Lieutenant General Vincent Stewart of the Defense Intelligence Agency laid out his plan for the United States Government to hack back attackers that hack the government. The DIA’s plan is to capture the code or malware being used to attack them and reengineer it to then be used to attacker the hacker back. There are many questions to be asked, but I will start with what if the attacker is using Tor to hide their Internet Protocol address, who would the DIA attack then? The Tor network? Hacks can even be masked to appear as if they are coming from somewhere else rather than the source that is being displayed, in this scenario who would the DIA attack?
Lieutenant General Vincent Stewart revealed the DIA’s new plan at the US Department of Defense Intelligence Information Systems conference in Missouri in which he said: “once we’ve isolated malware, I want to re-engineer it and prep to use it against the same adversary who sought to use against us, we must disrupt to exist.” Isn’t Marcus Hutchin’s under federal indictment for allegedly “writing malicious code”, but it appears to be perfectly plausible for the Defense Intelligence Agency to re-engineer code to then be used as a weapon? Is the DIA going to attack state actors from North Korea who hacks us the same as we treat a 14-year-old from Romania? The intelligence community has had more leaks and security breaches than all other government agencies combined, the public was disturbed to find out about the stockpile of cyber weapons the CIA had hoarded and we now are witnessing the Defense Intelligence Agency falling down the same well the CIA did. The DIA will paint this new initiative as a way to further protect the public, but all you have to do is look at the attendees to realize who this hack back plan by the DIA is really protecting. The attendees included Xerox, FireEye, Microsoft, the NFL, and DataRobot.
The Cheif Financial Officer at the DIA went a step further at this event than his boss did by saying the United States Government will no longer be defensive but rather offensive in response to attacks. The DIA claims that for years our government’s way of defending against attacks has been to find ways to make our defense stronger, but the DIA’s new plan will enable DIA agents to actively write malware to be used as a weapon “In the past, we have looked inward, focusing on improving our internal processes, business practices, and integration, Janice Glover-Jones said. “Today we are looking outward, directly at the threat. The adversary is moving at a faster pace than ever before, and we must continue to stay one step ahead.”
Commander William Marks of the U.S. Navy displayed the most stupidity by broadly claiming “threats are no longer constrained by international borders, economics or military might. They have no borders, age limits or language barriers, or identity.” Mr .Commander, they never have. It’s the fuckin internet, it’s never been contained by borders or age or any of the other things the Commander mentioned it reminds me of the time when national leaders ignorantly proclaimed “we can’t understand any of this stuff, bring in the geeks” to which the room erupted in laughter, but there was nothing funny to me. These are the very same people who write and vote on the laws of the Internet and they couldn’t even create their own email, it’s pathetic.
Ben Johnson, CTO of Obsidian Security said the following “the average organization, even in the federal space, has a tough enough time defending against and investigating breaches. What would make any of us think they could surgically conduct counter attacks that wouldn’t cause problems or take down critical infrastructure?” As the Reader, you read this quote and you’re like this makes sense to me, that’s because a geek said it. Mr. Johnson sternly warned that using code against an attacker can openly show the government’s hand in how they attack. “This, much like WannaCry, could lead to national-level capabilities being commonplace among the non-sophisticated nuisance groups, therefore accelerating the cyber arms race. I applaud the DIA and other organizations for attempting to disrupt adversarial capabilities, but this is also an instance where we need to clearly define what disrupt means,” Johnson said.
U.S. Cyber Command chief Admiral Mike Rogers warned that such initiatives could create unintended consequences, creating additional risks and potentially muddying attempts at pinpointing the source of cyber attacks. “My concern is, be leery of putting more gunfighters out on the street in the Wild West,” Rogers told a House Armed Services subcommittee earlier this year. Someone in Washington might actually have a brain if the DIA does start to write malicious code is guaranteeing it will be used by someone other than the DIA in the near future whether it’s leaked like we’ve seen at the CIA or sold in our ever-growing Cyber Industrial Complex. Writing and hoarding tools of cyber warfare will inevitably cause the very same codes the DIA writes to be used against the American public and government. This will only allow these cyber-security companies to sell more product to the consumer and to convince companies like Microsoft that they need Cyber Industrial Complex government contractors to protect them. The Cyber Industrial Complex is real, it’s here and it’s more threatening to our sovereignty than the Military Industrial Complex.
By Joziah – @Dapeaple
We the people
Exuding free speech
Deserve nothing less than
Altruism
WEDA Coalition 