The Iggblog

Saw this article on Digg today (clicky for full text): U.S. Military are now looking for ways to weaponize hacking.

From the article:
U.S. Defense Department officials were so impressed with the level of coordination between ground military ops and cyberattacks against strategical targets during the recent conflicts, that they are now looking for ways to weaponize hacking. Aviation Week glanced at such a device and reports that it is being designed to be easily used even by non-techy soldiers.

Apparently, there are several devices currently being developed behind closed doors specifically for such purposes, but the one Aviation Week talks about is intriguing. It is basically a highly complex hacking tool designed for the unexperienced that is to turn soldiers into veritable script kiddies. Granted, script kiddies with a lot of firepower.

Script kiddies are widely regarded as being at the bottom of the coding barrel. Whether the government means to refer to soldiers using such devices as such, they basically are making script kiddie boxes. Just as their namesake, script kiddie soldiers would be useful against most civilian targets and most non-hardened or haphazard websites. The irony here being that the stimulus for making these hacking boxes was more sophisticated or coordinated attacks against our own government or military. Any kind of hardware “hack box” that joe blockhead soldier could finger mash would be useless for such an attack.

The device is easily able to map out all the nodes of a given wireless network and, if necessary, cause them to disconnect, then watch them getting back online in order to identify weak spots. Once the best target is determined, the soldier (slash hacker) is presented with several attack attributes and can adjust their respective level by using sliders on a touch-screen. These attributes include, but are not limited to covertness, speed, or collateral damage.

I’m no hacker, and all of those things are quickly and easily accomplished with free tools. Ther are live linux distros that fit on a keychain USB key with all those wireless tools. I don’t think Backtrack has any tools to drop wireless clients, but ARP poisoning is a technique that’ll do it on most wireless nodes. But to do that you’ll need a little talent and patience to learn why and how it works. Ethernet, wired or wireless, is a dumb and gullible protocol. It’s trivial in most cases to fool it into telling you more than you should know, or making it do what you want it to.

I really hope the government is still thinking of employing hackers to do our cyber defense and offense. You can’t weaponize an abstract talent. that’s just not how it works. I’ve always advocated this and I’ll do it again, hacking is a love based skill. A real hacker is a very highly trained and very disciplined person, even if it’s all self taught. You can’t distill that and drop it in a box for anyone to use. Deploying script kiddie soldiers against an enemy with even a couple moderately skilled personnel would be like beating a tank with a baseball bat. And about as good on defense when the tank fires back. Never mind when (not if) any enemy gets their hands on these devices and analyzes them.

Originally published at The IggBlog. You can comment here or there.