Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government News Politics

Should the US Go Offensive In Cyberwarfare? 276

The NYTimes has a piece analyzing the policy discussions in the US around the question of what should be the proper stance towards offensive cyberwarfare. This is a question that the Bush administration wrestled with, before deciding that the outgoing president didn't have the political capital left to grapple with it. The article notes two instances in which President Bush approved the use of offensive cyberattacks; but these were exceptions, and the formation of a general policy was left to the Obama administration. "Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
This discussion has been archived. No new comments can be posted.

Should the US Go Offensive In Cyberwarfare?

Comments Filter:
  • Offensive? (Score:5, Funny)

    by oahazmatt ( 868057 ) on Tuesday April 28, 2009 @03:52PM (#27750801) Journal
    Why? Just contract /b/ to do all the dirty work for you.

    It could be the Blackwater of Online Warfare.
    • by emocomputerjock ( 1099941 ) on Tuesday April 28, 2009 @03:56PM (#27750887)
      Now if only you could figure out a way to convince them that they are your personal army.
    • Re:Offensive? (Score:5, Informative)

      by auric_dude ( 610172 ) on Tuesday April 28, 2009 @05:23PM (#27752313)
      Blackwater Worldwide & Blackwater USA now called Xe http://en.wikipedia.org/wiki/Xe_(Company) [wikipedia.org]
    • Re:Offensive? (Score:5, Insightful)

      by religious freak ( 1005821 ) on Tuesday April 28, 2009 @05:24PM (#27752325)
      I think it's naive to believe we're NOT on the offensive, though I've got to admit our nation's recent incompetence in dealing with IT (defunct air force initiative, losing engineering plans to the F35) gives me a little more doubt.

      But we INVENTED a lot of this stuff. What does the NSA do, exactly? Yeah, they intercept international communications and develop systems to do this, but is that really all they do... really?

      I sure as hell hope not...
      • Re: (Score:2, Informative)

        by SupremoMan ( 912191 )

        What does the NSA do, exactly?

        Spy on Americans?

      • Re: (Score:3, Interesting)

        by AaxelB ( 1034884 )

        What does the NSA do, exactly? Yeah, they intercept international communications and develop systems to do this, but is that really all they do... really?

        Hmm... Now that you mention it, I'm surprised I've not heard more conspiracy theories that the NSA is behind Conficker (or other worms, but Conficker seems the best bet since it's really well-designed and hasn't yet revealed its purpose) and that the government tends toward pro-Microsoft legislation so that there are more vulnerable, poorly-secured computers throughout the country/world for them to use to their advantage.

        I'm not saying it's true, I'm just thinking that the NSA is doing a damn good job sinc

        • It's a spambot [washingtonpost.com]and scareware downloader [washingtonpost.com].

      • Re: (Score:3, Insightful)

        by Idiomatick ( 976696 )
        People believe movies too much. I have complete faith that the government is 15years behind the ball. We are talking about people that use fax still. I certainly don't expect them to be doing crazy high end cutting edge hacks.

        6920 616d 206e 6f74
  • by viralMeme ( 1461143 ) on Tuesday April 28, 2009 @03:53PM (#27750821)
    What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.
    • Re: (Score:3, Interesting)

      by cdrguru ( 88047 )

      If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

      Sorry, but if you have untrained and inexperenced people doing administration on computers, you are going to have problems. No matter what the computer operating system is, if the "administrator" installs malware on it and follows whatever procedures are required to install the software, it is compromised. Period.]

      Linux, MVS, VM, Windows, Solaris, OS X, whatever.

      • Re: (Score:3, Interesting)

        If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

        Sorry, but if you have untrained and inexperenced people doing administration on computers, you are going to have problems. No matter what the computer operating system is, if the "administrator" installs malware on it and follows whatever procedures are required to install the software, it is compromised. Period.]

        Linux, MVS, VM, Windows, Solaris, OS X, whatever. It doesn't matter. The only thing that has any chance of helping is to get the administration power out of the hands of inexperienced and untrained people. Give them "appliances" that cannot be subverted because nothing can be installed on them.

        When was the last time you had to update the anti-virus software on an iPod? How about having to reboot your refrigerator because it locked up?

        If all people need is web browsing and email, they need something that will do that and nothing else. No possibility of viruses, worms, trojans or whatever else. Just something that gets the job done without the possibility of anything bad happening.

