Forgot your password?
typodupeerror
Security The Internet

US Planning Response To a Cyber Attack 359

Posted by kdawson
from the one-less-cyber-cafe-in-Karachi dept.
We've all heard of Google bombing; the US Government may be taking the expression rather literally. Planning is now underway across the government for the proper way to respond to a cyber attack, and options on the table include launching a cyber counterattack or even bombing the attack's source. The article makes clear that no settled plan is in place, and quotes one spokesman as saying "the preferred route would be warning the source to shut down the attack before a military response." That's assuming the source could be found. From the article: "If the United States found itself under a major cyberattack aimed at undermining the nations critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
This discussion has been archived. No new comments can be posted.

US Planning Response To a Cyber Attack

Comments Filter:
  • by Black Parrot (19622) on Sunday February 11, 2007 @04:09PM (#17974926)
    I didn't want those zombied servers anyway.
    • by Anonymous Coward on Sunday February 11, 2007 @04:17PM (#17975008)
      A few bombings ought to move people off Windows.
    • by anagama (611277) <obamaisaneocon@nothingchanged.org> on Sunday February 11, 2007 @04:22PM (#17975078) Homepage
      Finally a reason (aside from erroneous child porn prosecution) to do something about all those compromised machines. If people thought the police might bust down their door to stop their computer from doing illegal things, they might think about being more responsible. Considering the damage an unattended compromised pc can do, it really is surprising that people don't face liability. If you keep a dangerous instrumentality on your property, and it causes damage to others, you are liable for that if the harm is foreseeable. Considering how the news has been peppered with these stories about compromised pcs causing people problems(*), the harm is now foreseeable.

      (*) A total non-geek person I know brought up that AZ child porn case to me in conversation and mentioned she thinks her machine is probably compromised too.
      • by paeanblack (191171) on Sunday February 11, 2007 @05:06PM (#17975484)
        If you keep a dangerous instrumentality on your property, and it causes damage to others, you are liable for that if the harm is foreseeable.

        That is only true if all responsible parties are held to a reasonable level of accountability.

        If you found out that your oven was, without your knowledge, part of a local arson ring, you'd be pretty upset a being held accountable for the neighborhood damages. You'd probably blame Kenmore for making such a thing remotely possibly in the first place, since it has no connection with how or why you bought the oven in the first place.

        Until the hardware mfgrs, OS mfgrs, software mfgrs, and users are all held to roughly similar standards, you can't place all blame on the user.

        To put things a different way:
        -If 1% of your products cause widespread damage, then 1% of your users are idiots.
        -If 5% of your products cause widespread damage, then 5% of your users need training.
        -If 25% of your products cause widespread damage, then you are the idiot.
        • by StikyPad (445176) on Sunday February 11, 2007 @05:51PM (#17975786) Homepage
          True, but if 100% of your products cause widespread damage, you get a seat at the UN Security Council.
        • by cryocide (947909) on Sunday February 11, 2007 @06:38PM (#17976126)
          Your scenario is a little off, since your oven can't walk out of the house and burn someone else's house down. Let's try a more realistic scenario.

          You buy a new drive-by-wire car. Then either of the following happens: You forego the option to park your car in a readily-available garage and a terrorist quietly breaks into it, or you simply take the car to a garage that you thought was reputable because of its professional-looking store front but was in fact a terrorist-run shop. Either way, they had their way with your car, installing hidden remote controls on the drive-by-wire system. Then they install a bomb using any available space, such as the empty body panels, inside the seats, etc. They can now damage or destroy any bridge they like, but you never knew what they did to your car, so you went on with life as usual. Then they did it to other owners' cars around town that were similarly vulnerable to compromise or social engineering.

          Now for the best-case-scenario version of the outcome. We'll assume that the bridge is unoccupied, so there is no human life lost when they take your car and all the other zombie cars on their final joy ride, but the bridge is damaged and has to be closed while its structural integrity is assessed. Meanwhile, traffic has to be rerouted or stopped altogether. People can't get to work. Goods can't be delivered. The general population is afraid that there will be another attack, possibly trapping them in their neighborhood.

