USA safe Cyber target

More of our INTEL

The US Government has an obligation to protect

American citizens, and they take that very seriously.

911 and 10 years the US Military are still after the

perps, still at war over the attack.

But this paradigm to protect Americans has

broken down on the WWW.

US servers and web sites are fair game for

attacks, and the US Government provides

NO protection, none, abject failure of the

Governments primary function to protect

Americans. 

There has been alot of talk about having

to have a Government presents on the

Civilian servers in order to protect them.

And its just not true. We don't need a

cop in our home to get protection against

intruders.

Nor do we need a Government program on

our PCs to get some protection against

cyber intrusions or perps.

The Government has a system set up

to report cyber crime, and its a complaint

warehouse. They just collect stats.

What would a US Police force on the US

WWW look like, how would it work.

It would have to be run by a cyber savvy

leader with Balls, not a timid bureaucrat.

One can monitor web sites performance 

and up and down times from an external

source, no intrusion into the PC.

Just a measure of % of up and down

sites, DDos attacks will provide a 

base metric.

They would not be looking to block 

intrusions or harden any security.

They would be looking to provide

some deterrence.

They would be building the capability

to spot an attack in real time,

and then intervene and track perps

with real time penetration,

and take out the attacking perp.

Burn up his PC, plant rootkits,

erase his hard drive, and do 

very nasty things to him.

Identify his real persona, real

world ID, and track and abuse him

in real world and the WWW.

Back tracking and penetrating

in real time would allow a complete

and accurate ID of the perp.

If there is an attack in the real world,

the police do not wait to intervene

until they ID the perp, they counter

attack and take the perp down.

This to can be done on the WWW.

The concept is to develop some

deterrence, kick the hell out

of some of the perps, mess them

up, screw with them for months.

You don't need evidence to intervene

in an attack. You do need evidence

to prosecute.

And we are making a definitive difference

between the two.

During the attack its ok to 'shoot',

to drive them away, stop the attack.

There is the capability to penetrate

PCs real time during an attack.

Some of the attacks go on for

hours.

The Government should consider

developing a force to do just that.

Penetrate the attackers through VPNs

and proxys trace the attack to the source.

I'm not saying it would be easy, but

Google demonstrated the principle

during the attacks on their network.

It can be done.

The Paradigm now is America is an

easy rich target environment, and

virtually no down side risk to attack.

You can beat on their firewalls with

impunity, they are not going to come 

out side the firewalls and come after

you.

US needs to end this paradigm,

and stop being a target for wana

bees and a safe training ground for

hackers.

NO one is afraid to attack US .mil

or .gov sites, why would they be.

Prosecution? very low risk, to

much effort to collect evidence,

to much time to prosecute, to distant

for trial, trouble with treatys.

That is not the case for self defense.

They attack, you counter attack,

attach some heavy cyber consequence

to an attack on American.

Cyber bloody some noses, 

and publish the attack, the real

names, no prosecution,

PUNISH THE ATTACKERS,

IN REAL TIME.

The potential is there, its

been demonstrated.

Its do-able.

Enough with the victim whining

paradigm, time to move to the

new Sheriff in town operation.

Kick some perp ass,

get a reputation for offense.

Not just a target mentality.

Cyber Battleship

Gerald

War Anthropologist

.

The perps that Hacked Jawa Report.

.