Attention Geeks and Hackers: Uncle Sam's Cyber Force Wants You!

Attention Geeks and Hackers: Uncle Sam's Cyber Force Wants You!

www.truthout.org

Part of the Air Force's new "above all" vision of full-spectrum dominance, America's emerging cyber force has control fantasies that would impress George Orwell. Working with the Defense Advanced Research Projects Agency (DARPA), the Department of Homeland Security, and other governmental agencies, the Air Force's stated goal is to gain access to, and control over, any and all networked computers, anywhere on Earth, at a proposed cost to you, the American taxpayer, of $30 billion over the first five years.

Here, the Air Force is advancing the now familiar Bush-era idea that the only effective defense is a dominating offense. According to Lani Kass, previously the head of the Air Force's Cyberspace Task Force and now a special assistant to the Air Force Chief of Staff, "If you're defending in cyber [space], you're already too late. Cyber delivers on the original promise of air power. If you don't dominate in cyber, you cannot dominate in other domains."

(visit the link for the full news article)

Really scary stuff. It seems to me that merely survialiance isn't enough anylonger; now they go for full control, from just keeping an eye on you to direct attempts of control. Imagine you write something on your computer not in agreement with the official line, and next time you open it it will be altered or deleted by automatic censors in accordance with this new strategy of "full-spectrum dominance". E-mails, in fact anything uploaded to your comp, you will never be able to know if it's genuine and unaltered.

"Big Brother is watching you" will be a cozy phrase of the past. In the future it'll be Big Brother decieves you, disrupts you, and denies you access to information. In the end he'll degrade you in any social and legal sense. If need be he'll destroy you.

This stealthily infiltrating, stealing, and exfiltrating system is called D5, a term that embraces the ability to Deceive, Deny, Disrupt, Degrade, and Destroy an enemy's computer information systems.

This goes far beyond 1984. Maybe its 2012, the end of reality as we have known it.


PS. Can't help but wonder what impact this will have on a CT board like ATS, and on our ability to post here.

www.truthout.org
(visit the link for the full news article)

I get the feeling we are going to get bombarded by disinformation if this starts up.


However, in a positive light...

There's no feasible way a group can gain control over "All of the worlds computer systems"... in fact, likelihood is, they need one hacker for every one computer they want to control.

I just don't see how any of this is useful though... the only way it could be a useful tool is if they intend on revoking their citizens rights to express their views.


Whatever though... a network is a network, there's nothing stopping us from stringing up a new one...
If we do start a new web to keep governments out of our face, I propose we create it with a disclaimer, no information provided online can be used in full or in part by any government body, or any group of peoples under the control or financial persuasion of a government body.
Network hubs, lines, servers, and any other present and future equipment to be used on the information web, cannot be seized, tampered with, monitored, revoked, infiltrated, or any other means as to disrupt, interfere with, or monitor its daily use.
The equipment is the sole property of the company which installed it.

Originally posted by khunmoon
"Big Brother is watching you" will be a cozy phrase of the past. In the future it'll be Big Brother decieves you, disrupts you, and denies you access to information. In the end he'll degrade you in any social and legal sense. If need be he'll destroy you.

This stealthily infiltrating, stealing, and exfiltrating system is called D5, a term that embraces the ability to Deceive, Deny, Disrupt, Degrade, and Destroy an enemy's computer information systems.

This goes far beyond 1984. Maybe its 2012, the end of reality as we have known it.

Thanks for the acronym expansion and insight. I believe that the commercial infrastructure that could be used for something like this is already, in fact, being tested and deployed. For example, the recent Phorm tests by British Telecom:

British Telecom illegally intercepted and modified web pages, tracked users

While military organizations have direct and clearly defined responsibilities, commercial concerns have no such specific admission of their motives, making their potential influence much scarier, in my opinion.

reply to post by johnsky


I too really hope that it won't posisble, and if they go ahead by the time it is completed it will be somehow hopelesly out of date.

I am not sure though, as you say:

There's no feasible way a group can gain control over "All of the worlds computer systems"... in fact, likelihood is, they need one hacker for every one computer

Remember among the few outside Microsoft who has the source code and the key for the alleged backdoor, will be the Airforce. So I'm not sure about that.

It will only be a question about entering the IP and the proper code to get access to any windows based machine.

That's (more than) 99% og all the PCs in this world.

Originally posted by johnsky


I just don't see how any of this is useful though... the only way it could be a useful tool is if they intend on revoking their citizens rights to express their views.

Umm this is bigger than just controlling my and your computer this is controlling the networks that control other peoples weapons systems, communications, satellites I mean everything these days is ran by computer and computer networks. Wanna hack Chinas military networks to launch missiles from China to Hit Russia and blame China for starting a war? Sure why not. This is big. Cyber Ninjas the way of the future.