          Now imagine that the cars were your computer and all the other zombie machines out there, the home garage was a simple NAT router or decent software firewall or the repair shop was a software package that contained malware, and the bridge was any major server or router that a decent-sized portion of the internet population relies on for day-to-day electronic transactions.

          Do you really think it was the car manufacturer's fault that you left the car unprotected, or worse, you handed the keys to an untrustworthy mechanic because he had a professional-looking shop? While I don't think the car's owner should be held criminally responsible, I think they unknowingly forfeited the car when they ignored their responsibility to keep it reasonably secure. Don't be surprised if the government starts fragging driverless cars once they've identified them.
      • I mean, not every end user chooses to be infected, and it's not like it's easy to get a machine secured whilst online before it gets infected. I'm not quite sure that a warhead on the house is the best way to deal with a part of a botnet.

        If you really want to take about liability you'll have to start with a company that sells you a car without brakes, thus creating a huge market for brakes, and is now starting to supply the brakes themselves. Whilst still leaving them out of the original car.

        Replace car w
      • Re: (Score:3, Insightful)

        by Alligator427 (1054168)

        Along the same lines, it has always irked me that (the government) has never considered approaching Microsoft about the severe security flaws to which it's software is subject. Certainly if the most popular operating system in the world were less morbidly insecure, botnets and the like but be far fewer between. After all, these botnets aren't being built out of *NIX machines, so we're really talking about MS software.

        I think a certain amount of responsibility lies on the endusers shoulders insofar as they

      • Re: (Score:3, Informative)

        by c6gunner (950153)
        Well, for one thing, prosecuting every single person whose computer has been infected with a trojan would pretty much bankrupt the US, and put most of your population, including all of your politicians, in Jail. Might not be such a bad thing, really...

        Anyway, it'd be pointless to prosecute these people is because the vast majority of compromised machines aren't even IN any western nation. Every script kiddie knows that if you really want a bot-net, you scan Asian IP's. When I was 15 I had 2,400 Korean co
  • botnet (Score:5, Funny)

    by TheSHAD0W (258774) on Sunday February 11, 2007 @04:10PM (#17974934) Homepage
    I wonder what their response would be to the attack of a botnet. Carpet bombing, maybe?
    • Re:botnet (Score:5, Funny)

      by Cyberax (705495) on Sunday February 11, 2007 @04:12PM (#17974948)
      Nuclear arms, of course :) The ultimate solution for spam and cyberattacks.
    • Re: botnet (Score:5, Funny)

      by Black Parrot (19622) on Sunday February 11, 2007 @04:13PM (#17974968)
      > I wonder what their response would be to the attack of a botnet.

      Good thing the story isn't on a DoD site, or Slashdot might get some retaliatory cruise missiles.
    • by tomhudson (43916)

      Hey, its one way to get rid of spammers ...

      Quick, everyone add a bunch of anyone@pentagon.mil and someone@whitehouse.gov addresses to your posts for spam address harvesters.

    • by msobkow (48369)

      Sadly enough, they would be just that stupid. :(

    • Re: (Score:2, Funny)

      by mrbluze (1034940)
      Depending on the location of the computers, it might be a carpet bomb, or a bunker buster if it's a teenager's PC in a basement somewhere, or if they run on expensive computers running *nix, a cluster bomb, or if it's a server farm, they might use napalm with agent orange...
      • Re: (Score:3, Funny)

        by mrbluze (1034940)
        .. or a nude bomb if the attacker is spreading porn, or a great big armoured bulldozer to dig up a worm attack, or a bunch of soldiers with spears and shiny metal shields and stuff if it's a Trojan, or a firetruck if the enemy runs a firewall...
    • The security on botnet nodes is normally pretty weak, so is should be feasible to just crack that node, and see who is connected to it.
    • Re: (Score:3, Interesting)

