Forgot your password?
typodupeerror
Security The Military

US Cyber Command Reveals Plans To Hit Back At Cyber Threats 95

Posted by ScuttleMonkey
from the shoot-first-ask-questions-later dept.
CNet News.com is reporting that the Air Force's Cyber Command has just as much interest in offense as defense. "Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force. Lieutenant general Robert J. Elder Jr., who commands the Eighth Air Force's Barksdale base, told ZDNet.co.uk at the Cyber Warfare Conference 2008 that Air Force is interested in developing its capabilities to attack enemy forces as well as defend critical national infrastructure. "
This discussion has been archived. No new comments can be posted.

US Cyber Command Reveals Plans To Hit Back At Cyber Threats

Comments Filter:
  • by zappepcs (820751) on Friday April 04, 2008 @02:35PM (#22966286) Journal
    It still means bad things are about to happen when the defense team is studying offense tactics
    • by TubeSteak (669689) on Friday April 04, 2008 @02:40PM (#22966344) Journal

      It still means bad things are about to happen when the defense team is studying offense tactics
      If your defensive plan doesn't include any offensive measures, you're doing it wrong.

      To put it in simple terms, if someone is abusing your network bandwidth, you don't just throttle them down, you go tell them to knock it off (or something equivalent). That's an "offensive measure" and it's common sense, isn't it?
      • by baudilus (665036)
        Actually, that's also a defensive measure. An offensive measure would be more like block traffic to certain sites ahead of time.
        • Re: (Score:3, Insightful)

          by gnick (1211984)

          An offensive measure would be more like block traffic to certain sites ahead of time.
          Blocking traffic is still a defensive strategy. There's a difference between proactive defense and offense.
        • No, an offensive measure would be more like destroying the person's computer, thus taking away his ability to attack you.
          • Re: (Score:2, Funny)

            by charlesj68 (1170655)

            No, an offensive measure would be more like destroying the person's computer, thus taking away his ability to attack you.
            Well ... the Air Force should be quite good at doing that sort of thing.
      • by zappepcs (820751) on Friday April 04, 2008 @02:43PM (#22966386) Journal
        for some good responses to this article the first time around, try http://it.slashdot.org/comments.pl?sid=508970&cid=22942214 [slashdot.org]
      • by EnOne (786812)
        Nick to know that I'll be doing my online shopping in the 'Green Zone' hoping I don't get hit by a roadside logic bomb.
      • If your defensive plan doesn't include any offensive measures, you're doing it wrong.

        Let's put that idea into a different context. As the state and local police forces around our country take continue to take a more offensive stance do you feel safer [stopthedrugwar.org]? How about the way music labels protect their interests, is that better when it is offensive? I don't think so. I think that the only time an offensive posture look like a good defense is when you are on the side being more aggressive. To everyone not being d
        • The problem you're describing is one of the fundamental reasons to keep law enforcement and military operations separate. In law enforcement (whether criminal or civil) defense is the only reasonable option -- cops can't go around arresting people for the hell of it, and private individuals can't sue people for the hell of it, or the whole system becomes hopelessly overloaded and corrupt. In military operations, on the other hand, attack must be as much a part of the plan as defense; neither works by itse
        • While were all dwelling on analogies, what if we were to apply your analysis to a more direct conflict, such as a fist fight?

          If your opponent is throwing punches, you can defend yourself all you want, but unless you can strike back, the only question is how long you can last before you inevitably break.

          Come to think of it, if you consider your analogies more carefully, you'll see that both are fundamentally flawed. Lets say a serial killer is on the loose, would you feel safe if all you had was the p
      • by AP31R0N (723649)
        You're forgetting the W. is still president. Which means he's still CiC, therefore the military, all who are in it, and all that it does is evil. Because W. is the anti-Elvis and the worse than Hitler, Saddam, Bin Laden and Bill Gates combined.
      • by d474 (695126)

        If your defensive plan doesn't include any offensive measures, you're doing it wrong.
        But when your defensive strategy relies more and more on offensive measures, it's no longer a defensive strategy, it's called empire building. The trick is being able to identify the "slipping point" of that slope. The populace needs to be careful about embracing these "defensive measures" and make sure it isn't just pretty packaging for an offensive end game.
    • Re: (Score:1, Troll)

      It still means bad things are about to happen when the defense team is studying offense tactics
      What defense, this is the Air Force we are talking about? Despite the name (Defense Department) the military is about offense. The best description of the job of the military I have seen is: "break things and kill people."
    • This is the frickin' pre-emptive war post-911 USA military.