        I agree with most of your reply, but your analogies seem a little flawed. My refrigerator doesn't call my friend's refrigerator in Sweden and show pictures of his latest backpacking adventure, nor does my iPod go on msn so (s)he can talk with his/her girlfriend on the web cam. I have already stopped crossing the street to avoid getting hit by a car, I change my underwear on a daily basis *just in case* it does happen and the paramedics have to take my clothes off, and I also have recently begun not even t

        • Re: (Score:3, Interesting)

          by Dan541 ( 1032000 )

          But other people don't suffer at the hands of your ability to operate a refrigerator and if they did (you cook them a meal) you are liable for food poisoning. A computer should be no different, users need to be held accountable for the damage their stupidity causes.

          Ok I'll throw in a free car analogy.
          If you don't know how to drive a car, yet you choose to anyway you are held liable if you crash, even though you didn't know what you where doing you would still be charged. Same goes for any other bit of machi

      • CLI baby. Go back to X windows from a command line. if the user doesnt want to do anything but what they have to on the computer, they won't be doing things that they shouldn't.
      • by grumbel ( 592662 ) <grumbel+slashdot@gmail.com> on Tuesday April 28, 2009 @05:22PM (#27752311) Homepage

        If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

        OLPC with Bitfrost will do exactly that just fine. Just because most other OSs don't even try to prevent those issues doesn't mean you can't.

    • What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.

      That's somewhat less satisfying than dropping napalm on them. More effective, sure, but do you really want to live in a world where spammers AREN'T burned alive? Cause I don't.

    • by Dan541 ( 1032000 )

      I agree,
      we already have enough problems with asshats abusing the internet. We don't need the United States Government as well.

  • by Smidge207 ( 1278042 ) on Tuesday April 28, 2009 @03:53PM (#27750829) Journal

    Starting in 2002 we gave away our dominance in software technology to other nations. The policy of China was to subsidize tens of thousands of students studying in the computer sciences. In 2002 American companies subsidized this policy of China by shipping over American jobs so that Chinese students could gain the necessary and hard to obtain experience of working on real systems. American programming jobs were shipped to India, China, and Russia and subsidized these nations in their ability to build expertise in software technology.

    Now very few American students are enrolled in the computer sciences departments of America to provide the expertize necessary for threats to American computer systems, while other nations have tens of thousands that can obtain all of the benefits of software technology. American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas. Now many American systems are dependent upon offshore foreign programmers. There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

    The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access. Hollywood movies show complex schemes and supposedly sophisticated attacks to access computer system when the reality is that you can simply walk in the front door with a bribe and have complete access. It is meaningless to protect these systems from attacks over the internet when they may already have been seriously compromised.

    =Smidge=

    • by Red Flayer ( 890720 ) on Tuesday April 28, 2009 @04:10PM (#27751191) Journal

      American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas.

      And yet that's not the policy of America. That's the policy of *some* American companies.

      Mostly because US workers are not worth what they cost to employ.

      The solution is not a phobic restriction on offshoring (protectionism), the solution is to bring domestic wages in line with offshore wages. Ideally this is done by increasing the global standard (and cost!) of living, but at some point we might just have to realize that our ridiculous wasteful standard of life is unsustainable if we want to compete economically with the rest of the world.

      • by tukang ( 1209392 ) on Tuesday April 28, 2009 @05:30PM (#27752401)

        Yes, you have a point about our standard of living but it's not only our standard of living that has caused this problem, it's also the deterioration of the quality of k-12 education in the US - especially in math.

        When I did my undergrad, more often than not, kids who didn't know standard mathematical identities, were Americans. I don't see how someone who doesn't understand logs and exponents inside out can do well in a (respectable) comp sci program. Why should US companies hire mediocre US comp sci students when they can hire higher quality students overseas at a cheaper price?

        • Re: (Score:2, Insightful)

          by _ivy_ivy_ ( 1081273 )

          ...it's also the deterioration of the quality of k-12 education in the US - especially in math.

          While your deterioration theory is interesting, and math education is inadequate, I'm fairly sure you're hearkening back to a past that never was.

          I seem to remember that inadequate math education was offered as "proof" as to why the Soviets beat the US into space with Sputnik.

