and cause a head crash. Also, while not a virus, I also remember older hard drives could cause MASS damage when spinning at full RPM and the motor seizing. Back then the platters had some weight to them and a sudden stop could cause them to break in a pretty spectacular manner.

Collateral Damage? (2, Funny)

BigBlueOx (1201587) | about 6 years ago | (#22942278)

Bigger Bang? Windows! You're talkin' about Windows!

Re:Collateral Damage? (1)

KC7GR (473279) | about 6 years ago | (#22942532)

Bah! I wonder what kind of collateral damage could be obtained through a massive air-drop of two metric tons of overcooked spinach...

S P L A T T ! ! !

Dear me I can see an NPR 'expose' of evil Tech Guy (-1, Troll)

gelfling (6534) | about 6 years ago | (#22942298)

As we all know everything the west does is an official war crime so now hacking will be a war crime as defined by NPR, DailyKOS. I don't know how they'll fit it into their regularly scheduled day chock full of pathetic poor brown people from around the world.

Re:Dear me I can see an NPR 'expose' of evil Tech (1)

Colonel Korn (1258968) | about 6 years ago | (#22942426)

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because you liked them, not because you hated them. Stupid, stupid, rhetorical nonsense.

Re:Dear me I can see an NPR 'expose' of evil Tech (1)

gelfling (6534) | about 6 years ago | (#22942878)

The only problem I have with NPR classifying some of the horrible things the US has been doing lately as war crimes is that we're not officially at war, because the president wanted to avoid having to 1) get permission from congress and 2) obey the Geneva conventions. It's a pretty silly excuse, though, saying that the Geneva conventions don't apply because we're fighting terrorists, not a waging war.

That's like getting around anti-hate crime legislation by saying that you killed all those people because you liked them, not because you hated them. Stupid, stupid, rhetorical nonsense.
Well considering there have been exactly zero declared wars since the end of WW2 it sort of puts a point on the futility of the whole thing, doesn't it?

Communication issues (1)

SickHumour (928514) | about 6 years ago | (#22942304)

Yeah... I think this Lieutenant General might be the communication issue. All I can understand from his quote is that he really wants to "cyber" the enemy without being vulnerable to being "cybered" in return. Is this military jargon?

It'll be too hard for them to staff up (2, Insightful)

MikeRT (947531) | about 6 years ago | (#22942318)

Too many of the people that they'd want who are freakishly good at networking probably have a criminal record long enough to deter them from ever holding a TS, let alone a TS/SCI.

I would hazard to guess that the reason that China is able to keep its black hats at bay is the ability of their government to make you disappear in the middle of the night and wake up the next day in a labor camp if they even suspect you of compromising government systems.

Good luck with that. (4, Insightful)

Anonymous Coward | about 6 years ago | (#22942342)

Sorry, but the U.S. military just isn't going to get the best hackers around. The biggest problem is that the entire U.S. educational system actively discourages this type of education, in a hostile manner. Big businesses also work with the educational system to discourage creating knowledgeable and skilled people.

Someone posted about a class of theirs on Security issues that got shut down by one big corporation, who threatened not to hire any of their departments' students if they insisted on teaching that class.

So, the bottom line is that our Education system isn't turning out the skilled people that the Military is looking to hire.

This is compounded by the fact that the ones who DO get this knowledge, and have the right attitude, are snapped up by the Bad Guys. Crime is increasingly playing a big part on the internet, and those folks WILL pay good money for the right talent which can deliver results.

I suppose the Military could consider subcontracting out to the Mafia. That's really their only option if they are serious. Otherwise, the best they can get will just be second-rate talent, and more likely third-rate talent.

Good luck attacking, or defending, with that. As a US citizen, I find this frightening, but I've been saying it for years. I'm glad someone is finally waking up to the matter. But I doubt anything serious will ever be done until it's too late.

Re:Good luck with that. (1)

eleuthero (812560) | about 6 years ago | (#22942822)

The software techs at my school regularly hire students caught with their hands in the candy jar--it is a part of a "rehabilitation" program as far as I can tell.

