The Christian Science Monitor May 15, 1:34 AM EDT
Colonel suggests using hackers' tool against them
By JORDAN ROBERTSON AP Technology Writer
SAN JOSE, Calif. (AP) -- Hackers often harness the combined
power of thousands of virus-infected personal computers to
pump out spam e-mail or disable targeted servers by
overwhelming them with Internet traffic.
Now an Air Force colonel is suggesting the U.S. military build
its own "botnet," or network of remotely controlled computers,
to be ready to attack the computer networks of foreign
enemies.
The proposal Col. Charles Williamson III outlined in the May
edition of the Armed Forces Journal highlights the creative
cyberwarfare strategies being hashed out by the military as
hackers abroad step up their attacks on U.S. government
computer networks and others around the world.
"The days of the fortress are gone, even in cyberspace," wrote
Williamson, staff judge advocate for Air Force Intelligence in
the Surveillance and Reconnaissance Agency at Lackland Air
Force Base in Texas. "While America must harden itself in
cyberspace, we cannot afford to let adversaries maneuver in
that domain uncontested."
The government wouldn't build its botnet by infecting innocent
people's computers like criminal hackers, Williamson wrote.
Instead, the military could use PCs it was going to throw
away. And it could expand that botnet's computing horsepower
by implanting its code on other government computers.
Williamson's commentary has ignited a debate in the computer
security community about the wisdom of building a military
botnet - and the government's ability to control it. The
tactic he suggests is called a distributed denial-of-service,
or DDoS, attack.
It's what was used last year by hackers in a three-week
assault that crippled government and cor****ate computer
networks in the small Baltic nation of Estonia, which is
highly computer-savvy.
It's frequently used by organized criminals to extort Web site
owners, who end up paying up to keep their sites online, and
by botnet operators to disrupt rivals.
Alan Paller, director of research for the SANS Institute,
which operates the Internet Storm Center, an early warning
system for computer attacks, said it would be easier for the
military to lean on Internet providers to shut off traffic
from hostile computers than to adopt the "carpet bombing"
approach Williamson advocates.
"To me it's a silly solution to a problem that has much
simpler solutions," he said in an interview. "What's wrong
with it is that it's not instantaneous, it's not precise and
it's not entirely effective. There are defenses you can set up
against it - whereas using a precision weapon, like working
with the network guys, is pretty wonderful."
Some security experts, however, said a military botnet could
help strengthen the United States' cyber defenses, and that it
seems like a reasonable idea, provided the government owns the
computers it's using.
Williamson concedes that one risk of a military botnet is that
it could mistakenly return fire at the wrong computers - even
those within a government network - if hackers successfully
disguise their attacking computers through a process called
Internet Protocol spoofing.
Hackers routinely launch attacks from computers in different
countries from where they are physically so it's often
difficult to determine where the offensives are coming from.
Williamson said the U.S. needs to develop better tools to
detect incoming threats on the Internet and determine the true
origin of attacks.
One of the thorniest issues the military would face is how to
respond if the source of an attack turned out to be
compromised computers within the U.S. or a friendly nation.
The military wouldn't be allowed to attack privately owned
computers in the U.S. without an order from the president, so
those incidents would have to be handled by law enforcement as
a criminal matter, Williamson said. And the governments of
countries friendly to the U.S. would have to cooperate to shut
down marauding computers there.
"The biggest challenge will be political," he wrote. "How does
the U.S. explain to its best friends that we had to shut down
their computers? The best remedy for this is prevention."
Williamson, reached late Wednesday, said he couldn't comment
beyond the opinion piece, under a request from the Air Force's
public affairs office.
http://customwire.ap.org/dynamic/stories/M/MILITARY_BOTNET?
SITE=MABOC&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2008-05-15-01-
34-46
--
A government, of, by, and, for: Rich, Elite, Freemasons.
But all things that are reproved are made manifest by the
light:
for whatsoever doth make manifest is light.
The light ****neth in darkness;
and the darkness comprehended it not.
The light of the body is the eye: if therefore thine eye be
single,
thy whole body shall be full of light.
But if thine eye be evil, thy whole body shall be full of
darkness.
If therefore the light that is in thee be darkness, how great
is that darkness!
Awake thou that sleepest, and arise from the dead,
and Christ shall give thee light.
For my yoke is easy, and my burden is light.
|