      by Shihar (153932)
      You joke, but I think people are missing the fact that bombs can stop many attacks. If for instance a nation was able to launch some massive attack that was crippling the Internet, in this world of zombied computers can't simply block everything. A true Internet crashing attack would take hundreds (thousands?) of people to pull off and you likely might be able to at least localize them to a single nation. If you felt that that nation state was directly responsible, you might very well decide to bomb an e
  • by yourexhalekiss (833943) <herp@derREDHATpstep.com minus distro> on Sunday February 11, 2007 @04:11PM (#17974942) Homepage
    That's an option that the Feds have that the average whitehat doesn't: calling in airstrikes against the DOSer.
  • by Space cowboy (13680) * on Sunday February 11, 2007 @04:13PM (#17974962) Journal

    In the event of a massive cyberattack against the country that was perceived as originating from a foreign source, the United States would consider launching a counterattack or bombing the source of the cyberattack, Hall said. But he noted the preferred route would be warning the source to shut down the attack before a military response


    There's a lot wrong with this. Off the top of my head...

    Any sustained attack on network infrastructure, on the scale that they're talking about, is almost certainly going to be a distributed attack. Botnets have no patriotic allegiance, their locality is a function of machine vulnerability (eg: N. Korea's dependence on Active-X), not politics.

    If I'm crafting an attack, I don't have to even tell the truth about my IP address, TCP allows the sender to specify a (fake) IP address. Obviously I won't get any replies, but I don't care if I'm simply out to cause damage

    Geolocation of IP addresses is pretty much a black art as well - there's far too much variability by IP address to try and localise to the precision needed for bombing the source. My hostip.info [gornall.net]website only attempted to locate to the /24 netblock, and even then only managed ~50% accuracy.

    Not to mention that it's a pretty big precedent to set... At least they're talking about talking, before bombing; the problem is that if you make a threat to bomb someone, you have to be prepared to carry it out. Countries can't afford to be seen to be bluffing when it comes to things like this, the impact on future negotiations is too high.

    Simon.
    • Botnets have no patriotic allegiance, their locality is a function of machine vulnerability (eg: N. Korea's dependence on Active-X), not politics.

      South Korea has a problem with banks etc. relying on Active X. North Korea has little computer use to speak of.

    • Re: (Score:3, Insightful)

      Let's also not forget that the general public understands much less about a cyberattack than a good ol' fashioned physical attack. Hence, it's much easier for the government to tell the public that they were in severe danger because "the internet was in danger" or whatever obfuscationt they'll use, when in reality they were pinged fifty more times than average. This is really just another reason to take out the guns, and we all know they're having a difficult time justifying military action these days.
    • So, what you're saying is, this is a good way to get the US to bomb itself?
    • Re: (Score:2, Informative)

      by Miseph (979059)
      What you're forgetting is that WE have blackhats too. The idea isn't to stop the botnet, because we can't do that nearly as fast as 'they" can open up a new one... if we could, botnets wouldn't be a problem in the first place. I think the idea is that if a botnet/virus/whatever is used to "attack the internet" (a notion that I believe to be intentionally broad, much like "attack the country", not necesarily to justify doing whatever we want, but so that we aren't pigeonholed by a narrow definition), then w
    • by Splab (574204)
      The ultimate attack on our infrastructure would be to do a reflected DDoS from the BGP's around the world, and let the US bomb the hell out of the internet core infrastructure.
  • spoof (Score:5, Interesting)

    by brenddie (897982) on Sunday February 11, 2007 @04:14PM (#17974988)
    So if we can spoof enough IP's we can get the USA to bomb any country of our choosing.... interesting.
  • Now you can call in U.S. airstrikes against anyone you don't like by zombifying their computers. Hell of a lot more fun than DOS'ing IRC channels.
  • iptables -I FORWARD -s -j DROP
    iptables -I INPUT -s -j DROP

    Replace with favorite firewall appropriate commands.

    MUCH quicker, cheaper, and probably more effective than trying to blow up the source.
    • Re: (Score:3, Informative)

      by jmauro (32523)
      Won't work if the pipe you're trying to use is flooded with useless data, since you're not actually stopping the attack at the source and your bandwidth is limited. You've only prevent them from getting into your network, not actually stopping the DOS which is kind of the point.
    • ...and how does it boost the weapons production portion of GNP?