    • by clarkkent09 ( 1104833 ) * on Tuesday April 28, 2009 @04:12PM (#27751223)
      the policy of America is simply to ship programming jobs overseas

      No it's not. The policy of America is to promote globalization and free trade which in the long run is thought (rightly or not) to be beneficial to the USA. If that's what you are doing then it does make it kinda hard to use legislation to stop American companies from doing what they want which is hiring labor where its cheapest. Either you are for protectionism in which case we will lose in the long run because US companies won't be able to compete, or you are for liberalization of trade (including labor) in which case US workers will have to compete for jobs on equal terms with Chinese, Indians etc
      • by Jane Q. Public ( 1010737 ) on Tuesday April 28, 2009 @05:28PM (#27752369)
        "... globalization and free trade which in the long run is thought (rightly or not) to be beneficial to the USA."

        And there is the problem: who really thinks this?

        The fact is that GATT and NAFTA had, and have, very little to do with "free" or "fair" trade. Subsidies and trade barriers remain on both sides of all borders, and in the main, they were giveaways of many trade advantages that the U.S. naturally enjoyed, to the eventual detriment of U.S. citizens and businesses.

        However, your statement that the U.S. cannot compete is simply false. BEFORE these "trade giveaways", we competed just fine. Isn't it amazing that we have had trouble since?

        Further, the "cheap" labor markets have also, over time, gained a well-deserved reputation for sub-standard products, whether those products are toys or software. That is not to say that there are not competent programmers and producers elsewhere. Of course there are. But I am referring to trends and averages. Further, "cheap" labor and production has led to environmental degradation that would not be tolerated within the U.S. So these multinational and outsourcing corporations are responsible for harming their cheap laborers even as they improve their income.

        Globalization of the economy (as opposed to plain trade) is a bad, bad, disastrous idea. Diversity is essential for the survival of organisms, and that is a valid analogy to economies and cultures as well. Nationalism will not (had better not) be broken down, because if it is, woe to the people of Earth.
        • Re: (Score:3, Informative)

          by radtea ( 464814 )

          And there is the problem: who really thinks this?

          I do.

          The US lost its trade dominance in the '70's, long before the original FTA with Canada (later expanded into NAFTA).

          GATT was around from 1948 to 1994 (before being replaced by the WTO). The period from 1948 to the late 60's was a boom period for the US, in part driven by world trade.

          So by trivial empirical examination the current US mess has nothing much to do with free trade.

          The real problem is that your dollar is the reserve currency and has been for t

    • There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

      You seem to be implying that there haven't been cases of American workers doing the same. Is there any reason to think this implication is accurate?

    • Re: (Score:3, Insightful)

      by tukang ( 1209392 )

      There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

      The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access.

      Do you honestly think American workers don't do the same? It's almost as if your argument is that American workers are inherently more ethical than foreign ones and that therefore offshor

  • no brainer (Score:5, Insightful)

    by Briden ( 1003105 ) on Tuesday April 28, 2009 @03:54PM (#27750841)

    If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

    no.

    • by viralMeme ( 1461143 ) on Tuesday April 28, 2009 @03:57PM (#27750935)
      "If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

      What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.
      • Re: (Score:2, Informative)

        by Burkin ( 1534829 )

        What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.

        The US, apparently.

      • What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.

        What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the telephone network?

        What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to radio receivers?

        And so on.

        You gotta communicate with 'em SOMEHOW. Are you proposing the b

      • Re: (Score:2, Interesting)

        Killing the internet to the hospitals might result in better service (less staff MySpacing and Facebooking while the emergency room's full).
    • Physically bombing a country's electricity and transport infrastructure seems to be fair game, so why shouldn't a cyber attack be the same.

      We might find it is preferable to break in in such a way that they don't know it has happened, and monitor what is going on. I'm sure that already happens, but this is a tactical decision.

      • Re: (Score:3, Insightful)

        by flyingsquid ( 813711 )
        It seems to me that there are two questions here. First, is attacking civilian infrastructure to cause discomfort, fear, or inflict economic hardship a morally just tactic? Second, is it actually effective?

        In World War II, the U.S. bombed civilian targets in Germany and Japan, the rationale being that stopping the Third Reich and the Japanese empire justified the cost in lives and suffering. We had 50 years to think about that decision before the U.S. became involved in the Kosovo War in 1999. Then, the U.

