While Operation CyberStorm is intended to improve our ability to defend against a foreign cyberattack, the Air Force is talking openly about our ability to launch a preemptive attack in cyberspace.
In the May 2008 issue of Armed Forces Journal, Col. Charles W. Williamson III wrote that "America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."
He argues, "The time for fortresses on the Internet also has passed, even though America has not recognized it. Now, the only consequence for an adversary who intrudes into or attacks our networks is to get kicked out--if we can find him and if he has not installed a hidden back door. That is not enough."
He concludes: "While America must harden itself in cyberspace, we cannot afford to let adversaries maneuver in that domain uncontested. The af.mil botnet brings the capability to help defeat an enemy attack or hit him before he hits our shores."
"Although it's hard to prove it," said Yuval Ben-Itzhak, CTO at Finjin, "I believe the cyberspace is already in use by various governments for intelligence purposes. The disclosure that the Air Force plans to have offensive cybertools should not surprise us since many systems rely on the Internet to operate/communicate." He added that someone will also need to make sure these systems can be protected when needed.
That's a sentiment echoed by Dancho Danchev, who offers some insight on ZDNet. Among his observations is that these systems can be spoofed or otherwise fooled. For example, attacks against the U.S. may appear to originate in a country that the enemy wants us to DDoS (perhaps for them).
Over on F-Secure, a poll of readers worldwide showed on Thursday that nearly 70 percent of the respondents feel the U.S. should not build its own offensive botnet.
A number of phishing sites have cropped up within the last day using domains previously attributed to the Storm worm botnet. Last fall, Storm was used in a series of pump-and-dump stock spam blasts, including a unique MP3-based spam blast, but researchers at F-Secure don't think the original authors of Storm are necessarily trying something new. F-Secure said Tuesday that "October brought evidence of Storm variations using unique security keys. The unique keys...allow the botnet to be segmented allowing 'space for rent.'" They think phishers are leasing parts of the larger botnet.
F-Secure cites a Halifax bank as one of the phishing targets, while Trend Micro identifies the Royal Bank of Scotland as another. What connects these sites are the server domains hosting the pages. Trend Micro said Tuesday it detected the hosts "while watching domain activity normally associated with suspected RBN (Russian Business Network) -associated activities."
The original Storm worm code, so named because it coincided with a severe winter storm in Europe, will celebrate its first anniversary next week, on or around January 19.
Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, first reported on Saturday, has already come and gone. Still, users should be on the look out for a package called "iPhone firmware 1.1.3 prep," described as something you need to install before updating to the new 1.1.3 firmware. Billed as an "important system update," the code does little more than cause annoyance. According to various sources, once the Trojan is installed it simply displays the word "shoes."
However, the Trojan also overwrites several legitimate applications, including Erica's Utilities, Launcher, Doom, and OpenSSH, meaning that if you uninstall the Trojan, you will need to reinstall these applications later. This appears to be a consequence of poor programming.
The risk to iPhone users is now considered negligible since the host sites have all been taken down.
As antivirus vendor F-Secure concluded in its blog, "This time it was an 11-year-old kid playing with XML files who created the Trojan. Next time it might be someone else with more skills and with specific target."
- prev
- 1
- next
