Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Government Botnet Security United States

US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet 367

Posted by Soulskill from the distributed-denial-of-espionage-attack dept.
An anonymous reader sends this news from the Washington Post: "U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents [from Edward Snowden]. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. ... The implants that [an NSA group called Tailored Access Operations (TAO)] creates are intended to persist through software and equipment upgrades, to copy stored data, 'harvest' communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others."
This discussion has been archived. No new comments can be posted.

US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet More

US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet

Comments Filter:

  • Conspiracy theory: Bitcoin crash of April 2013 (Score:4, Informative)

    by elucido ( 870205 ) on Saturday August 31, 2013 @11:33PM (#44728255)

    Who believes the US government had something to do with it?
    Suddenly after meeting with regulators the price recovers?
    Conclusion: Promote regulation of the Bitcoin network as it's correlated with a rise in the price.

  • Re:i thought snowden.... (Score:4, Informative)

    by DrLang21 ( 900992 ) on Saturday August 31, 2013 @11:58PM (#44728429)
    He had already leaked it all to the Guardian. The information is out now. He just can't effectively comment on any of it anymore.

  • Re:Serious question for the Linux community (Score:5, Informative)

    by tftp ( 111690 ) on Sunday September 01, 2013 @01:23AM (#44728843) Homepage

    I bet that if such a backdoor was discovered by China or Russia, that they'd use it as a propaganda weapon and we'd thus know about it.

    It would be more realistic to expect them to use the backdoor to their advantage, while it lasts.

    Some backdoors are very hard to detect because there is no obvious bug or a backdoor in any one place; with the size of the code base as it is, who would be crawling through the source of some USB driver that works just fine? As a crude example:

    static int a[MAX_LENGTH];
    void ioctl_handler(int i, int d) {
    int *p = &a[0] + GetOffset(i, MAX_LENGTH);
    *p = d;
    }

    There is no bug here. Now, elsewhere:

    int GetOffset(int i, int len) { return (i < len?) i : (len-1); }

    Welcome to poking any RAM location of your choice (limited only by sizeof(int).)

  • Re:Allies? (Score:1, Informative)

    by cold fjord ( 826450 ) on Sunday September 01, 2013 @03:04AM (#44729269)

    John Bolton [theguardian.com] has a more nuanced view. No doubt you will disagree.

  • Countermeasure: Type Safety (Score:2, Informative)

    by Anonymous Coward on Sunday September 01, 2013 @09:53AM (#44730441)

    Many if not most of these "cyber warfare domain" exploits can be traced to the C and C++ languages and the sloppy idioms (such as char* or void* pointers) which are prevalent amongst the users of said languages. Even highly skilled and experienced developers created things like the "ping of death".

    Then there is the PHP language, where they try to "make it easier and faster to create software by adding convenience features and removing typing" and the end result is a horrible mess of security-related side effects nobody seems to be able to get a handle onto.

    Sometimes I think both C and PHP were invented by people who considered Pascal and Ada as "too secure".

    In my opinion as an Applied Computer Scientist and Software Engineer (I do think this is a critical distinction from "programmer"), memory safe/type safe programming languages can significantly reduce the potential for exploitable bugs. So can sandboxing technologies like AppArmor, SE Linux or Sandboxie.

    We the computer science community need to do something about it or face the well of our wealth be poisoned by the psychological effects of cyber crime and cyber warfare: "Never store anything critical on a computer, don't you know everything is hackable !".

    I created a tailored AppArmor profile for firefox years ago and it cost me about a day. Every software engineer can do that, given determination.

    Then I spent serious time on making a memory-safe C++ variant named Sappeur:

    http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/doc/SAPPEUR.pdf?format=raw

    http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close