http://defensetech.org/2008/10/30/the-enemy-among-us/ The Future of the Military, Law Enforcement and National Security Fri, 10 Feb 2012 04:44:53 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87632 Master Chief Sun, 14 Jun 2009 14:52:13 +0000 http://deftech.usmilblog.com/?p=4152#comment-87632 My question is....how is there anyone who has no life to the extent that they spend their time doing this? My question is.…how is there anyone who has no life to the extent that they spend their time doing this?

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87631 The Cenobyte Fri, 31 Oct 2008 13:02:14 +0000 http://deftech.usmilblog.com/?p=4152#comment-87631 Please Please remember that DOS attacks are not the same thing as network intrusion. DOS attacks do not break into networks and change things, they just deny service to the network that the attack is taking place (It floods the network access point with requests). Network intrusion is almost never done by the same unskilled kids that run botnets for DOS attacks. Truly getting into a network and causing problems requires one of two things, either A)lots of skill and lots of time (Like Wargames) or b)Physical access. Physical access can mean a lot of things, in the case of the military in Iraq for example it meant network taps, aircraft for wireless systems, etc, etc. , but also included the good old lots of time and lots of skill method. Network intrusion can and will be a problem in future conflict, I mean it already has just mostly for our enemies, but it Please Please remember that DOS attacks are not the same thing as network intrusion. DOS attacks do not break into networks and change things, they just deny service to the network that the attack is taking place (It floods the network access point with requests). Network intrusion is almost never done by the same unskilled kids that run botnets for DOS attacks. Truly getting into a network and causing problems requires one of two things, either A)lots of skill and lots of time (Like Wargames) or b)Physical access. Physical access can mean a lot of things, in the case of the military in Iraq for example it meant network taps, aircraft for wireless systems, etc, etc. , but also included the good old lots of time and lots of skill method. Network intrusion can and will be a problem in future conflict, I mean it already has just mostly for our enemies, but it

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87630 The Cenobyte Fri, 31 Oct 2008 12:48:32 +0000 http://deftech.usmilblog.com/?p=4152#comment-87630 First off, DOS attacks only work on networks that you have a Botnet on. So for example, if you want to attack a DOD WAN you have to have bots on that WAN network. You can attack that networks points of entry onto networks you have access too (like the internet) but not past that. (ever heard of a firewall or router) At my job I have delt with dozens and dozens of DOS attacks, they effect our internet pressence and that is it, in other words all the operations going on inside the company go on uneffected, Joe teller at a branch has no idea, his email works great and all this account systems are functioning as normal. Beyond that if your network provider has half a brain he can easily dumb most of the incoming trafic by just routing it to NULL. Works great and as a result of that and redundant internet points of entry we have never had anything more than slightly slow responce times to our internet pressence. So I have said it once and I will keep saying it, these guys crying that the sky is falling are just trying to make their jobs seem more important and honestly most of the time don't seem to know what it's like in real world networking and security at all. First off, DOS attacks only work on networks that you have a Botnet on. So for example, if you want to attack a DOD WAN you have to have bots on that WAN network. You can attack that networks points of entry onto networks you have access too (like the internet) but not past that. (ever heard of a firewall or router) At my job I have delt with dozens and dozens of DOS attacks, they effect our internet pressence and that is it, in other words all the operations going on inside the company go on uneffected, Joe teller at a branch has no idea, his email works great and all this account systems are functioning as normal. Beyond that if your network provider has half a brain he can easily dumb most of the incoming trafic by just routing it to NULL. Works great and as a result of that and redundant internet points of entry we have never had anything more than slightly slow responce times to our internet pressence.
So I have said it once and I will keep saying it, these guys crying that the sky is falling are just trying to make their jobs seem more important and honestly most of the time don’t seem to know what it’s like in real world networking and security at all.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87629 unmannedanimal Fri, 31 Oct 2008 11:50:44 +0000 http://deftech.usmilblog.com/?p=4152#comment-87629 @AMMO what confuses me is why the networks you describe as critical are open in the first place. the DoD should run on a closed loop and it should own that loop. @AMMO
what confuses me is why the networks you describe as critical are open in the first place. the DoD should run on a closed loop and it should own that loop.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87628 AMMO Fri, 31 Oct 2008 09:04:41 +0000 http://deftech.usmilblog.com/?p=4152#comment-87628 "Why is it that no one can seem to get their head around the idea that the 'cyber attacks' everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it's nothing." Ok, let's pretend we aren't already in a recession. Money equals time, resources, availability, and manpower. Money runs the world. Whoever has the money, has the power. In publicly-owned companies, who controls the direction of that company? The majority stockholder. So now that we understand how important money is. Now imagine that a major cyber attack is launched against a DoD network. That attack, if successful, could effectively disable that network. As a member of our beloved AF, I know how much the military depends on computers. Sorties, flight schedules, ground ops, physical security, Integrated Base Defense, etc. With a decent cyber attack, you could stop almost all operations on a base for several hours. No casualties of war? How about the SF guys trying to call in airstrikes or gunship support? How about the bomber that is almost out of fuel over the Pacific and needs an inflight refuel? How about the USA general who orders his troops to raid the wrong building because of corrupted intel? Don't belittle cyber warfare. It's dangerous, and once the enemy wields that sword effectively, we're in trouble. “Why is it that no one can seem to get their head around the idea that the ‘cyber attacks’ everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it’s nothing.“
Ok, let’s pretend we aren’t already in a recession. Money equals time, resources, availability, and manpower. Money runs the world. Whoever has the money, has the power. In publicly-owned companies, who controls the direction of that company? The majority stockholder. So now that we understand how important money is. Now imagine that a major cyber attack is launched against a DoD network. That attack, if successful, could effectively disable that network. As a member of our beloved AF, I know how much the military depends on computers. Sorties, flight schedules, ground ops, physical security, Integrated Base Defense, etc. With a decent cyber attack, you could stop almost all operations on a base for several hours. No casualties of war? How about the SF guys trying to call in airstrikes or gunship support? How about the bomber that is almost out of fuel over the Pacific and needs an inflight refuel? How about the USA general who orders his troops to raid the wrong building because of corrupted intel? Don’t belittle cyber warfare. It’s dangerous, and once the enemy wields that sword effectively, we’re in trouble.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-78306 Eizu Fri, 31 Oct 2008 05:09:04 +0000 http://deftech.usmilblog.com/?p=4152#comment-78306 Consider yourself warned: cyber attacks are an "imitate threat"! Consider yourself warned: cyber attacks are an “imitate threat”!

