RSSAir Force attorney suggests chaining old PCs in a counter-offensive botnet
By Michael Hatamoto | Published May 15, 2008, 2:38 PM
A US Air Force staff judge advocate has published a treatise suggesting the US government should build a botnet of thousands of virus-infected personal computers it can control to counter-attack foreign-based computer networks.
In an opinion piece published in the May edition of Armed Forces Journal, Col. Charles W. Williamson, III compares America's current defense against cyber threats to that of Troy when it fell after ten years of warfare, after its leaders accepted the Greek's Trojan horse inside its own walls.
"Today, every Army outpost in America traces its roots to the walls, guards and gates of Troy," Col Williamson writes. "But none of today's forts relies for boundary defense on anything more substantial than a chain-link fence, even though the base may contain billions of dollars in military equipment and the things most important to the soldiers - their families. The US intends for defense of its "forts" to occur thousands of miles away. We intend to take the fight to the enemy before the enemy has a chance to come here. So, if the fortress ultimately failed, does history provide a different model?"
The chain-link fence Williamson is suggesting for the information age is quite literally a chain of old, reclaimed PCs refitted to contain botnet code ready to be triggered into a counterattack.
Botnet masters have the ability to launch spam attacks, denial-of-service (DDoS) attacks, among other more sophisticated attacks. But while foreign governments have been accused of knowing about these types of networks, if not directly helping create the network, the US has been reluctant to craft such a pro-active strategy towards cyber-attacks.
Rather than infect the PCs of unwitting users the same way hackers do today, Col. Williamson suggests that the Air Force "would not, and need not, infect unwitting computers as zombies." Under the auspices of the af.mil domain, the military would first add botnet code to the high-speed intrusion-detection systems used by the Air Force, with aging computers scheduled to be thrown out as the second line of defense. Instead of throwing away the computers each year, the military would swap out their heat-inducing hard drives for low-power computer hardware.
Assuming these two steps go as planned, the Air Force attorney suggests it would then be possible to add botnet code to a wider number of .mil and .gov computer systems. Williamson mentions it and denies the US government would hijack civilian computers to use in its network of attack machines.
In his published article, Williamson acknowledges possible political and legal ramifications of the US using a botnet in a not-so-defensive posture, perhaps as a pre-emptive strike measure. "The bigger legal challenge for the US is reciprocity. What we do to other countries, they get to do to us without our complaining," he wrote.
"A US defensive DDoS attack on a neutral country, or on multiple neutral countries, will certainly require the US to explain itself," he continued. "Commanders need to be ready to disclose some facts indicating why the US took action and what they did to tailor their response. Finally, the US needs to be ready to consider legitimate claims for compensation, if warranted."
The US government would consider all options before targeting civilian targets, especially within US borders, but they could be targeted "if the enemy compels us," Williamson suggested.
Furthermore, if civilian computers in a neutral country or ally must be targeted, Williamson claims the US must tread lightly so the country doesn't alienate its allies. To help prevent scenarios like this from happening, he proposed, "The US and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk."
Along with the creation of a botnet, the government must also create new tools to help more accurately identify where cyber-attacks against government computers are being launched from. Many malicious parties launch attacks on computers spread out through several nations, sometimes making it impossible to pinpoint where the attacks are initiated.
"The days of the fortress are gone, even in cyberspace," Col. Williamson concluded. "While America must harden itself in cyberspace, we cannot afford to let adversaries maneuver in that domain uncontested."
The next step is that they'll buy advertising data and target 18-35 years with a trojan that steals their personal information and signs them up for military service.
Score: 0
|Having the attacks originate solely from within our borders is futile. China, Russia and most non-Western nations monitor and control their chunks of the 'net with a heavy hand. All they need do to defend against this threat is isolate themselves a little more than they already are. Clearly, this judge advocates' talk is all code for, "infect the Chinese and Russians with a sleeper botnet". Couldn't agree more. Their doing everything they can to cripple our networks..lets get WHOPR to return the favor.
Score: 0
|Now instead of building their own network, terrorists will just have to hack the botnet network. Great idea, just not very realistic i think.
Score: 0
|coughs ... Skynet ... Coughs
Score: 0
|You know the saying... that idea is so crazy it's either really smart or really stupid.
The basic problem is that the physical world does not act the same as an abstract world.
Another's comment about Skynet really made me laugh. :)
Score: 0
|It would seem the US Air Force is full of retards.
Happy days.
Score: 0
|Seriously, why a "botnet"? If the computers are already in their possession why not develop software tailor made to coordinated attacks? You don't have to "infect" a computer that is already yours.
Score: 0
|Sweet idea! We can call it win32.americanfreedom.@mm.trojan or something like that.
It will constantly pop up all the .gov and .mil propaganda sites on the internet (version two just takes you to the online sign up forum and fills it out for you). It will e-mail all your friends with propaganda (and copies of itself). When it's not fighting terrorists it will be doing government work as a supercomputer decrypting messages sent between regular US citizens about everyday crap that they really want to know about.
Personally I'd sooner trust a botnet run by annonymous.
Score: 0
|"...it will be doing government work as a supercomputer decrypting messages sent between regular US citizens about everyday crap that they really want to know about."
Heh... TRANSLATR, anyone? :)
Score: 0
|I can't believe they would suggest such a thing when the military can barely defend its own net of machines. This can easily backfire. Why not say that they will focus on training their IT staff and those on computers about safeguards, one would think that would be a better use of resources.
Score: 0
|I doubt the economics of recycling outdated desktops would compute favorably in comparison with getting new dense blades or similar. From there on it's simply a question of semantics. Botnet my ass...
Score: 0
|