Protecting against cyberwarfare, one email at a time

by Paul Jay, CBCNews.ca

Earlier this week in London, military strategists and computer security experts got together to talk about a different kind of warfare: the threat posed by botnets, not bombs.

And coming out of the Cyber Warfare Conference, officials from the U.S. appear to be talking tough about avoiding the fate of Estonia in May 2007, which had its internet infrastructure forced offline for days after an attack by a network of software robots running on corrupted computers.

U.S. Air Force Lieutenant general Robert J. Elder Jr. on Friday even went a step further, suggesting to ZDNet.co.uk that the recently established Air Force Cyber Command wants to develop the ability to attack enemy forces as well as defend homeland infrastructure.

As Technology news site C-Net reports, Elder said:

"Offensive cyberattacks in network warfare make kinetic attacks more effective, (for example) if we take out an adversary's integrated defense systems or weapons systems. This is exploiting cyber to achieve our objectives."

The U.S. Air Force isn't the only military unit making plans against internet security breaches. Earlier this week it was revealed that the U.S. Army is also running its own, more ground level, security tests.

According to a report in Stars and Stripes, the Army decided to test the gullibility of its servicemen by offering free tickets to theme parks through a bogus email claiming to represent the Army Family and Morale, Welfare and Recreation Command.

The email directed users to a website to receive the free tickets, which then asked them to give personal information such as name, address, phone number and e-mail address. The Army hasn't published the results of the test, but said no actual personal data was collected.

While the Air Force plans appear to be focused on the co-ordinated capability of hackers in incidents like the Estonia attack, it's worth noting that security experts often say that it is the end user, and not the system itself, which often decides whether a security breach occurs, and that these breaches are often remarkably low-tech.

In other words, it's not the genius hacker who cracks 15 different codes to access a government server who causes trouble, but rather the one who can dupe millions of people into downloading "free" porn with a Trojan virus.