Forwarded from: Jason Coombs <jasonc (at) science.org>
Kevin Poulsen fails to comprehend the nuances of certain modes of
software vulnerability exploitation, which sometimes require a
vulnerable host to be pressed into the chore of servicing a heavy load
in order to cause the code which contains the targeted vulnerability
ever to be executed in the first place.
Or the fact that launching a denial of service attack can be used merely
to trick human users into opening certain URLs in their vulnerable web
browsers as those clueless victims attempt to investigate or respond to
the apparent DoS attack.
You don't break into a target network or host with a denial of service
alone, but you can get people's attention quickly and change the
behavior of human and computer alike using the DoS as a strategic tool
...
... we can only wonder out loud whether our military cyber warfare
spooks will ever make use of a DDoS as part of such a layered attack (or
counter-attack) strategy, the way the real experts at intrusion
(motivated black hats) commonly do.
Besides, the most useful DDoS platform is the one that gives the
government the ability to hijack and/or spoof any node at any time for
any reason in the name of a law enforcement emergency or a national
security priority mission.
When all those FISA-ignoring telcos agreed to install direct fiber links
into all those new top secret government communications hubs co-located
on the other side of the wall from major backbone switching hubs what
made the telcos stop at providing just a mirror of all the data streams
for warrantless surveillance purposes? We know that most of the telcos
cooperated and opened up their networks, why would they not also have
provided the staging point needed to secretly, covertly alter routes and
dynamically change, modify, or delete content including initiate
brand-new traffic on-demand?
>From outside a telco the end result will look just like individual hosts
at telco endpoints have been hijacked and are now zombies in some
malicious botnet drone army, when in fact the endpoints need not be
compromised at all.
These cooperating telcos can't (or won't) come forward to disclose the
difference between their virtual botnet services being provided to the
U.S. Government, under secret contract, and the conventional botnet
services they provide under contract to the users of all those
vulnerable Windows computers sitting at the actual endpoints on the
telco's network. It will be decades before anyone does the forensics
needed to notice this sort of large-scale virtual
botnet-in-the-network-fabric exists at all.
Magic Lantern, Carnivore, DCS 1000/2000, and all these platforms' more
recent distributed automated progeny courtesy of the coordinated
American response to terrorism should already have positioned Uncle Sam
to impersonate the entire Internet with the flip of a switch, so the
idea of recycling old 386 boxes into botnets is probably meant to make
people who aren't paying attention believe we're still computing in the
stone age and nothing really sophisticated will happen for a few more
decades yet so there's nothing to worry about, let the cyber crime spree
begin!
Sincerely,
Jason Coombs
jasonc (at) science.org
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: InfoSec News <alerts (at) infosecnews.org>
Date: Tue, 13 May 2008 03:26:12
To:isn (at) infosecnews.org
Subject: [ISN] Air Force Colonel Wants to Build a Military Botnet
http://blog.wired.com/27bstroke6/2008/05/air-force-col-w.html
By Kevin Poulsen
Threat Level
Wired.com
May 12, 2008
While most government agencies are struggling to keep their computers
out of the latest Russian botnets, Col. Charles W. Williamson III is
proposing that the Air Force build its own zombie network, so it can
launch distributed denial of service attacks on foreign enemies.
In the most lunatic idea to come out of the military since the gay bomb,
Williamson writes in the Armed Force Journal that the Air Force should
deliberately install DDoS code on its unclassified computers, as well as
civilian government machines. He even wants to rescue old machines from
the junk bin to enlist in the .mil botnet army.
The U.S. would not, and need not, infect unwitting computers as
zombies. We can build enough power over time from our own resources.
Rob Kaufman, of the Air Force Information Operations Center,
suggests mounting botnet code on the Air Force.s high-speed
intrusion-detection systems. Defensively, that allows a quick
response by directly linking our counterattack to the system that
detects an incoming attack. The systems also have enough processing
speed and communication capacity to handle large amounts of traffic.
Next, in what is truly the most inventive part of this concept, Lt.
Chris Tollinger of the Air Force Intelligence, Surveillance and
Reconnaissance Agency envisions continually capturing the thousands
of computers the Air Force would normally discard every year for
technology refresh, removing the power-hungry and heat-inducing hard
drives, replacing them with low-power flash drives, then installing
them in any available space every Air Force base can find. Even
though those computers may no longer be sufficiently powerful to
work for our people, individual machines need not be cutting-edge
because the network as a whole can create massive power.
After that, the Air Force could add botnet code to all its desktop
computers attached to the Nonsecret Internet Protocol Network
(NIPRNet). Once the system reaches a level of maturity, it can add
other .mil computers, then .gov machines.
Brilliant! The best defensive minds in the country want to build a
massive distributed computing system to do nothing but pump crap into
the internet. The article talks about carefully targeting attackers'
machines, but this ignores all the intermediate networks between the Air
Force and the target, which will have to contend with a flood of garbage
packets whenever some cyber Dr. Strangelove decides to go nuclear.
[...]
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 23:14:06 PDT