http://www.wired.com/politics/security/news/2007/08/262nd By John Lasker Wired.com 08.07.07 If the U.S. Air Force is ever ordered into a cyberwar with a foreign country or computer-savvy terrorist group, the 100-plus citizen cybersoldiers at the Air National Guard's 262nd Information Warfare Aggressor Squadron will boast an advantage other countries can't match: They built the very software and hardware they're attacking. That's because the 262nd, based at McChord Air Force Base outside Tacoma, Washington, draws weekend warriors from Microsoft, Cisco Systems, Adobe Systems and other tech companies, in a recruitment model that senior military leadership is touting as vital to the Air Force's expanded mission to achieve "dominance in cyberspace." "We ... must capitalize on the talent and expertise of our Guard and Reserve members who may have direct ties and long experience in high-tech industry," wrote Secretary of the Air Force Michael W. Wynne in a recent issue of the Air and Space Power Journal, an Air Force publication. "We must be prepared to defeat our enemies by using combined arms -- air, ground, sea, space, and cyber weapons systems." Created out of a combat communications squadron in 2002, the 262nd was commissioned to carry out simulated cyberattacks within the Air Force. But the Air Force's determination to develop an offensive cyberwarfare capability has been well-known since December 2005, when the service formally revised its mission statement to announce that airmen and airwomen would henceforth "fly and fight in air, space and cyberspace." The military's new focus on recruiting talent from high-tech companies raises a potential conflict of interest. Cisco's routers and switches are considered the nervous system of the internet worldwide. Microsoft and Adobe products are used by hundreds of millions across the planet, and have suffered from programming errors that make them vulnerable to attack -- which sometimes remain a secret inside the company for weeks or months before they're patched. In the hands of an offensive cyberwar unit, advance knowledge of serious vulnerabilities could be devastating, says Robert Masse, a reformed hacker who founded Montreal-based computer security firm GoSecure. Cyberwarfare is "all about knowing exploits no one else knows about," says Masse. "You need the exploits to break in.... The people with the most exploits win." Some countries -- notably China -- have voiced concerns that Microsoft might pack backdoors in its closed-source operating systems and applications. In an effort to curb distrust, in 2003 Microsoft signed a pact with China, Russia, the United Kingdom, NATO and other nations to let them see the Windows source code. But the company is mum on whether it sees ethical problems in its engineers working part time for a military unit dedicated to hacking its products. "Microsoft does not hold specifics about employees that are supporting the 262nd," says a Microsoft spokeswoman. "So to this end, there really is no comment on the types of work they are doing." Cisco and Adobe also declined to comment. Cybersecurity expert Richard Forno, who runs infowarrior.org, praised the recruitment effort. "The whole idea of an offensive information warfare unit, particularly a computer network attack unit, is to build capabilities for possible exploitation down the road," says Forno. "It just so happens the U.S. is lucky that the companies building the world's most popular and widely used IT products are based in the United States." Guardsmen and reservists serve one weekend a month and two weeks a year, and are subject to being called to active or full-time duty for stints ranging from a handful of months to several years. Even though the 262nd is named an "aggressor squadron," much of its work is defensive in nature, says Maj. Philip Osterli, a public information officer representing the unit. "They do look at adversarial threat packages from all across the board," he says. "We do not have a charter allowing us to conduct CNA (computer network attacks)." In addition to the 262nd, the Air National Guard draws from tech companies to staff the 177th Information Aggressor Squadron in Kansas, while both the 67th Network Warfare Wing and the Air Force Information Warfare Center recruit from the tech-heavy "Austin corridor" in central Texas, Wynne wrote. For this year's defense budget, Congress approved $800,000 for the planning and design of a new training and operations facility for the 262nd. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Mon Aug 13 2007 - 00:21:12 PDT