New US Cyber offensive paradigm
Many foreign Intelligence agencys and hackers
use the DOD and Government networks
for cyber target practice.
As there is little or no consequence to attacking them.
And there have been cyber pundits that have argued
one cannot attack them back as it might be a bot
on some innocent persons PC or even a critical
PC, like a hospital and have made that argument
as a reason to remain passive, a safe fire wall for
hackers to pound on.
Playing Defense: Lt. Gen.William T Lord "enemy will batter away at our applications" (They are erecting coastal defenses a Maginot Line....G ) through rigorous testing, and then apply program management office money to fix any holes, as opposed to funding the next new release of capability.
The US Government has been providing free,
safe training targets for hackers, as they have
no offensive force.
This paradigm is a method of addressing
that passivity and providing a consequence for
attacking the DOD or other Government networks.
The first question is Who is attacking,
if its a bot net there are ways of determining that.
Internet Anthropologist Think Tank: WarIntel Bot probe
If its a bot net attacking there are indicators, one can
even tell what kind of bot net is attacking.
On all attacks one gets an IP, which is enlightening,
running a "Whois" on it can tell if it belongs to a hospital
or bank, sometimes. Other times its almost useless.
And there are "POP UPs" that can get around your
anti-pop up soft ware.
Even persistent pop ups, the only way to knock them down
is click on them, and get infected or close and reopen your
entire browser and all tabs.
We discovered them during a Porno operation.
Internet Anthropologist Think Tank: Porn as Infowar weapon.
And for repeat offenders we have "Cyber Chain guns"
with persistent adventures.
Internet Anthropologist Think Tank: IATT Cyber capabilities
Which will identify the attacker, and stay with him like a WART.
And allow one to dispense justice on ones own time line as
their ID is discovered and according to their offense.
And Jester has a cyber side arm that can take an IP off line
for up to 8 days, thats all he has demonstrated so far.
Ok we now have all the tools, and in working proof of concept.
How do they work together?
Upon the first attack the IP is logged and a Whois is automatically
run looking for soft critical targets, like hospitals ect.
And 'if' and the kind of bot net is checked.
And a semi persistent pop up is sent.
That is a pop up that stops the PC owner from
knocking/closing it down, but allows them to open other
tabs and recreate the blocked tab.
The pop up also gives an emergency phone number
for its removal in critical situations.
If its a known bot net a link to bot removal is provided.
And a warning that that PC attacked a critical US network.
And told if that PC attacks again it maybe blocked from
connecting to the WWW for 15 min up to 8 days.
So if its a hospital in a critical operation they can call
for immediate removal of the popup blocking the critical
tab. Or open a new tab and recreate the window.
A log of the attackers IP is recorded.
The next attack a Jester type attack is launched
cutting that IP off from the WWW for 15 min.
The third time an hour.
And each time persistent pop up is included,
maybe one that causes them to reboot their
browser to regain control or click a link which
launches some key exploit to further ID them.
And at some point we can fire the "chain gun"
launching a myriad of adventures or exploits,
to penetrate the attacker for ID purposes or punishment.
If they are using a proxy we penetrate it and
track and collect real IP.
Google attempted this in a timid way
when they were attacked.
We have the technology, and can safely deploy
it, but who has the leadership and power to
deploy it, finally a cyber offensive to hacker attacks.
Tactical Internet Systems analyst.