        • So, I'm not a military historian, but I'd argue that attacking the civilian population is counterproductive. Generally, it will enrage your enemy and make them more determined to fight on.

          Actually, no. I should note as a counterexample that the bombing by Germany of Rotterdam pretty much caused the Dutch to surrender to the Germans. As well as causing panic in France that materially aided the German advance (French refugees blocked roads that would have been necessary for any serious French counterattack

      • by Toonol ( 1057698 )
        Right. Just like "an auction ON A COMPUTER" is still an auction, and doesn't need a whole new body of law invented to handle it, "warefare ON A COMPUTER" is still warfare. Where civilian casualties are acceptable from bombing, they would be acceptable with cyberwarfare, and when they aren't, the aren't.

        If the internet needed a whole new set of moral and legal principles, than your moral and legal principles weren't well generalized to begin with.
    • That would assume that taking out the power grid would in fact do those things. Hospitals have generators, as do ATC systems. Banks I'm sure would be able to keep working behind the scenes, even if they couldn't open their doors to customers.

      The way I see it, we should use cyber warfare as a life saving measure. Basically, don't use cyber attacks unless you would use an equivalent military strike to get the same effect if the cyber option wasn't available. There are times when destroying or disabling a

      • by cenc ( 1310167 )

        I believe it was Powel that said, "you break it, you buy it". So, rebooting a couple of computers, reinstalling some software, sure seems a much cheaper deal than trying to rebuild a power grid.

        I would assert it would in fact be unethical, to bomb the power grid if you could simply do it with cyber attack.

    • Yes.
      An attack results directly in the death of American citizens. Such a response would only indirectly result in the death of citizens if at all.
      Whereas such an assault would cost lives and physical damage, the response would simply be an inconvenience. After all, what hospital or air traffic control system doesn't have battery backups. Making life miserable for an opponent is a sure way to curb future agression, and disabling an enemies civil infrastructure is a benign way of doing this.
  • by Anonymous Coward on Tuesday April 28, 2009 @03:58PM (#27750951)

    I can just imagine the streaming video of masked men slowly lowering a powered-up motherboard into water while yelling "why did you portscan us?"

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Tuesday April 28, 2009 @03:59PM (#27750955)
    Comment removed based on user account deletion
    • by radtea ( 464814 )

      Basic facts about war, foreign policy and economics will always be with us.

      I'm not sure what these "basic facts" you mention are. They can't include "there will always be wars" because there have not always been. They can't include "nations will always have competing interests" because the very idea of a nation is a recent one. They can't include anything about corporate interests or the financial system because again, those are recent and flexible institutions, and while it is true that a system of full

    • Re: (Score:3, Insightful)

      by phantomfive ( 622387 )
      You show such a misunderstanding of global politics and history that it's not surprising you think war is inevitable.

      What you seem to be saying is: Russia and China don't need to build up an army, because they have no reason to be afraid of us. On the other hand we DO need to be afraid of them, because they have a history of being imperialists and aggressors.

      The truth is the good old USA has a long history of being imperialist and an aggressor. How do you think we got Florida? Or Texas, or California
  • The answer is no. (Score:5, Insightful)

    by hey! ( 33014 ) on Tuesday April 28, 2009 @03:59PM (#27750957) Homepage Journal

    At least, not until provoked, and then only at resources demonstrably being used in actual operations against the US.

    The reason is that we don't want politically motivated cybervandalism to be legitimized.

    This is what I had against the whole neo-con "spread democracy" program. I'm all for spreading democracy, but it won't work unless you spread the values and institutions necessary to make democracy work. One of those is freedom of thought and expression. It makes no sense to promote democratic government in a country where you are conducting psyops campaigns and are complicit in or actually performing suppression of free speech.

    • At least, not until provoked

      I would consider all those "Tr3y canadian C1alis rol3x3s FREE!" sufficient provokation to justify military action. Not only do they spam me, they're full of typos! It's offensive on all levels!

      (Yes, I do know it's not so much typos as it is trying to get past filters, I don't care)

  • As a former fed IT staffer and military specialist, our policies were always to be proactive. Resting is never a good place to be when an attack hits. Obama (and the rest of our NATO nations) need to have their own cyber-warfare military units to respond to any potential threat. With our economies being tied closer and closer each year to the internet, its now along the same lines of our need for energy and needs to be guarded as such.