Re:Good luck with that. (0)

Anonymous Coward | about 6 years ago | (#22943088)

Wow, that is just so.... Wow!

I mean, yeah, some schools have some problems, but to paint the entire educational system of a country as 'broken' is just so - stupid? Ill-thought?


The world is not flat, my friend, and the solution to the problems in the U.S. of A. do not lie in the dismantling of its educational systems, no matter how many time Mr. Limbaugh says so.

Big Bang For Sale: Will Consider Serious Bids (0)

Anonymous Coward | about 6 years ago | (#22942344)

Here [google.com].

Yours radioactively,
Dr. Abdul Qadeer Khan [wikipedia.org]

P.S. Say Hi to my fellow gun-runner President-VICE Richard B. Cheney

Attack! (2, Funny)

GottliebPins (1113707) | about 6 years ago | (#22942354)

I can see it now. Somewhere in China or Nigeria a hacker is trying to gain access to a U.S. government network and suddenly their own systems are attacked from hundreds of locations around the world bringing their network to it's knees! Revenge is sweet!

EMP? (0)

Anonymous Coward | about 6 years ago | (#22942358)

I'm not sure, but I think an EMP would be a pretty big bang

Just the long way for him to say.. (1)

Budgreen (561093) | about 6 years ago | (#22942398)


Re:Just the long way for him to say.. (1)

morgan_greywolf (835522) | about 6 years ago | (#22942560)

$ nmap -v -sS -O world
Starting Nmap 4.20 ( http://insecure.org/ [insecure.org] ) at 2008-04-02 14:30 EDT
Failed to resolve given hostname/IP: world. Note that you can't use '/mask' AN\
D '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap finished: 0 IP addresses (0 hosts up) scanned in 0.106 seconds
                              Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

If you can even find it!

War is physics... (1)

MadMidnightBomber (894759) | about 6 years ago | (#22942506)

Computer science is maths. There are no fucking "bangs" in maths - if there's no security holes the only thing you can do is DDoS it off the net. This is the sort of drivel I usually expect from Hollywood hacker films; I can just see this guy typing "access all the secret files" into a bash prompt and expecting it to work.

Re:War is physics... (1)

morgan_greywolf (835522) | about 6 years ago | (#22942606)

me@myhost:~$ access all secret files
access all secret files
-bash: access: command not found

Huh. You're right! But it always seems to work for those guys in the movies!!!

Re:War is physics... (1)

AJWM (19027) | about 6 years ago | (#22942762)

Computer science is maths. There are no fucking "bangs" in maths

Factorials aside, there are plenty of potential "bangs" in things controlled by computers. If someone is stupid enough (and plenty of people are) to allow any of these to be connected to the 'net, well then...

Consider, for example, power stations, refineries and similar chemical plants, air traffic control systems, (or even regular traffic control systems -- turn all the traffic lights in a city green in all directions, I guarantee you'll get some bangs). Now, you and I know there should be failsafes in such systems to prevent such things, and such systems should not be internet-accessible in the first place. You and I also know that it only takes one idiot to mess something like that up.

Re:War is physics... (1)

AJWM (19027) | about 6 years ago | (#22942876)

Addendum to above -- if the control system you want to hack into hasn't been inadvertently connected to the internet by some idiot (ie, it has air gaps separating all nodes from any internet-connected nodes, and of course no wifi), that's the kind of thing covert ops are good at. It doesn't take much to bridge two networks, and if done in an out-of-the-way spot that could go undetected for years, especially if the bridge just sits there passively listening for a special activation packet.

Re:War is physics... (1)

ahabswhale (1189519) | about 6 years ago | (#22942802)

Outside of breaking encryption, math is rarely required for hacking and the US has as much muscle as any country when it comes to breaking encryption courtesy of the NSA. Of course the funniest thing you said was, "if there's no security holes the only thing you can do is DDoS it off the net". Are you kidding me? There are ALWAYS security holes. You may not find them but they are there. There is no such thing as an impenetrable system.

