[ISN] Air Force Colonel Wants to Build a Military Botnet

From: InfoSec News (alerts@private)
Date: Tue May 13 2008 - 01:26:12 PDT


By Kevin Poulsen 
Threat Level
May 12, 2008

While most government agencies are struggling to keep their computers 
out of the latest Russian botnets, Col. Charles W. Williamson III is 
proposing that the Air Force build its own zombie network, so it can 
launch distributed denial of service attacks on foreign enemies.

In the most lunatic idea to come out of the military since the gay bomb, 
Williamson writes in the Armed Force Journal that the Air Force should 
deliberately install DDoS code on its unclassified computers, as well as 
civilian government machines. He even wants to rescue old machines from 
the junk bin to enlist in the .mil botnet army.

    The U.S. would not, and need not, infect unwitting computers as 
    zombies. We can build enough power over time from our own resources.

    Rob Kaufman, of the Air Force Information Operations Center, 
    suggests mounting botnet code on the Air Force.s high-speed 
    intrusion-detection systems. Defensively, that allows a quick 
    response by directly linking our counterattack to the system that 
    detects an incoming attack. The systems also have enough processing 
    speed and communication capacity to handle large amounts of traffic.

    Next, in what is truly the most inventive part of this concept, Lt. 
    Chris Tollinger of the Air Force Intelligence, Surveillance and 
    Reconnaissance Agency envisions continually capturing the thousands 
    of computers the Air Force would normally discard every year for 
    technology refresh, removing the power-hungry and heat-inducing hard 
    drives, replacing them with low-power flash drives, then installing 
    them in any available space every Air Force base can find. Even 
    though those computers may no longer be sufficiently powerful to 
    work for our people, individual machines need not be cutting-edge 
    because the network as a whole can create massive power.

    After that, the Air Force could add botnet code to all its desktop 
    computers attached to the Nonsecret Internet Protocol Network 
    (NIPRNet). Once the system reaches a level of maturity, it can add 
    other .mil computers, then .gov machines.

Brilliant! The best defensive minds in the country want to build a 
massive distributed computing system to do nothing but pump crap into 
the internet. The article talks about carefully targeting attackers' 
machines, but this ignores all the intermediate networks between the Air 
Force and the target, which will have to contend with a flood of garbage 
packets whenever some cyber Dr. Strangelove decides to go nuclear.

What's next? Air Force 4-1-9 scams? Dot mil phishing attacks? The most 
disappointing thing about this irresponsible proposal is the tacit 
admission that our elite cyber warriors can't actually break into an 
enemy's computer, instead resorting to a brute force attack designed by 
web defacement script kiddies eight years ago when Apache servers got 
too hard to hack directly.


Reader A.E. Mouse says,

    You all obviously don't really know anything about cyberwarfare. 
    Including you Kevin. Having this type of capability is essential to 
    IW [infowar] operations. Whether or not we actually need a "botnet" 
    to do it is inconsequential. DDoS attacks can be very useful when 
    used in a coordinated IW attack on enemy communications and network 

    In addition our relatively unsophisticated enemies have this 
    capability. DDoS, while admittedly juvenile and "last resort", can 
    be an effective tool. The reciprocity doctrine here applies. If the 
    enemy has one, we need one too, a bigger one. The internet is a new 
    battleground. All weapon types are on the table.

I'm sure that DDoS attacks could be useful to the military under certain 
circumstances. So could sending our enemies a bunch of unwanted magazine 
subscriptions, or ordering them dozens of pizzas with anchovies and 
pineapple (blech). But adults don't do that sort of thing.

The internet is a community venture, and DDoS is vandalism against the 
community. There's no such thing as pinpoint targeting in a DDoS attack; 
innocent civilian infrastructure is impacted every time.

Basically, Col. Williamson has noticed that there are bad guys in the 
swimming pool, and his solution is to piss in their general direction. 
That's the kind of behavior that rightly gets you kicked out of the pool 
and sent home for the summer.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 01:35:27 PDT