    Besides, I would rather these units proactively dismantle bot-nets, spynets, and spam-nets to protect our infrastructure than to constantly force the private companies to deal with the criminal and 'not-so-criminal-china-warfare' tactics going on today.
  • If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

    Seriously, if any military official takes more than two seconds to realize that it is clearly insane and has not learned one thing from our struggles in Iraq and Afghanistan. Alienating the populace of a nation like that has no benefit and is outright counterproductive. An attack on civilians like this works only in the context of strategic, conventional total war. We haven't fought a conventional war in 50 years. For any foreseeable conflict that U.S. could be involved in, it would be only sane to scrap the idea of attacking civilian infrastructure of any kind, information infrastructure included.
    • Re: (Score:3, Insightful)

      by cptnapalm ( 120276 )

      "We haven't fought a conventional war in 50 years."

      There were those two wars against Saddam Hussein (I put it this way to distinguish the initial part of the Iraq War from the counter-insurgent part).

      • I believe the context here is "total" war. I.e. a war where people are already 100% against you, and nothing is gained from restraint. The last time that this was remotely true was WW2, and even then the Total war was stopped before reaching its logical conclusion: 100% annihilation of the enemy.

  • Since when does the gov ask NYT or slashdot readers what to do? And, would we really expect that the CIA would be making public announcements about their actions and intentions?

    "Cyberwar" by definition involves at least two warring parties, doesn't it?

    And, the internet is an interesting beast, requiring a computer to be connected to it in order communicate. Once connected, there's the potential for an exploit, given the complexity of software + hardware and the human vulnerability to coercion (mandatory htt [xkcd.com]

  • by Anonymous Coward

    Just because you don't read about it doesn't mean it doesn't exist.

    You seriously think the country with the worlds largest and longest established sigint program doesn't use it for offensive purposes?

  • Absolutely (Score:2, Insightful)

    Nothing prepares you for war like lots of practice.

  • by BobMcD ( 601576 ) on Tuesday April 28, 2009 @04:06PM (#27751095)

    Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.

    I agree. And just like the atomic bomb, exactly two of these might ever be used in actual warfare.

    Think it through:

    1) North Korea kills several power plants with cyberweapons.

    2) US kills North Korea with conventional weapons.

    Sure, if you're Estonia or Georgia you may have problems. You don't have one of the most powerful military forces in the world at your disposal. But here in the US we have all sorts of muscle that we use against people that we feel are misbehaving.

    In fact, I doubt highly that we would prevent such an attack were the enemy foolish enough to launch one.

    Stop an excuse to go to war? This nation? I think not.

    • Re: (Score:3, Funny)

      by teh kurisu ( 701097 )

      Stop an excuse to go to war? This nation? I think not.

      You make it sound like you have a choice in the matter. Yours is the nation that brought the world Norton Antivirus; of course you're not stopping an attack.

    • I think not.

      Is this really the time for Bush quotes?

  • last time i checked, terrorists are known to use channels that are also used by a large portion of the public, so bringing them down doesnt sound good. And to go fully (especially publicly) offensive against any nations sounds like a very good way to start a war, even if a cold one.
  • disconnected (Score:2, Interesting)

    by rndmcnlly ( 751912 )
    A related but more general question: When people talk of bits of infrastructure being connected or disconnected from the Internet, are they talking about the presence of direct, layer 3 connectivity (can I ping the airport's tracking systems?), any layer (if I hack the contracting company's intranet can I view aircraft positions through a series of proxies and application layers?) or actual electronic disconnection from the Internet (can you get only get in via getting your man on the inside the tweet the
  • "Should" is a moral question. Moral questions are a luxury afforded by rich societies with no pressing needs (in other words, no cause for survival except continued convenience). The real question is "Do we need to?" and my answer is that if you have enemies, you always need to keep track of them.

    I may be channeling Niccolo Machiavelli here... stupid cheap acid I bought back in my sophomore year.

    • Re: (Score:2, Insightful)

      by Xadnem ( 1120075 )
      Moral questions aren't a luxury, unless you're playing a zero sum game. Most nations aren't, they're a necessity, if only out of self-interest. If a nation proves it's rabidly amoral, doesn't follow the rules of war that have developed over the past few hundred years, they also better hope they don't need allies.
    • by rts008 ( 812749 )

      I may be channeling Niccolo Machiavelli here... stupid cheap acid I bought back in my sophomore year.

