US needs digital warfare force

Double tap..

 

Its not such a bad idea, having recent experience in the ISP/Tier1 internet market, DoS (Denial of Service) attacks are now commonplace, and if directed against banks etc can be devastating to a country's economy. At the moment there is little co-ordination to track, trace and identify culprits. Even more diffucult with the technical capabilities built into trojans and worms.

 

Something worth a read here is The Cuckoos Egg. Issues the writter has are pretty much true even in today's world with the lack of co-op he gets. Sure, things have changed - but that for him becomes a personal crusade. It's truely the only way to get someone hacking.

When working for a carrier, some script kiddies fired of a script like clock work from an ISP DNS server they'd compromised. They did it right in the at the most annoying part of the day for the 4 people managing the service. Because of that they did get tracked and had their front doors caved in by FBI in the states and our police here. Aged 17-21 they generally had a bad day out. Why? They ruined my friday after work pint.

Having geeks being able to run assault courses doesn't really inspire the generic type, but something does need to be done. The internet is a wild west, it doesn't need a police force thou - what it really needs are a few sheriff's to be able to fight back. Its a poachers/game keeper model where they both use the same tools to hunt and track each other.

 

Just wait till you meet the staff, its known as the funny farm round here! Geek central, though you wouldnt be typing on here without them

Still a bunch of weirdos though.

 

Although it could be argued that they wouldn't be there, without us typing on here.

 

Like to borrow my tinfoil hat?

 

Worth reading Fredrick Thomas Martin's book "Top Secret Intranet" - detail the history of Intelink, and makes several references to the risks and means to deal with them.

Ultimately the need for dedicated resources that can act quickly is a reasonable request. Strangely, the last nine months of turmoil in the major economies has given several institutions their closest simulation of what a substantial "cyber-attack" could do to their current sy / business models.

We crack wise on here everytime data goes walk-about, and the usual responses of investigation / lessons learned / changes in process / dismissal of fall-guy improve matters incrementally - moreoften due to the media pressure to be seen to be doing something.

I predict, that at some stage in the next couple of years a major financial / global organisation will discover that is has been targetted and hit for a severe financial loss. Anyone analysing trends in card fraud will know the true costs and yet the same security models are employd to secure sums and trading systems far larger. Given the average bank's ability to calculate risk is becoming more difficult than ever before, you really would have to wonder if all of them would be able to spot a co-ordinated attack, until after the event.

Which would lead to the next question - If a bank did get "taken apart" (and the bank discovered what was going on) - would they make that information public?

- screw the tinfoil hat - expose me to that radiation baby.

 

The thing is that banks have been concerned about computer crime since loooonnnnngggg before the internet turned up. After all, criminals follow the money - bank security types have been security minded since the first time that someone tried salami-slicing, way back in the 1960s or 70s.

They worry about such things all the time. Large corporations have invested lots of money in being able to offer computer security products; you can even get qualifications in penetration testing.

If HM Armed Forces want an aggressive cyber-warfare capability, I suspect that the answer would be a sponsored reserve from GCHQ or KPMG...

 

Even the Germans have recently set up a "cyber warfare" unit, if they see a need, there might be something in it.

 

The bigger difficulty is the simple fact that the Internet is global, Law is not.
Good luck in taking any kind of legal action against an unknown attacker bouncing out of DPRK IP space, or a large botnet where the control channel is sourced in Armenia, for example.

As in_the_cheapseats said, the Military is just not the right place to source this kind of resource, they simply don't have the experience outside of a very restricted [sic] environment, either in terms of technology or threat models.

 

BV Technician, yes the internet is global, but the US has been very successful at extraditing hackers from foreign countries, who have tried to attack banks and defence systems.

Currently response to cyber attacks is sporadic, and relies on the commercial enterprises who operate the internet backbone to try to defend against these attacks. Competition between these enterprises does not necessarily enhance the response to DoS attacks, and it takes time to a) stop the attack b) identify the perpetrator.

I think generally the use of systems to attack or deny service to servers in other countries is seen as breaking the law somewhere, and when identified perpetrators are usually caught and prosecuted. The telecommunications acts have various provisions for misuse within them in this country for example. However this becomes more difficult when the attacker is seen to be a foreign government who are intent on disrupting the telecommunications of another state.

 

Which is why LIAG is TA. If the MoD/Government/Land decide we need an offensive equivalent to complement LIAG it would make sense for that to be TA as well.

 

They have ? That is being hidden well then as they are still trying to extradite Gary McKinnon for alleged crimes dating from 2001, Ehud Tenenbaum surrendered to US Marshals and so on. I am not disagreeing in that legal action can sometimes be taken against attackers, it's just the reality that there are countries in this world were you cannot take any action at all, if the attack is sourced from there.