WOW-

How lame can these scare tactics get? WHO CARES if they can 'get into any networked pc'. THEY ALREADY CAN. Do any of you even KNOW what the internet is? (Insert silly accent here) Lemmee tell ya somethin-

IT IS ONE BIG NETWORK WHERE EVERYONE CAN TALK TO EACH OTHER. All with this silly little outdated suite of protocols called TCP/IP. I've run LARGE networks for ISP's. They can see EVERYTHING that you are doing, and the tiers above us have direct links to the government for their amusement.

Think your e-mail and data passing through the net is really encrypted? Think your Skype/VoIP calls are just passed off as random traffic on the net? Think your VPN has the tightest seams? Think that firmware running your little broadband router is secure? Think again.

There are MANY networking tools which will allow you to 'sniff' data coming from routers, pc's whatever. There are people who do NOTHING but sit around cracking code and compiling LOADS of sniffed data to pull information. Trojan Horse type viruses (which are actually executing code like a real program) can be hidden in ANYTHING. New harddrives. New flash/thumb drives. New cameras, MP3 players, TV's. Anything that can store digital media that you access with your PC.

Think your wireless encrypted network is safe? I've got a sandbox you can stick your head in. NOTHING wireless is safe or encrypted- no matter how many encrypted bits you throw at them, it will be cracked. Bluetooth, Wi-Fi, cellular- all these are easily controlled remotely and can have their data passed through wireless sniffed and compiled.

Here's the deal people. If you DON'T want the government, me, or anyone else sniffin yer hard drive, then DO NOT EVER PLUG YOUR ETHERNET CABLE OR MODEM INTO ANYTHING EVER. No Wireless card. No USB wireless controllers for mice and keyboards. No Bluetooth controllers. No Wireless ANYTHING attached to that PC.

Encrypt your hard drive and put an auto-crash feature in that will wipe the drive if the password is incorrect a few times. Keep sensitive data ONLY on an encrypted thumbdrive or disk locked in a safe or lock box- and only take it out when needed. Personal safety deposit boxes in banks are NOT secure- sure your stuff may be there- but you will never know if or when it has been tampered with. Encryption is a deterrent to amateurs, but just slows a professional down.

Keyloggers are another concern (someone can walk up, put a cd in the drive and install one of these programs that records EVERYTHING you type and sends the results periodically to a server on the internet or saves it as a file to be retrieved later), so physical access also has to be limited. Laptops rule in this case as they are easily locked up and made usable fairly quickly. Always password protect the bios as well as the OS to make it harder to log into the machine, although a quick plug into the hard drive is all any hacker would need, and on any PC that can be done in minutes. Never rely on those silly locks on PC cases or laptops. That makes as much sense as those little fireproof safes with a handle on them.

I have a hard time swallowing sensationalism, so I have to stab at it every chance I get... I'm not one to support scare tactics- but if you understand what I've written here YOU SHOULD ALREADY BE AFRAID.

Hope this info helps someone out.




[edit on 6/6/08 by dhardeman]

They don't need to hack your computer.

Some members of the intelligence community were first recruited decades ago while they worked at Microsoft - many still work there. The same policy of recruit, infiltrate, and manipulate was used to secure the hardware manufactures. The ties between companies like AT&T and the government intelligence agencies are well known and widely documented.

They already have end-to-end control. From your computer, to the network hardware, to the "pipes" - they exercise some control or at least maintain some method of covert (and unlawful) data retrieval.

Windows Vista on up as well as Windows XP Service Pack 3 include systems and code designed specifically by the NSA to allow secret government eavesdropping of all your communications.

Cisco, Lucent, Juniper, and Nortel routers and network equipment all already have built-in software and hardware required for government agencies to perform trap and trace at the data link level.

Finally, AT&T, Quest, and Level 3, just to name a few, all maintain anonymous dedicated circuits to be used by government agencies as network taps.

Jon

reply to post by Voxel


According to Mark Klein, you hit the nail on the head.

"Based on my understanding of the connections and equipment at issue, it appears the NSA (National Security Agency) is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet," Klein said. "This potential spying appears to be applied wholesale to all sorts of Internet communications of countless citizens."

Link

I say its about time. For too long it seems that the U.S. was been attacked by the Chinese for many years without an effective response.

Actually, the more I think about this whole scenario the more it scares me. See, it's like running an IT department: An indispensable position, knowledge of equipment and protocols is usually contained to one person, team or department, and the ability to completely wreak havoc with the click of a button....

I'm sure some would sell out for the cash, but most true hackers IMHO are anti-establishment to begin with.

That is, until they get caught...