      No, it's a very old concept:
      'Keep your friends close, and your enemies closer.' by some old Chinese guy, many centuries ago...yeah, I had one of 'those' Sophomore years too....

  • This was about Arlen Specter.

  • We will lose that offensive.

    We are the ones who come up with copy protections and it takes some kid in Scandanavia a few hours to crack it.

    We will quickly be destroyed by the cyber armies of 13 year olds with 22 hours of sunlight and Mountain Dew in their grasp.

  • by gmuslera ( 3436 ) on Tuesday April 28, 2009 @04:27PM (#27751487) Homepage Journal
    Retaliation against a real world country because one, a few or several of the attacking parties were doing the final/traceable connection from there could not be very fair, and could show how close is militar intelligence with absolute stupidity.

    Even if could be attacks lauched by other countries government internet addresses, but how you separate government willing to do that attack from some individuals there just checking the waters without autorization?

    What is worse, what were the biggest internet attacks till today in general? From Morris worm to Conficker, passing thru all the spam in the middle, all were done by individuals and groups not related with government. There was the cyberattack to Estonia (?) some years ago, that was done more by individuals than from a government.

    With nuclear bombs at least you have them enclosed in silos, military security, isolated. You need a small army to try to get one if not get disabled before. But a clever kid could take for its own benefit (from turning it to you or launching a big attack at your name) your entire botnet from the safety of his home.

    But i have to agree that the 1st cyberattack from America was a big success. Crippled most of the computers of the world, caused lots of damages to other countries and still is active doing its work. But still, you cant say for sure if was launched by the government or Microsoft Corporation.
  • by DarkEntity ( 1089729 ) on Tuesday April 28, 2009 @04:31PM (#27751579)
    As an American, I think I already am pretty offensive to most people on the Internet.
  • by Halo1 ( 136547 ) on Tuesday April 28, 2009 @04:45PM (#27751791)

    Or did everyone already forget ECHELON [europa.eu]? Or does it only count if you actively break into other systems, rather than only intercept everyone's personal, business and political Internet communications?

    And it would really surprise me if they didn't break into other systems yet. It's not like they first asked for public approval for ECHELON before starting to set up and use it.

    • Which, like it or not, is treated very differently. There is a tacit agreement among nations that spying isn't a cause for war. Many nations try to spy on each other and while the spys themselves have little to no protections, the spying itself doesn't result in major stir ups. Remember that not long ago Aldrich Ames, a CIA counter-intelligence officer, was convicted of spying for the Russians. While he went to prison for it, the US certainly didn't go to war with Russia, or for that matter even get mad and

  • they are utilizing probably a tenth of their hacking capacity. they are hitting sparse targets for capital gain or espionage.

    What would happen if they decided to hit us for real?

  • by teh kurisu ( 701097 ) on Tuesday April 28, 2009 @04:46PM (#27751827) Homepage

    Another is avoiding attacks aimed at civilians.

    Israel's policy, which America supports, is that firing a missile into a block of flats full of civilians is okay, if they think a terrorist is in the building. The attack is not aimed at the civilians, they just happen to be there. I'm sure the same mindset would apply in this case.

    • You have oversimplified. Israel's policy, which America supports, is that firing a missle into a block of flats full of civilians is okay, since blocks of flats full of civilians is the only place terrorists every hide/stash their weapons, and by extension, the civilians are aiding the terrorists.
      • For example if you read the Geneva Conventions, you find that various places are "off limits" for war. Hospitals and religious places would be the big ones. The rules say you need to take care not to attack them. However, there's a flip side to the rule: You also need to take care not to use them for military purposes. So if there's a church and it is used by people as a church, no problem, that church is off limits. However if an army decides to set up shop in there are use it as a base, it just became fai

  • ...Another is avoiding attacks aimed at civilians. God knows the US has NEVER intentionally attacked civilians, no siree! (Cough, Hiroshima, Cough, Nagasaki, Cough) I'm not really certain that avoiding "collateral damage" is a big a concern to the US military as you seem to think it is.
  • Yes.

