UK developing cyber-weapons to counter cyber war threat

News Stories that Pirates should know about

UK developing cyber-weapons to counter cyber war threat

Postby borgs8472 » Tue May 31, 2011 9:05 pm

http://www.guardian.co.uk/uk/2011/may/3 ... -offensive
The UK is developing a cyber-weapons programme that will give ministers an attacking capability to help counter growing threats to national security from cyberspace, the Guardian has learned.

Whitehall officials have revealed that the UK needs to have a new range of offensive options, and not just bolster defences around the country's critical services and government departments, which regularly come under attack from hackers.


Several articles in the Guardian about this today as including a recap on stuxnet, the first known major state sponsored act of cybercrime aimed at offline architecture.

Today at work we are calculating operational costs for a large Saudi owned client who want anti ddos protection option as a standard. It's going to me up to me to find a decent supplier for this service, after which we'll routinely sell the anti ddos option as standard with all hosting we do.

Shit is frankly, getting real on the internet as I see large scale internet crime change from being the exception to being the norm. If you're not protected against it, you at least want a quick option to be should something like this happen.

Anyhow, the government having offensive 'cyberweapons'? What do we think? Well, on one hand the government will probably manage to mess a few things up and get things wrong a few times, but I have the feeling there is a beginning of a mutinational arms race finally showing its face, where you simple have to have these services as a deterrant to attack.

What kinds of cyberweapons are on the cards? Please link me if anyone can find anything else, but I'm assuming it'll be of two varieties, botnets and viruses, the things that are hard to ethically deploy. (I almost count spam here, but we're fighting an incremental war here that is evolving over time)

Botnets
First of all with the botnets, a legal botnet is expensive, but not necessarily prohibatively so. One would take out a very varied range of cheap but bandwidth burstable accounts on shared or VPS hosting from a variety of suppliers all around the world. All purchases would have to be done via a series of shell accounts to cover the fact the funds came from the government. Assuming one can set up with 1000 small (£20k/month?) and 100 large (another £20k/month?) accounts, you hook them into your obscurcated command and control server and send software updates and orders to this. I wouldn't be surprised if this is the sort of project we'd collaborate with the US on.

To do so illegally would involve infecting home pcs and playing the same game as the cybercrooks so I don't seeing a legitimate government backed attempt doing that.

Viruses
Secondly, viruses. The stuxnet worm was exceptional in that it knew 4 zero day windows exploits, and that it had a deep knowledge of Iranian power plant control systems. I'm sure we can all believe the government knows a few zero days exploits, or could find their own if they had to. It also has the existing espionage infrastructure in place to audit target systems before attack as well as perform the initial insertion. But the question I ask myself, do we really have to fear the offline effects of an online attack? Currently, I say no, stuxnet was the exception, not the rule.

In the old days of the internet, securing your basic forms site against SQL injection was the exception, not the norm. That changed long ago with the rise of ecommerce. As I said, people are now starting to want anti ddos options as standard. Will critical offline machinary now come with warnings:

Warning, do not connect control machine to a Windows PC
or even
Warning, administer from local console only

Not yet they won't, but questions will be raised about existing IT consolidation and support projects. Industrial automation experts and intergrators will be getting pay rises. The concept of IT being 'mission critical' and not just something that you get on your computer, but something that is a part of your everyday life, all around you will spread.
User avatar
borgs8472
Space Pirate
 
Posts: 1984
Joined: Mon Aug 31, 2009 7:34 pm
Location: London

Re: UK developing cyber-weapons to counter cyber war threat

Postby Gavman » Wed Jun 01, 2011 12:30 am

"Several articles in the Guardian about this today as including a recap on stuxnet, the first known major state sponsored act of cybercrime aimed at offline architecture."
^^ no, believed to be state sponsored there is no real proof to back up this allegation

Also any same admin regardless of platform should ensure that to their knowledge they are protected and yes this may mean resorting to black-hat techniques sometimes.
* assange () has joined #ppuk
* Obama () has joined #ppuk
* assange slaps Obama around a bit with a large fishbot
User avatar
Gavman
Swashbuckler
 
Posts: 672
Joined: Wed May 27, 2009 9:12 am

Re: UK developing cyber-weapons to counter cyber war threat

Postby scottishduck » Wed Jun 01, 2011 8:06 am

It will likely be DDoS, it's the only reliable method of attack.
Member of the Board of Governors. Email me at M.Wood@pirateparty.org.uk
New Job - Vice-Secretary for Whistleblowing at PPI
##Idling or not, I will be on IRC at pretty much any time irc://irc.piratpartiet.se/#ppuk##
Follow me on twitter! @MC_StallmanVEVO
User avatar
scottishduck
1st Mate
 
Posts: 295
Joined: Mon Nov 09, 2009 9:07 pm
Location: Lochgilphead, Argyll and Bute


Return to News Stories & Web Links

Who is online

Users browsing this forum: No registered users and 1 guest

cron
X
We use cookies to provide you the best possible experience on our website. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this website. If you would like to, you can change how your browser controls cookies at any time.
You can also view our Privacy Policy
I understand. Don't show me this message again.