CNet News.com is reporting that the Air Force's Cyber Command has just as much interest in offense as defense. "Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force. Lieutenant general Robert J. Elder Jr., who commands the Eighth Air Force's Barksdale base, told ZDNet.co.uk at the Cyber Warfare Conference 2008 that Air Force is interested in developing its capabilities to attack enemy forces as well as defend critical national infrastructure. "
It still means bad things are about to happen when the defense team is studying offense tactics
If your defensive plan doesn't include any offensive measures, you're doing it wrong.
To put it in simple terms, if someone is abusing your network bandwidth, you don't just throttle them down, you go tell them to knock it off (or something equivalent). That's an "offensive measure" and it's common sense, isn't it?
An offensive measure would also mean sending a few burley Marines to the offenders office to beat the tar out of them. Now thats that I call "Intrusion Prevention"
If your defensive plan doesn't include any offensive measures, you're doing it wrong.
Let's put that idea into a different context. As the state and local police forces around our country take continue to take a more offensive stance do you feel safer [stopthedrugwar.org]? How about the way music labels protect their interests, is that better when it is offensive? I don't think so. I think that the only time an offensive posture look like a good defense is when you are on the side being more aggressive. To everyone not being d
The problem you're describing is one of the fundamental reasons to keep law enforcement and military operations separate. In law enforcement (whether criminal or civil) defense is the only reasonable option -- cops can't go around arresting people for the hell of it, and private individuals can't sue people for the hell of it, or the whole system becomes hopelessly overloaded and corrupt. In military operations, on the other hand, attack must be as much a part of the plan as defense; neither works by itse
Having hackers for offence is all and good but when it comes to defense they need to train the programmers of the "critical infrastructure" in security techniques. And also perform regular penetration testing on the infrastructure correcting any problems they find as they go. So basically the hackers would not only be hacking other nations but they would continually have to try to hack their own as well to defend it.
"IT people set up traditional IT networks with the idea of making them secure to operate and defend," Elder said. "The traditional security approach is to put up barriers, like firewalls--it's a defense thing--but everyone in an operations network is also part of the (attack) force. We're trying to move away from clandestine operations. We're looking for real physics--a bigger bang resulting in collateral damage."
We're talking about an organization that has nuclear weapons. Now they'll also be able to shut off a city's electrical and water supply electronically. I don't see why that should make me more afraid.
It should make you more afraid because each nuclear warhead is tracked, guarded, and needs special permissions prior to firing. It's really hard to do all of that to knowledge (what software really is).
To recap: it's really hard to fire a nuclear weapon by accident; it's not that hard to shut off a city's electrical and water supply electronically by accident (in comparison).
They already make leaps of logic like "Bin Laden hit us, so let's invade Iraq," so just you wait for the upcoming "DDoS from a Chinese IP, tunneled through a Canadian ISP, so let's invade Venezuela" reasoning...
Because it's easier to hide, and people don't know jack about it. Are you afraid of sudden police raids? Usually, not very. And you shouldn't have to if you live in a halfway working democracy. Raids are VERY intrusive, you and your neighbors will notice them and you'll be infuriated when something like this happens trivially. Could you see people get a tad bit upset if a raid became something that happens routinely in your neighborhood, with 99% of them being false alarms? They're loud, they're quite notica
When asked if the initiation a program of information warfare against the invaders was wise, given their existing foothold in orbit and on the Plains Of Qtx, K'breel, Speaker for the Council, stressed that there was no cause for alarm:
"While it is true that the sinister blue planet continues to attack our information systems using the spy satellites and military drones that it has sent thus far, we are confident that we can deal with the situation. We have always been able to alter the telemetry data retur
Oh c'mon, we all know how this has to look Hollywood-style: (Setting: A dark, gloomy room, packed with varying rattering machinery and the machine that goes 'ping'. Various people with good hygene, perfect haircut and decent uniforms (with ties!) sitting in front of screens that paint their faces in neon green. No nachos or pizza anywhere. Suddenly, Private Johnson reports)
Pvt Johnson: "Sir, I think I picked up a signal." Officer: "Can you pinpoint it?" Pvt Johnson: "Yeah, the computer is on it."
Reminds me of a group of executives within our company back in the 90's that called themeselves the 'cybersuits'. It was a lame name even for back then!
I suggest "Ether Force" as a better name.
Maybe they can find a way to have a router overvolt a packet to knock out an individual computer! (j/k but it'd make good stupid movie explanation)
I have allways wondered why people don't automatically Re-DOS the DOSer. Is that even possible, just start picking targets that are attacking, and flood them back till their network card pops or something.
