France Will Hack Its Enemies Back, Its Defense Secretary Says (theregister.co.uk) 71
France's defence secretary Florence Parly had a declaration to make this week: "Cyber war has begun." And she said the Euro nation's military will use its "cyber arms as all other traditional weapons... to respond and attack," as well as setting up a military bug bounty program. From a report: Parly made her pledges during a speech to the Forum International de Cybersecurite (FIC) in the northern French town of Lille. Her speech was on a topic that most Western countries shy away from addressing directly in public. "The cyber weapon is not only for our enemies," said France's defence secretary this afternoon, speaking through a translator. "No. It's also, in France, a tool to defend ourselves. To respond and attack." Her remarks will be seen as moving the debate about offensive cyber capabilities -- not just so-called "active defence" but using infosec techniques as another weapon in the arsenal of state-on-state warfare -- to a new level.
Re: (Score:3, Interesting)
You know Hitler did just this, he'd just go on and invade, forget the formality of declaring war. It just wastes time.
In fact, some argue that it was his departure from this principle, declaring war on the USA, that eventually got his head handed to him. Had he not formally got the USA into a war with Germany, it's possible that with the provocation of Japan's bombing of Pearl Harbor the USA would have been content with "Lend Lease" a lot longer, perhaps long enough for Germany to lock up Europe and get
Re: (Score:1)
Japan gets all the credit for getting the US into the fight. The last thing the Germans wanted was for the US to enter the war. Japan handed Roosevelt the ammunition he needed to shit can the Neutrality Act which was supported by almost 80% of the US public before Pearl Harbor. Once the US formally declared war on Japan the Germans were forced to declare war on the US in support of their allie. Roosevelt had already exceeded his authority with his novel interpretation of the Neutrality Act. He had already unilaterally extended US territorial waters in the Atlantic to make it harder for the German U-boats to sink supply convoys to England.
The 20th century power curve was defined by two of the most boneheaded military decisions. Japans bright idea to hit Pearl Harbor and Hitler's decision to invade Russia. The Pearl Harbor decision was bold but Japan miscalculated the effect their attack would have on US public. And Hitler would have been better served reading up on Napoleon's misadventures during a Russian winter.
Some historians argue that getting Japan and the USA involved in a dust up was EXACTLY what Germany needed, and indeed encouraged. Japan and Germany didn't have a mutual defense treaty, not really, they had an "understanding" but Germany was NOT committed to enter the war when the US declared war on Japan. Yes they had talked, but Hitler would NOT have allowed himself to be drawn into that conflict as he was busy enough and stretched thin already fighting two fronts in Europe.
Hitler was very much unwilling
Re: (Score:2)
I doubt Hitler would have ever completely subjugated the Soviet Union. They could continually fall back through the Urals and beyond and the German supply lines would have been extended even further. German logistics were a mess - it still relied on mainly rail movement and horses for movement close to the front. The transport vehicles it did have were mainly taken from France and other countries - the Allies in contrast were highly mechanised.
Time and time again German supply routes were it's weakest point
Re: (Score:2)
The Pearl Harbor decision was bold but Japan miscalculated the effect their attack would have on US public.
Pearl harbour was just one of a number of attacks designed to secure the pacific, one of the reasons ironically to provide them more safety from the US. It didn't work.
Re: (Score:2)
You know Hitler did just this, he'd just go on and invade, forget the formality of declaring war. It just wastes time.
A thousand tanks rolling over your border is declaration enough.
Re: (Score:2)
I agree. I propose we declare war on war to end it once and for all.
The White Flag Ministry (Score:2, Funny)
Re: (Score:2)
Already taken. The White Flag ministry is a lumped in with the Ministry of Cheese and the Ministry of Monkeys.
Re: (Score:2)
I would have thought they would have called it the anti-yellow vest ministry, we can all guess the real plan. Russians are responsible for the yellow vests and hence the yellow vest must be attacked on the internet, oh yeah.
Re: (Score:2)
If you don't like Macron then vote against him. Destroying the property of others, risking the lives of innocents and threatening diplomatic representatives are terrorism and yes those that do those acts or condone those acts are the enemy of France as a state and as a people.
Re: (Score:1)
If there was a new vote now, its obvious Macron would have absolutely no chance of being elected. This means that France is now ruled by someone who does not represent the will of its population. This is not democracy, this is dictatorship and only the enemies of France would support dictatorship.
Of course, it is sad that people have to use violence to force an elected president to listen to them (or to resign), but don't blame the people for that. Blame Macron. He is the one who forces people to use violen
Re: (Score:2)
Anyone who questions what France is spending its new tax on.
Re: (Score:2)
People who are creative and make funny political memes.
Protesters who want tax reform.
Freedom of speech and to publish.
Re: (Score:2)
and owns, controls or regulates most of the local internet infrastructure.
minitel doesn't count
And thereby hit 3rd parties (Score:2)
And likely nobody else.
One has to wonder whether stupidity is a job requirement for these positions. Even after minimal consultations with actual experts, this person would know that this approach does _not_work.
