Thursday, May 15, 2008

Air Force attorney suggests chaining old PCs in a counter-offensive botnet

A US Air Force staff judge advocate has published a treatise suggesting the US government should build a botnet of thousands of virus-infected personal computers it can control to counter-attack foreign-based computer networks.

In an opinion piece published in the May edition of Armed Forces Journal, Col. Charles W. Williamson, III compares America's current defense against cyber threats to that of Troy when it fell after ten years of warfare, after its leaders accepted the Greek's Trojan horse inside its own walls.

"Today, every Army outpost in America traces its roots to the walls, guards and gates of Troy," Col Williamson writes. "But none of today's forts relies for boundary defense on anything more substantial than a chain-link fence, even though the base may contain billions of dollars in military equipment and the things most important to the soldiers - their families. The US intends for defense of its "forts" to occur thousands of miles away. We intend to take the fight to the enemy before the enemy has a chance to come here. So, if the fortress ultimately failed, does history provide a different model?"

The chain-link fence Williamson is suggesting for the information age is quite literally a chain of old, reclaimed PCs refitted to contain botnet code ready to be triggered into a counterattack.

Botnet masters have the ability to launch spam attacks, denial-of-service (DDoS) attacks, among other more sophisticated attacks. But while foreign governments have been accused of knowing about these types of networks, if not directly helping create the network, the US has been reluctant to craft such a pro-active strategy towards cyber-attacks.

Rather than infect the PCs of unwitting users the same way hackers do today, Col. Williamson suggests that the Air Force "would not, and need not, infect unwitting computers as zombies." Under the auspices of the domain, the military would first add botnet code to the high-speed intrusion-detection systems used by the Air Force, with aging computers scheduled to be thrown out as the second line of defense. Instead of throwing away the computers each year, the military would swap out their heat-inducing hard drives for low-power computer hardware.

Assuming these two steps go as planned, the Air Force attorney suggests it would then be possible to add botnet code to a wider number of .mil and .gov computer systems. Williamson mentions it and denies the US government would hijack civilian computers to use in its network of attack machines.

In his published article, Williamson acknowledges possible political and legal ramifications of the US using a botnet in a not-so-defensive posture, perhaps as a pre-emptive strike measure. "The bigger legal challenge for the US is reciprocity. What we do to other countries, they get to do to us without our complaining," he wrote.

"A US defensive DDoS attack on a neutral country, or on multiple neutral countries, will certainly require the US to explain itself," he continued. "Commanders need to be ready to disclose some facts indicating why the US took action and what they did to tailor their response. Finally, the US needs to be ready to consider legitimate claims for compensation, if warranted."

The US government would consider all options before targeting civilian targets, especially within US borders, but they could be targeted "if the enemy compels us," Williamson suggested.

Furthermore, if civilian computers in a neutral country or ally must be targeted, Williamson claims the US must tread lightly so the country doesn't alienate its allies. To help prevent scenarios like this from happening, he proposed, "The US and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk."

Along with the creation of a botnet, the government must also create new tools to help more accurately identify where cyber-attacks against government computers are being launched from. Many malicious parties launch attacks on computers spread out through several nations, sometimes making it impossible to pinpoint where the attacks are initiated.

"The days of the fortress are gone, even in cyberspace," Col. Williamson concluded. "While America must harden itself in cyberspace, we cannot afford to let adversaries maneuver in that domain uncontested."

  • ISO calls for end to Open XML ‘personal attacks’
  • $13.9 B buyout will create ‘EDS: An HP Company’
  • Creative settles over MP3 player capacities
  • House bill would enforce ESRB game rating system