      I'm surprised to learn that we're essentially doing the old "HELO" to port 139 bitchslap on the enemy as a response when we could just as well resolve their physical location and drop some thermite down their "stovepipe".

      I can just see it now... "These radical script kiddies hate our network neutrality and ascii pr0ns... and so we must take the herring to them and slap them with it before they slap us."

      Seriously, why is the military even us
    • We do have a "Department of Defense" that's in charge of thousands of tanks, heavy bombers, aircraft carriers and atomic submarines so at least we're consistent. I'm still waiting on the departments of truth and love.
    • If you attract the attention of the US military, then you deserve to be destroyed.
  • OK, the Cyberspace Academy [edodo.org] isn't real, but it's a good Tron/D&D, "Series of Tubes" reference...
  • by baudilus (665036) on Friday April 04, 2008 @02:38PM (#22966324)
    Robert M. Gates, Secretary of Defense.

    "...and they tried to hit us with a DDoS, so we totally pwned those script kiddies. It wasn't hard, they were teh suk..."
  • Defense. (Score:5, Insightful)

    by headkase (533448) on Friday April 04, 2008 @02:43PM (#22966392)
    Having hackers for offence is all and good but when it comes to defense they need to train the programmers of the "critical infrastructure" in security techniques. And also perform regular penetration testing on the infrastructure correcting any problems they find as they go. So basically the hackers would not only be hacking other nations but they would continually have to try to hack their own as well to defend it.
    • Re: (Score:2, Informative)

      by sgt.greywar (1039430) *
      They do this. They're called CERTS and one of the many functions that the CERTs perform for the military is pen testing.
  • From TFA:

    "IT people set up traditional IT networks with the idea of making them secure to operate and defend," Elder said. "The traditional security approach is to put up barriers, like firewalls--it's a defense thing--but everyone in an operations network is also part of the (attack) force. We're trying to move away from clandestine operations. We're looking for real physics--a bigger bang resulting in collateral damage."
    Does this make anyone else nervous?
    • We're talking about an organization that has nuclear weapons. Now they'll also be able to shut off a city's electrical and water supply electronically. I don't see why that should make me more afraid.
      • It should make you more afraid because each nuclear warhead is tracked, guarded, and needs special permissions prior to firing. It's really hard to do all of that to knowledge (what software really is).

        To recap: it's really hard to fire a nuclear weapon by accident; it's not that hard to shut off a city's electrical and water supply electronically by accident (in comparison).
      • by megaditto (982598)
        Ever heard of a Joe Job?

        They already make leaps of logic like "Bin Laden hit us, so let's invade Iraq," so just you wait for the upcoming "DDoS from a Chinese IP, tunneled through a Canadian ISP, so let's invade Venezuela" reasoning...
      • Because it's easier to hide, and people don't know jack about it.

        Are you afraid of sudden police raids? Usually, not very. And you shouldn't have to if you live in a halfway working democracy. Raids are VERY intrusive, you and your neighbors will notice them and you'll be infuriated when something like this happens trivially. Could you see people get a tad bit upset if a raid became something that happens routinely in your neighborhood, with 99% of them being false alarms? They're loud, they're quite notica
    • When asked if the initiation a program of information warfare against the invaders was wise, given their existing foothold in orbit and on the Plains Of Qtx, K'breel, Speaker for the Council, stressed that there was no cause for alarm:

      "While it is true that the sinister blue planet continues to attack our information systems using the spy satellites and military drones that it has sent thus far, we are confident that we can deal with the situation. We have always been able to alter the telemetry data retur

      • Guess I should have said "Council of Elders" (get it? the guy quoted in Tripmaster Monkey's post was called Elder.) Oh well. Too bad the joke fell flat. :(
  • Dupe (Score:1, Redundant)

    by Thelasko (1196535)
    Sounds like a dupe [slashdot.org] to me.
  • Dup Dup Dup WHERRR Dup Dup Dup

    (The sound radar makes, right?)

    Anyone else think "Cyber Command" staff suffer a higher incidence of wedgies and swirlies than other members of our armed forces?
    • Unless they are jamming.
    • by plover (150551) *

      Anyone else think "Cyber Command" staff suffer a higher incidence of wedgies and swirlies than other members of our armed forces?

      Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."

      • Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."

        So...America's cyber A-Team has the 1337 skills of an entry-level con man? Can we outsource our electronic defense to the Israeli cyber team or something instead?

        Given that many live happily in the armed forces without any of these threatened items, I'm sticking with my theory of an unusually high wedgie-per-day rate.

  • What is the story hear ? did anybody think that Cyber Command was only interested in Defense ???? who do you take me for .......... my tinfoil hat may be in the closet but it hasn't started collecting dust yer
  • Oh, great. How much did Hollywood pay them to do this?

    Announcement for terrible cyber-war movie in 5... 4... 3...

    "Sergeant! I've been pinged!"

    "Dammit, Johnson! Get out of there!"

    • Oh c'mon, we all know how this has to look Hollywood-style:

      (Setting: A dark, gloomy room, packed with varying rattering machinery and the machine that goes 'ping'. Various people with good hygene, perfect haircut and decent uniforms (with ties!) sitting in front of screens that paint their faces in neon green. No nachos or pizza anywhere. Suddenly, Private Johnson reports)

      Pvt Johnson: "Sir, I think I picked up a signal."
      Officer: "Can you pinpoint it?"
      Pvt Johnson: "Yeah, the computer is on it."

      (We look at a
  • "l am a life-form that was born in the sea of information."
  • Turn your key, sir!
  • US Cyber Command. Does this sound as cheesedick to them as it does to the rest of us?
    • Reminds me of a group of executives within our company back in the 90's that called themeselves the 'cybersuits'. It was a lame name even for back then! I suggest "Ether Force" as a better name.
    • by PhxBlue (562201)

      In a word: Yes.

      What does a "Cyber" command do? It "cybers"? Yeah, count me out.

  • Maybe they can find a way to have a router overvolt a packet to knock out an individual computer! (j/k but it'd make good stupid movie explanation)

    I have allways wondered why people don't automatically Re-DOS the DOSer. Is that even possible, just start picking targets that are attacking, and flood them back till their network card pops or something.

    • Most (if not, all) of the time the attacker isn't the attacker. (see botnet)
      • I have been around a bit, I do know that about bot nets. But if you burn kill a box, one at a time, via a magic packet exploit of some sort, or some kind of dos attack, how long would it take you to blow out multiple small boxes if you had 1 central mega setup? It would be like an "bizzaro" DoS attack.

        It'd be like playing starcraft. If you put a solder agianst a tank, your going to lose the soldier right? But if all you have is soldiers and you focus fire down on the largest units first they all will ev
    • Because YOU are in the wrong, then. No kidding.

      The average DDoS is not conducted by some machines in the possession of those that attack. It's a network of machines infected with backdoors that allow the attacker to use those machines. The current fad is sending out spam, but they can be used for a DDoS as well.

      So. Now you, the attacked, go ahead and snipe those machines off the net. Which is usually no big deal, we're talking consumer PCs running on consumer DSL lines here, if you have a halfway powerful r
    • I have always wondered why people don't automatically Re-DOS the DOSer.

      Yeah, because when your pipe is full of traffic you don't want, the best thing is to double it and hit a load of home computer users who will just think the 'net is a bit slow today.
    • by Dan541 (1032000)

      I have allways wondered why people don't automatically Re-DOS the DOSer. Is that even possible, just start picking targets that are attacking, and flood them back till their network card pops or something.
      How do you intend to solve a problem by contributing to it?

      I'd conserve my remaining bandwidth for normal operations afterall what good is my server if it's unreachable?

      ~Dan
  • by IonOtter (629215) on Friday April 04, 2008 @03:43PM (#22967058) Homepage
    Other causes for military concern include possible supply-chain vulnerabilities, where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

    I guess that explains what happened to me?

    I got an email from a supply company requesting payment of nearly $15,000 for, I kid you not, 2200 telephones. Apparently, they'd been ordered, purchased and delivered to my former duty station at NCTAMS PAC in Hawaii.

    Mind you, they were all delivered to a mailbox that was probably all of 8x3x5 inches. I did the math, and 2200 desk telephones wouldn't have fit inside the whole mail BUILDING, let alone the post box.

