wraggster
April 30th, 2009, 19:29
A US Air Force officer has told the BBC that his country should create an offensive botnet to target any forces that launch a cyber-attack against it.
Speaking on Radio 4's The Report, Col Charlie Williamson said the US was currently in "defensive mode" on cyber-warfare and that needed to change.
"[Armies] have always had some form of offensive capability. And that's really all I'm calling for," he said
Col Williamson stressed he was speaking in a personal capacity.
Botnets are networks of computers which have been subverted by malicious code so they fall under someone else's control, usually that of a cyber-criminal. However, there have been reports of politically motivated botnet attacks on Georgian computers during the South Ossetia conflict and on the Dalai Lama's network.
Typically owners of machines forming a botnet do not know their computer has been hijacked. Home users account for 95% of all attacks mounted by botnet, according to figures from security firm Symantec.
Col Williamson - who served with the US Air Force Intelligence, Surveillance and Reconnaissance Agency - says that the US military should be ready to take such an attack to the enemy.
"The idea is that if we have the capability to strike back, then a potential attacker has to take that into account before launching an attack.
"I recommend that we make our botnet - the botnet I propose - public. The whole world knows about it. That we exercise it on ranges that other countries can see electronically, that they know what we're doing and then they are going to be more likely to back off before doing an attack because they have to take this into account," he said.
There are reports the US is stepping up its offensive cyber-weaponry
He believes that the botnet would be legal under international law, whether it is used against an enemy country or a terrorist group. Botnet controllers would need a "no-strike list" of protected computers, such as those used in hospitals.
And he argues that if a computer owner has failed to use anti-virus software and install the latest security patches, that machine may be a legitimate military target.
"It may, in the right circumstance, be worthwhile and even fair for the US to hit a computer that is hitting us and stop it from harming us for an hour or days when that computer owner failed to take basic steps to protect us," Col Williamson told the programme.
Just this week, an American newspaper reported that the Pentagon was indeed developing offensive cyber-weaponry - although it remains heavily classified.
Barack Obama's adviser on online security, Melissa Hathaway, delivered a report on cyber-warfare to the president last week. And he's being asked to weigh up the merits of developing a robust capability to wage war in cyberspace.
When asked whether the US military might already have created an offensive botnet, Col Williamson replied: "That's entirely possible. It's just my hope that it becomes public because we can't have a deterrent that adversaries don't know about."
http://news.bbc.co.uk/1/hi/technology/8026964.stm
Speaking on Radio 4's The Report, Col Charlie Williamson said the US was currently in "defensive mode" on cyber-warfare and that needed to change.
"[Armies] have always had some form of offensive capability. And that's really all I'm calling for," he said
Col Williamson stressed he was speaking in a personal capacity.
Botnets are networks of computers which have been subverted by malicious code so they fall under someone else's control, usually that of a cyber-criminal. However, there have been reports of politically motivated botnet attacks on Georgian computers during the South Ossetia conflict and on the Dalai Lama's network.
Typically owners of machines forming a botnet do not know their computer has been hijacked. Home users account for 95% of all attacks mounted by botnet, according to figures from security firm Symantec.
Col Williamson - who served with the US Air Force Intelligence, Surveillance and Reconnaissance Agency - says that the US military should be ready to take such an attack to the enemy.
"The idea is that if we have the capability to strike back, then a potential attacker has to take that into account before launching an attack.
"I recommend that we make our botnet - the botnet I propose - public. The whole world knows about it. That we exercise it on ranges that other countries can see electronically, that they know what we're doing and then they are going to be more likely to back off before doing an attack because they have to take this into account," he said.
There are reports the US is stepping up its offensive cyber-weaponry
He believes that the botnet would be legal under international law, whether it is used against an enemy country or a terrorist group. Botnet controllers would need a "no-strike list" of protected computers, such as those used in hospitals.
And he argues that if a computer owner has failed to use anti-virus software and install the latest security patches, that machine may be a legitimate military target.
"It may, in the right circumstance, be worthwhile and even fair for the US to hit a computer that is hitting us and stop it from harming us for an hour or days when that computer owner failed to take basic steps to protect us," Col Williamson told the programme.
Just this week, an American newspaper reported that the Pentagon was indeed developing offensive cyber-weaponry - although it remains heavily classified.
Barack Obama's adviser on online security, Melissa Hathaway, delivered a report on cyber-warfare to the president last week. And he's being asked to weigh up the merits of developing a robust capability to wage war in cyberspace.
When asked whether the US military might already have created an offensive botnet, Col Williamson replied: "That's entirely possible. It's just my hope that it becomes public because we can't have a deterrent that adversaries don't know about."
http://news.bbc.co.uk/1/hi/technology/8026964.stm