      Bombs solve all problems, and require very little forethought to use. Everyone is impressed by large explosions...virtually nobody is impressed by iptables rules.
  • denial of service (Score:4, Interesting)

    by oohshiny (998054) on Sunday February 11, 2007 @04:16PM (#17975000)
    Well, this has some great potential for denial of service attacks by forging the source of a cyber attack.
  • by deft (253558) on Sunday February 11, 2007 @04:20PM (#17975052) Homepage
    At first I thought the US government might be using it's PageRank power to make terms like "nuclear threat" bring up URL's like iran.gov (or whatever their whitehouse.gov correlary might be). In fact it was just a weak attempt to use the word bombing twice and mislead.

    Instead, the US is just aknowledging that attacks on it's internet infrastructure can be responded to just like physical attacks.... by military attack.

    Is anyone suprised that if one place was pinpointed as the source of the attack on any countries infrastructure it might be a target? I'm not. The net is more important than some buildings at this point.

    The only thing I'm suprised is to expect any attack to be from one place... I'd expect it to be distributed. But thats ok, we have bombs for that too. ouch.
    • by TubeSteak (669689)

      Is anyone suprised that if one place was pinpointed as the source of the attack on any countries infrastructure it might be a target? I'm not. The net is more important than some buildings at this point.

      The only thing I'm suprised is to expect any attack to be from one place... I'd expect it to be distributed.

      I expect that their goal would be to take out whatever node is controlling the attack (ie the botnet owner's house).

      But I don't see how useful that is, since modern botnets have a distributed command a

    • The only thing I'm suprised is to expect any attack to be from one place... I'd expect it to be distributed.

      Any single attack will be from one place/person/country. They/he may use distributed means to do it, but it will originate in one place. Spam, for instance. Yes, it comes in via multiple paths/zombies/botnets...but any 1 specific spam originates from one dude or company. The trick is finding that one dude. And that's what the DoD is trying to do.
  • by thestudio_bob (894258) on Sunday February 11, 2007 @04:23PM (#17975082)
    Uhh... woudln't just be easier to bomb the source. It's not like we don't know where Micro$ofts head quarters are.
    • Re: (Score:3, Interesting)

      by Kalriath (849904)

      Uhh... woudln't just be easier to bomb the source. It's not like we don't know where Micro$ofts head quarters are.

      I am so sick of hearing this type of crap that Microsoft (what, you can't spell "s"?) is responsible for every single piece of botnet or exploit on the internet. You know, Linux/Unix machines can be "rooted" as well - to the same or more devastating effect...

      However, like with /([A-Za-z]?)nix/, Windows can be quite secure in the hands of one who knows what they're doing. In my 10 years of using Windows, I've never had a virus or trojan infect a machine under my direct control. Any virus would fail to

      • Never? Wow. Are you sure the ethernet cable is plugged in?

        Jokes aside - viruses isn't a problem anymore. The problem is spyware.
        • by Kalriath (849904)
          I read Slashdot, so I'm preeeetty sure the ethernet cable is plugged in. 'course like I said, I don't visit dodgy sites (or when necessary I boot up Opera, which supports almost no extension technologies that I'm aware of - try installing spyware on THAT!) I don't get spyware myself because there are products designed specifically to prevent spyware from being able to install - utilising these does a VERY good job at preventing crap from getting in there. Bear in mind folks, even Firefox has been proven
          • Yup, I think the email virus/trojan problem is pretty much solved. However, the internet browser vulnerability problem still requires a lot of work. At home I only run Windows once a year to do my taxes, but at work all desktops are Windows based and then we all need to install Cygwin to get any work done - duh...

            Using Linux, I am quite spoilt, being able to click on anything with wild abandon. There is no good reason why Windows cannot be made to be equally strong. IMHO it is simply a lackadaisical att
  • I can't wait for Bush and his Pentagon to protect us from cyberwar. After all, the Bush doctrine of using one attack on us to justify attacking someone who hadn't attacked us, distracting us from [wikipedia.org] the original attacker [google.com], is really paying off [google.com].