    Nobody at the base ever saw the order-they would have, since that many phones would have come on 5 pallets-and nobody knew what they heck was going on. Finally, after working with the business owner, it was determined that the owner had been hacked.

    The phones went one way, the bill went the other, I got a nervous laugh, the poor business owner got screwed and the military was twirling around going "Wha?! Wha?!? HUH!??!"

    Didn't have to pay a cent, though. Wonder how it turned out?
  • Given the recent attempts to equate piracy with terrorism, how long until the US Cyber Command takes down The Pirate Bay?
    • by qbzzt (11136)
      I assume whoever configured The Pirate Bay's Web site realized people will try to hack into that system. Besides,

      Unless I miss my guess, the US Cyber Command would be more interested in things like the power supply in Tehran or the water supply in Damascus. You know, systems used by nation states that could become enemies.
    • More to the point, how long until they start taking down all of these REAL terrorist websites that we always hear about in the news? If Al-Qaeda is able to communicate and release statements over the web, it seems logical that the Cyber Command (snicker) would want to interfere with that as much as possible. Yet I've never seen any reports of this type of action. Have I missed them somewhere?

      Denny

    • by Dan541 (1032000)
      I think if they can stand up to the determination of the RIAA and MPAA they are pretty safe.

      An attach on Sweden's infrastructure (DoS attack) might be seen as an act of war. I would certainly view it as such.

      ~Dan
  • by Anonymous Coward
    We've had this debate many times here. All of would love to use offensive expoits against spammers, or to hit agressive corporations like Sony with revenge attacks, but the law, and the considered morals advise against it. For the firstpart you have target identification. Because of spoofing, which any intelligent agressor will use, you can't be sure who you're hitting back at. Secondly there's a difference between using real weapons offensively and hacking weapons. To use the latter you give the weapon aw
  • I can see it now: "Yeah, all those bits and bytes are for Teh Noobz! EMP them!" They've been developing deployable EMP bombs for years now. That's probably their entire offensive strategy. That and running ship anchors over the country's fiber connections. That seems pretty effective.
  • I don't see a justification for the "back" part in the headline, based on the excerpt.
  • Sweet, someday our home PC's will have to do mandatory military service for X years.
    Join the national DDoS army now. Its your patriotic duty!
    • Would the excuse of the average (infected) computer dummy, i.e. "I already served in Russia" work?
  • Air forces (Score:4, Funny)

    by ozbird (127571) on Friday April 04, 2008 @07:18PM (#22969036)
    Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force.

    One air force should be enough for any country.
    • Re: (Score:3, Funny)

      by dbcad7 (771464)
      I'm just imagining the drills...
      Tear down and reassemble the PC box.. timed of course.

      Why did you put that PC together so quickly, Gump?
      You told me to, Drill Sergeant

  • Technology may help ward off attacks, or (if it's really good) help to identify the responsible parties, but it takes a more personal, hands-on encounter to deter future attacks, and dissuade technologists from contributing to cyberattacks. Computers are just computers - people are where it's at, and the personal involvement component is the interesting part of the job. It's also the ticklish part because it needs to happen in a foreign country. Organizations with a developed cyber-terrorist workforce wo
  • It sounds like a sweet job.

    Step 1. All the computers owned by the government are turned into one giant botnet if they aren't already associated with one.
    Step 2. Communicate. Rather than the usual chain of command, everything will be run out of an IRC channel on EFNET that has a key and is invite-only.
    Step 3. DDos the middle east, Korea, etc.
    Step 4. US Government starts selling shell cacounts for eggdrops.
    Step 5. US Government gets into the warez business and opens up a porn site.

    Ah, I miss growing up on IRC
  • If the air force wants to cause the enemy harm. It seems to me they should buy Microsoft and promote the worldwide use of Microsoft software. This software is unreliable, filled with backdoors and trojans, and the use of it causes harm. It make people feel bad and causes depression. This sounds like a form of warfare to me.
  • by Anonymous Coward
    I'm a regular slashdotter who you would recognize, but I'm posting anonymously because I don't want my current employer to know yet.

    In a Herculean effort, I succeeded in applying to the Cyber Command just now. But I must say that their website doesn't speak well of their cyber expertise; they make it extremely difficult to figure out how to even apply. The "Join" link on the Cyber Command website [af.mil] just goes to the main Air Force recruiting site [airforce.com], where all I learned is that I'm too old and too fat to join

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...