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87627 Ptsfp Thu, 30 Oct 2008 22:58:14 +0000 http://deftech.usmilblog.com/?p=4152#comment-87627 Anyone remember Comical Ali? You know, the Iraqi Information minister who swore that the US was no where near Bagdad whilst the US forces were knocking on the TV station's front door? There was a reason behind this. We owned their computer systems. We were able to place false targets into their systems and remove the real ones. We owned their communications. They had no clue. Granted, many cyber attacks are from misguided teens, but the truth is cyber war is real. The Russians and the Chinese get it. Russia has some of the most active hacker groups in the world. The fact that the US public is so out of touch with this threat is the reason why we are so vulnerable. Anyone remember Comical Ali? You know, the Iraqi Information minister who swore that the US was no where near Bagdad whilst the US forces were knocking on the TV station’s front door?
There was a reason behind this. We owned their computer systems. We were able to place false targets into their systems and remove the real ones. We owned their communications. They had no clue.
Granted, many cyber attacks are from misguided teens, but the truth is cyber war is real. The Russians and the Chinese get it. Russia has some of the most active hacker groups in the world. The fact that the US public is so out of touch with this threat is the reason why we are so vulnerable.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87626 The cenobyte Thu, 30 Oct 2008 18:33:07 +0000 http://deftech.usmilblog.com/?p=4152#comment-87626 When I say we below, I mean the Large US bank I work for. Just cause I know someone will pick nits. When I say we below, I mean the Large US bank I work for. Just cause I know someone will pick nits.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87625 The Cenobyte Thu, 30 Oct 2008 18:31:15 +0000 http://deftech.usmilblog.com/?p=4152#comment-87625 Why is it that no one can seem to get their head around the idea that the 'cyber attacks' everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it's nothing. Network security is not normally where we have security issues. On the list last year for security issues was 99% plus either idiot user lost laptop, or physical security concerns. (And hell we encrypt the laptops drives so even that is mostly a non-issue). As to people being help responsiable for their machines being compromised and being used for cyber attacks, why would we do that? First I would bet that 90% plus of compromised machines are home machines, so are we going to lock up or sue little Billy cause his school laptop was not secured correctly? Give me a break. Hell take little Billy out of it how about we lock you up cause someone broke into your house and stole and knife that he used to kill someone. I mean it's your fault that your house was not secure enough right? I wonder how much money these guys get paid to keep promoting thier own jobs? I know that there are security issues but I it's not the big deal everyone wants to make it. Why is it that no one can seem to get their head around the idea that the ‘cyber attacks’ everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it’s nothing. Network security is not normally where we have security issues. On the list last year for security issues was 99% plus either idiot user lost laptop, or physical security concerns. (And hell we encrypt the laptops drives so even that is mostly a non-issue).
As to people being help responsiable for their machines being compromised and being used for cyber attacks, why would we do that? First I would bet that 90% plus of compromised machines are home machines, so are we going to lock up or sue little Billy cause his school laptop was not secured correctly? Give me a break. Hell take little Billy out of it how about we lock you up cause someone broke into your house and stole and knife that he used to kill someone. I mean it’s your fault that your house was not secure enough right?
I wonder how much money these guys get paid to keep promoting thier own jobs? I know that there are security issues but I it’s not the big deal everyone wants to make it.

]]> http://defensetech.org/2008/10/30/the-enemy-among-us/#comment-87624 Nuke It Thu, 30 Oct 2008 17:16:00 +0000 http://deftech.usmilblog.com/?p=4152#comment-87624 Public knowledge? Oh, you mean most of the public in the US would know this? I doubt it. Using this article, I think about 17% to 30% of the US people don't know this info even thought its "public knowledge." Public knowledge? Oh, you mean most of the public in the US would know this? I doubt it. Using this article, I think about 17% to 30% of the US people don’t know this info even thought its “public knowledge.”

]]>