    It's no different than any other logistic target. If another country strafed an interstate or shot down one of our satellites, we'd consider it an act of war. Just because it involves a computer doesn't mean the principle or effect is any different. Enough of this "cyber" crap, a violation of a law, a treaty or an understanding is just what it is, whether it happened electronically or not.

  • If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?

    Give me a break.

    If a US military base is attacked by a foreign government, whether physically or online, it is an act of war, and should be treated as such. A military response may be appropriate, and that could include an online attack as one component of the military strategy.

    If a US military base is attacked by foreign teenagers in their parents' basements, it is a criminal act carried out by individual citizens, and should be treated as such. The perpetrators should be prosecuted by their own governme

    • Sure... but the difficulty is in knowing whether the attacker is the foreign government, or the foreign criminal. Unlike in the physical world, correct attribution of cyber attacks is much more challenging.

      I agree with you that this whole "proportionality" idea makes no sense in war. Wars are not a game of tit-for-tat, they're a serious conflict with serious consequences. When the Japanese bombed Pearl Harbor, the US didn't say "oh, well I guess I'll bomb one of their naval bases, and then we'll be even"

  • If the government would quit running fucking Windows, hire some IT guys who know their ass from a hole in the ground; maybe we wouldn't have so many problems on the cyber front.

  • Because going on the offensive worked so well in Iraq, Afghanistan, Somalia, Vietnam, etc...

  • Richard Clarke [wikipedia.org] spoke at my campus about a month ago and addressed this question. His claim was that United States needs to put forth some doctrine of cyberwarfare deterrence for the same reasons it did with nuclear warfare. His argument was that because of how dependent on computers the world is, cyberwarfare, a relatively unknown beast, has the same potential for the mutually assured destruction [wikipedia.org] that nuclear weapons are capable of.
  • Let Linus sort'em out!!!

  • From the article:

    "The fortress model simply will not work for cyber," said one senior military officer who has been deeply engaged in the debate for several years. "Someone will always get in."

    I always find it disturbing when these issues are treated like physical security issues. Part of that is because it is often physical security specialists that are brought to task. It is an environment that they often seem to be completely unprepared to deal with.

    The issue is that information security and physical s

  • Why would you assume that we aren't already?
  • All I see here is pretext. The notion I have heard expressed that hackers can do the same damage as nuclear weapons is absurd to the ears of anybody with an ounce of intelligence. Massively exaggerated threats can only mean one thing; a power grab.

    They want to have spyware built into every piece of hardware and software out there. They want to turn every single bit of data processing equipment of any kind into part of their foreign and domestic intelligence network. They want to take the vast amounts of dat

  • that's what russia and china do

    there is no need to encourage them, merely track them and get out of the way of any of their initiatives. and when the shit hits the fan and another government complains, the government can play dumb: it really wasn't their doing, there's no financing or chain of command. the only crime is one of omission: watching someone do something wrong and not stopping them. the nationalist partisans steer clear of their own nation's computers out of fealty (perhaps protecting them too), they obediently report to the government any stupendous finds (nuclear plant blueprints, warfare plans, etc.) simply for the renown, and in times of great duress, are predisposed to fall under the umbrella of government control. all at the same time, they are complete free of cost, and of the highest technical proficiency and motivation. their motivation is simply passion

    this is already happening, for years. before 9/11 there was the hainan island incident:

    http://en.wikipedia.org/wiki/Hainan_Island_incident [wikipedia.org]

    this spy plane bump and crash brought american partisans and chinese partisans at full war online. how do i know this? because one of my windows boxen in new york at the time got hacked. its front page was replaced with the chinese flag and the text "fuck poisonbox! hacked by chinese". i traced the attacking ip to a technical college near beijing. who is poisonbox? i researched it: he was an american partisan hacker(s) laying waste to various chinese servers at the time

    i found an article about the proceedings still online from that era:

    http://attrition.org/security/commentary/cn-us-war.html [attrition.org]

    there is no debate here, it's already happening, done by partisan hackers, in loose affiliation with their governments and the government's turning a blind eye to the hijinks

    someone out there, perhaps reading this comment, has the makings of a great book or movie, with years of hardcore cyberwarfare already under their belt. they could be in any number of countries where ultranationalism rages (turkey, greece, israel, pakistan, india, etc.)

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...