A solution (0)

Anonymous Coward | about 6 years ago | (#22942672)

How about, instead of this whole "protecting our data from evil people" thing, we give the evil people the data, then bomb them for having it. Its a simple matter of using our talents alongside our weaknesses. That and we want to trim down our nuclear arsenal, well...here's the chance!

Let's play Global Thermonuclear War ..... (1)

taniwha (70410) | about 6 years ago | (#22942810)

well we all used to be worried about the fallout from nuclear war .... just think what would happen on the 'net if these cowboys ever get unleashed .....

the good news I guess is that just like the spammers they'll all be going after the windows platforms because that's the biggest bang for the buck - the rest of us can watch the death of the internet from our linux bunkers

somewhat mutually exclusive? (1)

mr100percent (57156) | about 6 years ago | (#22942900)

I don't see how defense and attack in the IT world work that well together. If I'm setting up firewalls and VPN systems, it doesn't mean I'd know any more than the basics about launching my own DDoS or a man-in-the-middle attack.

On a related note, I wonder if the military would build their own botnet from scratch.

Bad idea (1)

PPH (736903) | about 6 years ago | (#22942932)

Expecting the typical admin of a commercial network or system to actively participate in an attack is like giving every middle-aged white collar civilian a machine gun and expecting them to attack enemy artillery emplacements.

The most we should expect of the civilian infrastructure is to secure their systems and go hide in the backyard bomb shelter. If I (a middle aged white collar civilian) start getting involved in DoS attacks against an enemy, I'm inviting reprisals by that enemy targeting my, or my employers systems. If the cyber comand folks start handing out the weaponry (toolkits) to just any civilian, how can they be sure that they won't be used against that person's neighbor (who keeps dumping grass clippings over the fence), competitor, ex-wives, etc. Or, worse yet, switch sides in the war and launch an attack against the friendly forces?

First strike & offense capablity. (4, Interesting)

John Sokol (109591) | about 6 years ago | (#22942942)

I am waiting for them to call me and my buddies.

First they need older hackers, not script kiddies.
Black hats, or at least former black hats.

Lot's of Jolt Cola, Cold Pizza and some dark dungeon supplied with what ever mind altering substances needed and a steady supply of nerdy Asian girls to look after them.

Also the boxed set of all Stargate, Star Wars, Star Trek, Battlestar Galactica and.. Na on second thought, we'll just grab them off Bit Torrent. Same for the HDTV, UPS delivery off some stolen credit card, old habits die hard.

Maybe more useful would be legal immunity/amnesty, from all of the collateral damage from relaxing hobbies like taking down the RIAA or Microsoft in the process, (oops).

But seriously, a License to hack anything domestic and foreign with total immunity as long at it's primarily against the enemy would be totally cool, I think a lot of us who had to give up the black hat because we have kids and just can't afford to go to prison, would be all over this.

Why domestic, I almost don't want to say this publicly but the best way to get in is start in.
http://www.c-program.com/kt/reflections-on-trusting.html [c-program.com]

Anyhow you can't play by the rules, if they think you can launch and offensive attack without some pre-preparation your wrong.

Making an offensive toolkit is fantasy. By definition this is script kiddie and lame.

> where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

I have been told years ago that this is already being done at Taiwanese fabs to us.
Chips were designed to be resonant at some Ghz ranges and would be equivalent to an EMP when hit.
This is done at the fab without changes to the chip design but layer thicknesses that is something the fab has total control over.

These attacks should be in any OS, Router, or any other electronic devices that get sold and without the knowledge if it manufactures either. This would hackers the greatest flexibility to exploit them when needed. They key is to make sure it's not detectable or exploitable by other hackers.
An example would be to hack into Microsoft and muck with their distro before it goes out.

Of course with Microsoft and Apple, this would already seem to be unnecessary.

Think We Already Have It (0)

Anonymous Coward | about 6 years ago | (#22943034)

When Israel attacked Syria's nuclear facility their vaunted Anti-Aircraft missile system, latest and greatest from Russia, didn't see a thing. Rumor is that they had hacked into the system and neutered it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account