Originally posted by dhardeman
THEY ALREADY CAN.

Wow, that sounds a little paranoid. Sadly, only a little -- computer security, I've noticed, is one of those fields where, the more 'expert' the person you talk to is, the more they tend to take the 'fringe' theories seriously. That's what makes stories on things like computerized voting machines so worrisome.

Hey, if you're going to go down the never-connect-anything-ever route, why not go whole-hog? Don't forget ATX power supplies! Non-user serviceable, and those things sure do have a lot of wires! You need a separate, isolated power grid! Heh, soon you'll end up in a Faraday cage like that guy in "Enemy of the State".

More seriously, though (and I don't think I've heard this mentioned before), have a look at the Bell 568B wiring standard for Ethernet cables. Standard Ethernet cables, the ones like oversized phone plugs. There's eight wires -- four pairs. However, all the 10/100 Ethernet standards, and all except the most cutting-edge 1000 standards, only use two of those pairs. So almost every Ethernet cable and network installation has exactly twice as much copper as necessary -- seems quite a waste of resources. Of course, the standard was originally designed so that standard telephone (smaller) connectors could be used in Ethernet outlets, and phone run along those extra wires, but I don't think that's ever actually attempted (except by accident). Food for thought for the skeptical, and gruel for the already paranoid.

reply to post by Ian McLean


Want some more?

Personally, I could care less if anyone sniffs my stuff- i have nothing to hide, so paranoia aside~

I've posted on ATS before about voting machines, but I was unregistered at the time I think, or it could've been on another site- I'll see if I can dig it up, it was good. Long story short, the hardware is easily altered and results are easily modified on either the machine itself or by whoever is compiling the votes at the end of the process.

Although power-line networking devices are very susceptible to intrusion, there's always SOLAR power... No one can bug the sun- yet!

I've also heard of ethernet sniffers that act like an ampmeter and measure the pulses through the cable with a magnetic coil, enabling it to act as a receiver to sniff data. No physical intrusion, just a clamp coil around the cable.

This and some of the other scenarios probably wouldn't be done by the government as they have the luxury of being able to sit in an office and have all your internet traffic routed to their screen in real time. This is mainly for hacker protection or corporate espionage knowledge.

People should know that you are only as safe as you think you are. If someone really wants to get you, they will. So no worries, right? Me, I still lock my doors at night, silly as it is.



[edit on 6/6/08 by dhardeman]

100BASE-TX follows the same wiring patterns as 10BASE-T but is more sensitive to wire quality and length, due to the higher bit rates.

1000BASE-T uses all four pairs bi-directionally and the standard includes auto MDI-X; however, implementation is optional. With the way that 1000BASE-T implements signaling, how the cable is wired is immaterial in actual usage.

wikipedia

In telco wiring there has ALWAYS been extra capacity engineered into the cabling scenarios- residential setups usually get cat3 cable with 4 pair, when only one pair is needed for a phone line. Power over Ethernet protocol also uses the extra 2 pair in ethernet, which allows one to power a unit and rx/tx data through the same cable.

I don't see the extra pair as a conspiracy in the slightest.

Encrypt everything you value with decent and more open algorithms and software. Use open source whenever you can. There are also numerous ways to plug the leaks that IM and VoIP cause.

Two good examples:
zfoneproject.com... zphone by phil zimmerman
www.cypherpunks.ca... off the record messaging

You can even find decent open firmwares for consumer level home/SOHO routers:
en.wikipedia.org...
en.wikipedia.org...

A nice WPA-PSK thats about 62 characters long and rotated monthly is still quite the pain in the ass.

Of course, no system is perfect but it boils down to is implementing a wise personal security plan and following it consistently. Force malicious parties to pick easier targets and go after low hanging fruit or force them to expend # loads of resources. Also, secure data deletion is very important. I personally prefer DBAN running gutmann wipes (dban.sourceforge.net...).

Always assume the worse cases scenario....assume that at a given moment everything involved could betray you.

Originally posted by Kluge
Always assume the worse cases scenario....assume that at a given moment everything involved could betray you.

And that, interesting enough, is a non-paranoid and professional approach to data security and reliability.

Example: I argue quite often that RAID hard-disk storage methods, which 'increase reliability' by distributing data over multiple drives, redundantly, are worse than useless. Sure, they might increase your MTBF numbers, but the false sense of 'security' they give is very dangerous.

On more than one occasion, I've seen people lose data because they thought 'redundant' meant 'reliable', and since they had a RAID-5 array, they didn't need to do regular backups. Then two drives failed at once, or the drive controller card puked.

Use RAID-0 (which actually decreases MTBF) for performance improvement; be very wary of 'backup replacement' solutions.