Well, they say MAD worked.. (Score:2)
The problem here is that you have to at least demonstrate that you have the capability to destroy your enemies or it's kind of pointless and very dangerous to try this tactic. You are just asking for trouble if you cannot back it up. I'm thinking this is misguided.
Has France invented something more effective hacking tools than their Maginot line was during WWII? (Asking for a friend...)
Re: (Score:2)
The Maginot line was very effective so...
Re: (Score:1)
Until the Germans drove around the end of it, took Paris then attacked from the rear. Sure... But effective as what?
Re: (Score:2)
Experts from the USA and UK invited to France to give their views.
French experts travelling to the USA for a transfer of the most advanced methods in person.
Thats good quality gov/mil work.
Re: (Score:2)
Until the Germans drove around the end of it, took Paris then attacked from the rear. Sure... But effective as what?
About as effective as sarcasm online?
Re: (Score:2)
They should have a good understanding of global networks from France and parts of the world still under French control.
That gives them location and global reach. When ms and ping counts.
Find the real targets before launching, please (Score:3)
With how trivial it is to hide an attack in another country and blame it on another group, I hope France at least gets some surety of whom they are hacking back, because it seems like this can harm innocent parties, or parties which already have been breached.
Also, what is the end goal of "hacking back"? "rm -rf --no-preserve-root /" on the bad guys' machines may sound cool, but the bad guys likely have better backups than 95% of the companies out there and would be back in business in no time. Finding out whom the attacker is? At best, you may net a zombie "client", and maybe find a C&C IP address range.
State on state warfare as in going after another nation's power grid. Oftentimes hacking are asymmetric attacks. There may not be a power grid to speak of in some countries. Others would take that as an act of war, and respond with nukes or other weaponry.
Instead, maybe France needs to take a page from China and other countries, and that would be to see about better firewalling at their physical border routers, so attacks from foreign sources are stopped there, rather than at the hosts themselves. It might be wise to just block entire countries' IP space completely, if it is confirmed without a reasonable doubt that that country has state actors trying to do stuff.
Or, create an organization like UL and have component makers pass basic security testing before it is allowed to be sold, especially IoT stuff. It may not even hurt to make top brass of companies (you know, the guys who say "security has no ROI", then short the company stock before a security breach announcement is made) personally and criminally liable for breaches.
There is a lot countries can do to make themselves less of a target. "Hack them back" just doesn't sound feasible. Way too easy to launch attacks from someone else's territory. One thing countries can do is just not play ball. If Lower Elbonia is always a source of attacks via their state government, block their IP ranges at the routers, and call it done. If a corporation in another country is causing issues due to lack of security, block their range, or put the range in a blackhole list and let the ISPs do the blocking.
Re: (Score:2)
A Committee of Public Safety will detect and test for political art, cartoons, memes and comments about the French tax system.
A person with a desktop computer that has a consumer grade US OS will be the origin of such politics.
That is connected to the internet using a consumer ISP and each computer has its own IP.
French security experts will follow the IP back down to the ISP then to the desktop computer that is uploading art and information about French politic
Re: (Score:2)
Time of day, ip range, code litter and a method seen before seems to do the trick.
Guillaume is going to be very busy ensuring it the correct network.
A French seismologist doing spy work in the other nation can provide more support to ensure its really the right network?
Re: (Score:2)
I assume they would use their spy networks to learn of the perpetrator or deconstruct the payload, like how kaspersky found that the NSA was behind stuxxnet (Which they then paid the price for by having their reputation destroyed in the marketplace, thus confirming the suspicion).
There are only so many players out there after all.
Begun, (Score:2)
the Cyber War has.
Re: (Score:2)
Guillaume will have to tell his boss at the DGSE that it was he wrong IP range again.
Re: (Score:2)
France will be back at cyber war from the comfort of its Maginot network.
All warmongers care about is war (Score:1)
Re: (Score:2)
Years of French experts learning from the NSA and GCHQ.
They want the political meme computers to stop making jokes about the tax rates.
Bug bounty program (Score:2)
Cyber war FUD aside, I find it an interesting change to reward people who find holes in military systems instead of imprisoning them for "putting brave soldiers life in danger".
How will France confirm who the attacker really is (Score:2)
When cyber attacks are perpetrated, it can be extremely hard if not impossible to confirm who actually initiated the attack. Worse, the attackers may plant evidence pointing to an innocent party, causing the French to attack that target, which it turn can cause that target to retaliate, initiating a full out cyber war back and forth...
Re: (Score:2)
One IP, one ISP, one powerful politically active desktop computer.
Its always only one desktop computer.
That has the computer power needed to do the layers needed to make funny political meme art.
Stop the meme computers and French politics can sell the extra big tax rates.
A very East German way of preventing any comment on what a government is doing.
Throw dice. (Score:2)
>> How will France confirm who the attacker really is
Easy. Throw dice.
If you get a 1,2,5, the attacker is China
If you get a 3 or 4, the Attacker is Russia
If you get a 6, it's China and Russia acting together.
Fire ze nuclear missiles (Score:2)
You wot? (Score:2)