Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private> Cc: cissp-guns-and-butter@private (I should probably state, right off the top, that my intention is not to make fun of military studies of infowar/cyberwar capabilities, but the people who report on them.) Date sent: Mon, 18 Apr 2005 05:00:18 -0500 (CDT) From: InfoSec News <isn@private> Subject: [ISN] U.S. Military's Elite Hacker Crew > http://wired-vig.wired.com/news/privacy/0,1848,67223,00.html > > By John Lasker > April. 18, 2005 > > The U.S. military has assembled the world's most formidable hacker > posse: a super-secret, multimillion-dollar weapons program that may > be ready to launch bloodless cyberwar against enemy networks -- from > electric grids to telephone nets. Ummm, haven't we heard this before? Many, many, many times? > In simple terms and sans any military parlance, the unit could best > be described as the world's most formidable hacker posse. Ever. Oh, it could *easily* be described that way. When you're a reporter looking for a sensational story, you can describe all kinds of things that way! > But aside from that, little else is known. Surprise, surprise! > "They are a difficult nut to crack," said Dan Verton, a former U.S. > Marine intelligence officer. "They're very reluctant to talk about > operations." Yeah. I'll bet. > Verton said the unit's capabilities are highly classified, but he > believes they can destroy networks and penetrate enemy computers to > steal or manipulate data. Oh, golly! Intrusions into other people's computers! Just imagine! > He said they may also be able to set loose a worm to take down > command-and-control systems so the enemy is unable to communicate > and direct ground forces, or fire surface-to-air missiles, for > example. Didn't they already do this? In 1991? April of 1991? April *First* of 1991? > To better understand the secret program, several questions about the > unit were submitted to Stratcom. > > Capt. Damien Pickart, a Stratcom spokesman, issued a short statement > in response: "The DOD is capable of mounting offensive CNA. For > security and classification reasons, we cannot discuss any specifics. Again, surprise, surprise. > However, given the increasing dependence on computer networks, any > offensive or defensive computer capability is highly desirable." Any capability. Regardless of what it does. Regardless of how it works, or how *well* it works ... > Nevertheless, Verton says military personnel have told him numerous > "black programs" involving CNA capabilities are ongoing, while new > polices and rules of engagement are now on the books. Ah, so we are at the point where we don't know what we are doing, but, by golly, we are going to do it! > Last summer, the internet-posted execution of American civilian > Nicholas Berg sparked a debate about the offensive capabilities of > the CNA program, said retired U.S. Army Col. Lawrence Dietz. [...] > The debate focused on whether the United States should shut down a > website as soon as it posts such brutality. Nobody told them about Kazaa, BitTorrent, etc? > Dietz knows a thing or two about information warfare. He led NATO's > "I-War" against Serbia in the mid-1990s -- a conflict that many > believe was the occasion for the U.S. military to launch its first > wave of cyber attacks against an enemy. Oh, no, not the first! The *first* one was the "Desert Storm" virus. > One story widely reported, but never confirmed Again, surprise, surprise. > "The reality is, once you press that Enter button, you can't control > it," he said. "If the government were to release a virus to take > down an enemies' network, their radar, their electrical grid, you > have no control what the virus might do after that." One of the reasons that, eighteen years ago, we figured that "attack" viruses were not a really good idea. ====================== (quote inserted randomly by Pegasus Mailer) rslade@private slade@private rslade@private This is the bitterest pain among men, to have much knowledge but no power. - Herodotus http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade -=- Forwarded from: matthew patton <pattonme@private> Subject: Re: [ISN] U.S. Military's Elite Hacker Crew I'd be happy to be wrong but I really don't think such a shallow "scare" piece warrants much notice. I'm not suggesting there aren't a couple of 0-days the military has come up with that it can potentially use to DoS or otherwise compromise the odd website here and there. I got a chance to view and interface with some folk involved in a "green room" project and well, it's "really cool" to the youngsters that they've got a hacking tool and the authorization to use it, it's not what I'd consider earth shattering stuff. The established bug hunters nee NGS are IMO considerably more skilled at this than the military will be. Much as we've been seeing in the crypto world for some time, the "public" is pretty darn good at this stuff too. The controversial website thing to me is a red herring. By the time the military/intelligence community is aware of it's existence the cat is LONG out of the bag. The Mallaysian case of taking an extra day to pull the plug makes no difference - the video was out there on plenty of hard drives already. Going after financial transaction software and infrastructure control devices is way more interesting. The barrier to entry has generally been getting ones hands on the software in question and figuring out how to mess with it. I'm sure having gov't contacts tremedously facilitates access to what would otherwise be better controlled. Then again, how hard is to bribe a sysadmin here or there who has access to the CD's at a big or not so big bank? Technical hacking is almost always greased by personnel hacking. I frankly wouldn't be surprised a purple suiter isn't in the employ of a couple of banks, trading houses or the like. And if not, why not? _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Tue Apr 19 2005 - 13:52:33 PDT