    Besides, with cyberattacks [google.com] on both US government and civilian targets raging for years without either the FBI or military doing anything effective to protect us, they're bound to show nothing but improvement [google.com], right?
    • Re: Bring 'Em On (Score:4, Informative)

      by Black Parrot (19622) on Sunday February 11, 2007 @04:30PM (#17975140)
      > I can't wait for Bush and his Pentagon to protect us from cyberwar. After all, the Bush doctrine of using one attack on us to justify attacking someone who hadn't attacked us, distracting us from the original attacker, is really paying off.

      Hey, current thought among the Bush administration and the neocon "thinkers" that got us in to all this, is that if you blow one war you should start another one so you can try again.
      • by StikyPad (445176)
        Perhaps. It's equally likely that Iraq was a son's attempt to show up his old man, despite the fact that H.W. (at least in retrospect) knew better than to go into Baghdad. As Stewart observed, the intelligence of the Bushes seems to take a dip with each generation.

        What's the old quote? Never attribute to malice that which can be adequately explained by stupidity...
  • by gravesb (967413) on Sunday February 11, 2007 @04:28PM (#17975110) Homepage
    I would rather see cyber counter attacks. Yes, a lot of the targets would be innocent bots, but the counter attack could be as simple as taking them off line. If you remove enough bots, the attackers either have to give up, or begin to use bots closer to their own computers, until eventually they would have to use their own computers. Taking that many computers off line through cyber attacks is not something to be undertaken lightly, but if the incoming attack is sufficient to have a significant negative impact on infrastructure, then its probably justified. And maybe, if we start having massive cyber battles that this seems to imply, maybe Joe Public will stop clicking install this now banner ads and allowing his computer to become a bot. But probably not.
  • by NZheretic (23872) on Sunday February 11, 2007 @04:28PM (#17975112) Homepage Journal
    To Commander "Taco"
    Please cease and desist linking to site xxx.mil ( reacted ) or whitehouse.gov or else we will bomb you.

    Signed G.W. Bush.

    • by giminy (94188)
      I doubt the actual message would be grammatically correct. Maybe the hypothetical Bush grammatical incorrectness combined with the Slashdot grammatical incorrectness and they cancelled out, conjugating all verbs properly. At least he mispelled 'redacted'.

      Reid
  • by mbstone (457308) on Sunday February 11, 2007 @04:32PM (#17975160)
    General, the bombers are ready to go and the cruise missiles are fully fueled. And our intel group has pinpointed the source of the attack. It's coming from 127.0.0.1 .
  • The dribbling idiot DumBya is going to put a cruise missle up the ass of these scumbags that pound my email accounts with penny stock crap and ads for penis pills!

    Yay! About time!
  • by bizitch (546406) on Sunday February 11, 2007 @04:37PM (#17975214) Homepage
    .... well you can kiss Redmond, WA goodbye ;)
  • by OriginalArlen (726444) on Sunday February 11, 2007 @04:42PM (#17975250)
    ...the network fights back? Huh? D'ye ever think of that? And then it'll launch all the old ICBMs, oh yes, and then androids will stalk the smoking ruins hunting down and shooting the last holdout remnants of the Republican Party.
  • I think.... (Score:5, Insightful)

    by Derek Loev (1050412) on Sunday February 11, 2007 @04:42PM (#17975254)
    I think that we're all reading too much into this. The article is basically saying that if somebody is going to attack the US in a way that would be damaging to the country that US is prepared to retaliate...by any means necessary.
    I'm not sure if I agree with everything in the article but it is the Government's job to protect this country and there are a lot of businesses and people that demand on the internet. If some outside source could mess with this it would be devastating to the economy and the country...
  • What are they spending the billions on? I see why libertarian propaganda is so common in the US.
  • More targets.