Because YOU are in the wrong, then. No kidding. The average DDoS is not conducted by some machines in the possession of those that attack. It's a network of machines infected with backdoors that allow the attacker to use those machines. The current fad is sending out spam, but they can be used for a DDoS as well.
So. Now you, the attacked, go ahead and snipe those machines off the net. Which is usually no big deal, we're talking consumer PCs running on consumer DSL lines here, if you have a halfway powerful r
I in my heart, agree with that sentiment. But, we all have fits of rage and want revenge from time to time. The ability to control that is what makes us human!
I have been around a bit, I do know that about bot nets. But if you burn kill a box, one at a time, via a magic packet exploit of some sort, or some kind of dos attack, how long would it take you to blow out multiple small boxes if you had 1 central mega setup? It would be like an "bizzaro" DoS attack. It'd be like playing starcraft. If you put a solder agianst a tank, your going to lose the soldier right? But if all you have is soldiers and you focus fire down on the largest units first they all will ev
Other causes for military concern include possible supply-chain vulnerabilities, where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.
I guess that explains what happened to me?
I got an email from a supply company requesting payment of nearly $15,000 for, I kid you not, 2200 telephones. Apparently, they'd been ordered, purchased and delivered to my former duty station at NCTAMS PAC in Hawaii.
Mind you, they were all delivered to a mailbox that was probably all of 8x3x5 inches. I did the math, and 2200 desk telephones wouldn't have fit inside the whole mail BUILDING, let alone the post box.
Nobody at the base ever saw the order-they would have, since that many phones would have come on 5 pallets-and nobody knew what they heck was going on. Finally, after working with the business owner, it was determined that the owner had been hacked.
The phones went one way, the bill went the other, I got a nervous laugh, the poor business owner got screwed and the military was twirling around going "Wha?! Wha?!? HUH!??!"
Didn't have to pay a cent, though. Wonder how it turned out?
Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force.
Technology may help ward off attacks, or (if it's really good) help to identify the responsible parties, but it takes a more personal, hands-on encounter to deter future attacks, and dissuade technologists from contributing to cyberattacks. Computers are just computers - people are where it's at, and the personal involvement component is the interesting part of the job. It's also the ticklish part because it needs to happen in a foreign country. Organizations with a developed cyber-terrorist workforce wo
except that for static IP's(especially under IPv6) the RIAA has shown us that you can target an individual. Once you have an address, the only thing left would be to get a Predator Drone to follow them and launch a low yield hellfire missile. You could blow them up in rush hour traffic with minimum collateral damage.
And RIAA has also shown us how this method of targeting individuals does not have a great record of being accurate. I suppose that could fall into the category of "collateral damage" too...
Anyone else think "Cyber Command" staff suffer a higher incidence of wedgies and swirlies than other members of our armed forces?
Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."
Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."
So...America's cyber A-Team has the 1337 skills of an entry-level con man? Can we outsource our electronic defense to the Israeli cyber team or something instead?
Given that many live happily in the armed forces without any of these threatened items, I'm sticking with my theory of an unusually high wedgie-per-day rate.
I assume whoever configured The Pirate Bay's Web site realized people will try to hack into that system. Besides,
Unless I miss my guess, the US Cyber Command would be more interested in things like the power supply in Tehran or the water supply in Damascus. You know, systems used by nation states that could become enemies.
dupe first, ask questions later dept (Score:5, Insightful)
Re:dupe first, ask questions later dept (Score:4, Insightful)
To put it in simple terms, if someone is abusing your network bandwidth, you don't just throttle them down, you go tell them to knock it off (or something equivalent). That's an "offensive measure" and it's common sense, isn't it?
Parent
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2, Funny)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Re: (Score:2)
Re:dupe first, ask questions later dept (Score:5, Funny)
Parent
Re: (Score:3, Funny)
Re:dupe first, ask questions later dept (Score:4, Informative)
Parent
First time around? Not quite. (Score:2)
US Planning Response To a Cyber Attack [slashdot.org] was discussed more than a year ago in fact.
It's still worth discussing.
Re: (Score:2)
Let's put that idea into a different context. As the state and local police forces around our country take continue to take a more offensive stance do you feel safer [stopthedrugwar.org]? How about the way music labels protect their interests, is that better when it is offensive? I don't think so. I think that the only time an offensive posture look like a good defense is when you are on the side being more aggressive. To everyone not being d
Re: (Score:2)
I can see the press release now. (Score:5, Funny)
"...and they tried to hit us with a DDoS, so we totally pwned those script kiddies. It wasn't hard, they were teh suk..."
hey! (Score:2)
Defense. (Score:5, Insightful)
Re: (Score:2, Informative)
Troubling... (Score:2)
Should we be nervous? (Score:2)
Re: (Score:2)
To recap: it's really hard to fire a nuclear weapon by accident; it's not that hard to shut off a city's electrical and water supply electronically by accident (in comparison).