  • by DimGeo (694000) on Sunday February 11, 2007 @04:58PM (#17975402) Homepage
    ... Internet Exploder... Click that link and you and your entire fraking town are history.
  • I see it now (Score:4, Interesting)

    by aschoeff (864154) on Sunday February 11, 2007 @04:59PM (#17975410)
    Both the RIAA and the MPAA manage to insert sufficient language into some unrelated bill (ala what they tried with the Patriot Act) that authorizes preemptive strikes against p2p networks, saying that they could serve as massive distributed attack vectors against our nation's cyber-infrastructure.

    Flip forward a few weeks. I wake up on a typical Sunday like today and start up Azureus. Within a couple of minutes, a tomahawk cruise missile is launched from a regional military installation.

    The upside of my imminent demise is my last minutes will be spent mellowly and obliviously perusing mininova, seeing if anyone uploaded a torrent for that one episode of The Daily Show I missed last Thursday.

    If only I had stayed up past 10PM that night, I would never have brought this on myself.
  • by toby (759) * on Sunday February 11, 2007 @05:03PM (#17975454) Homepage Journal
    When you're a country with a hammer, everything looks like a snowglobe, eh?
  • Is it just me, or does anyone think that using a cyber attack as a basis for physical retaliation would make it too easy to fake justifying evidence? Electronic evidences are easy to fabricate and hard to disprove.

    If US can produce gigabytes of logs "proving" that someone in another country is attacking their computers, would that give them the right to physical military actions, in the lack of other form of evidences?
  • (sarcasm) The USA has a very good intelligence service, they will for sure find the correct location of the attackers, look how good they were to locate WMD recently!

     
  • re: (Score:3, Interesting)

    by Kynmore (861364) on Sunday February 11, 2007 @05:15PM (#17975562)
    It sounds like something from a William Gibson novel. Only difference is our government isn't a corporation.
    • Not really... (Score:2, Interesting)

      Well yes, it sounds like a Gibson novel, but the *pertinent* difference is that if your governement were a corporation, they'd be a damn sight more accurate at pinpointing and destroying any relevant threats, and they definitely wouldn't be in anywhere near as much debt as they currently are. Plus, they'd use railguns, instead of nukes.
  • How about they actually work on a plan to prevent ACTUAL attacks from HARMING US CITIZENS AND SOLDIERS?

    You know, seeing as that's what the present danger to the nation actually is?

    It's all well and good to think of ways we could possibly be attacked while our people aren't dying every day, but right now, these people should be hung as traitors for wasting time and taxpayer dollars doing anything OTHER than finding the best possible way to protect our soldiers abroad, and our people at home.
  • Who do we bomb if the attack is coming from a botnet in our own US of A?
  • > ...an actual bombing of an attack source.

    Wouldn't it be less messy to simply call out the Washington National Guard?
  • by doormat (63648) on Sunday February 11, 2007 @05:51PM (#17975784) Homepage Journal
    Work with ISPs in the US, Canada and Europe to take zombied computers offline. They'll get a letter or phone call telling them that their computer was part of a zombie network that was attacking DHS or whoever, and that they wont be allowed back online until their computer is cleaned. Most people only have one choice for broadband (DSL or Cable), and they'll have to go back to dialup (where they wont be much of a threat in terms of dDOS) if they dont get their act together.

    Its like when a cop pulls you over for having an unsafe vehicle, its about time that ISPs start patrolling their userbase and send letters/call their users to notify them of their infection.
  • ...undermining the nations critical information infrastructure

    NO!!! NOT CABLE TV!!!! *cries*
  • I know acronyms, but it should be expressed with government terms
    Cyber Attack Response Mutually Assured (CARMA) Destruction/Terror/ ... [CARMAD, CARMAT ...] I am sure there will eventually be more
    than one cute acronym for US.

    Oh, I strongly believe it is About Fucking Time (AFT) that China,
    North Korea, Russia, France, Iran, Ireland, Austrailia, Japan ...
    others understand we are prepared and deadly serious about making money
    for the wealthy and will totally fuckup friends and foes alike for
    any virtual attack o
  • I'm curious what the preemptive strategy would be?

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...