Re: (Score:2)
They already make leaps of logic like "Bin Laden hit us, so let's invade Iraq," so just you wait for the upcoming "DDoS from a Chinese IP, tunneled through a Canadian ISP, so let's invade Venezuela" reasoning...
Re: (Score:2)
Are you afraid of sudden police raids? Usually, not very. And you shouldn't have to if you live in a halfway working democracy. Raids are VERY intrusive, you and your neighbors will notice them and you'll be infuriated when something like this happens trivially. Could you see people get a tad bit upset if a raid became something that happens routinely in your neighborhood, with 99% of them being false alarms? They're loud, they're quite notica
Late breaking news! (Score:2)
When asked if the initiation a program of information warfare against the invaders was wise, given their existing foothold in orbit and on the Plains Of Qtx, K'breel, Speaker for the Council, stressed that there was no cause for alarm:
Contact General Spielberg! (Score:2, Funny)
Announcement for terrible cyber-war movie in 5... 4... 3...
"Sergeant! I've been pinged!"
"Dammit, Johnson! Get out of there!"
Re: (Score:2)
(Setting: A dark, gloomy room, packed with varying rattering machinery and the machine that goes 'ping'. Various people with good hygene, perfect haircut and decent uniforms (with ties!) sitting in front of screens that paint their faces in neon green. No nachos or pizza anywhere. Suddenly, Private Johnson reports)
Pvt Johnson: "Sir, I think I picked up a signal."
Officer: "Can you pinpoint it?"
Pvt Johnson: "Yeah, the computer is on it."
(We look at a
Sir, we are at launch! (Score:2)
lamest name ever (Score:2)
Re: (Score:2)
Re: (Score:2)
In a word: Yes.
What does a "Cyber" command do? It "cybers"? Yeah, count me out.
Imagine the possibilities (Score:2)
I have allways wondered why people don't automatically Re-DOS the DOSer. Is that even possible, just start picking targets that are attacking, and flood them back till their network card pops or something.
Re: (Score:2)
The average DDoS is not conducted by some machines in the possession of those that attack. It's a network of machines infected with backdoors that allow the attacker to use those machines. The current fad is sending out spam, but they can be used for a DDoS as well.
So. Now you, the attacked, go ahead and snipe those machines off the net. Which is usually no big deal, we're talking consumer PCs running on consumer DSL lines here, if you have a halfway powerful r
Re: (Score:2)
Re: (Score:2)
It'd be like playing starcraft. If you put a solder agianst a tank, your going to lose the soldier right? But if all you have is soldiers and you focus fire down on the largest units first they all will ev
I guess this explains a few things... (Score:3, Interesting)
I guess that explains what happened to me?
I got an email from a supply company requesting payment of nearly $15,000 for, I kid you not, 2200 telephones. Apparently, they'd been ordered, purchased and delivered to my former duty station at NCTAMS PAC in Hawaii.
Mind you, they were all delivered to a mailbox that was probably all of 8x3x5 inches. I did the math, and 2200 desk telephones wouldn't have fit inside the whole mail BUILDING, let alone the post box.
Nobody at the base ever saw the order-they would have, since that many phones would have come on 5 pallets-and nobody knew what they heck was going on. Finally, after working with the business owner, it was determined that the owner had been hacked.
The phones went one way, the bill went the other, I got a nervous laugh, the poor business owner got screwed and the military was twirling around going "Wha?! Wha?!? HUH!??!"
Didn't have to pay a cent, though. Wonder how it turned out?
I want you! for DDoS Army (Score:2, Funny)
Join the national DDoS army now. Its your patriotic duty!
Re: (Score:2)
Air forces (Score:4, Funny)
One air force should be enough for any country.
Re: (Score:3, Funny)
Tear down and reassemble the PC box.. timed of course.
Why did you put that PC together so quickly, Gump?
You told me to, Drill Sergeant
Technology won't solve the problem (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
U.S. Spaceball Command (Score:2)
http://www.geocities.com/yank2010/jamit.wav [geocities.com]
Re: (Score:2)
Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."
Re: (Score:2)
So...America's cyber A-Team has the 1337 skills of an entry-level con man? Can we outsource our electronic defense to the Israeli cyber team or something instead?
Given that many live happily in the armed forces without any of these threatened items, I'm sticking with my theory of an unusually high wedgie-per-day rate.
Re: (Score:2)
Unless I miss my guess, the US Cyber Command would be more interested in things like the power supply in Tehran or the water supply in Damascus. You know, systems used by nation states that could become enemies.