back to article US Air Force halts plans to establish a Cyber Command

The US Air Force has suspended plans to build a provisional unit designed to make it the dominant service in cyberspace. According to NextGov, top Air Force officials put an immediate halt to the establishment of a Cyber Command, which had been scheduled to be operational by October. Development will now be delayed until new …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Gates Horns

    Done Deal

    > "One USAF colonel has gone so far as proposing the service build its own botnet to mount massive denial-of-service counterattacks on adversaries that attack US networks first."

    They already have - it's called Microsoft Windows, replete with NSA backdoor.

  2. Matt

    That, and the nasty habit losing Nukes...

    If I heard the radio right, just in the past few days the USAF just received it's new, permanent command general following the firing of the civilian & military bosses after the two incidents of flying armed nukes over the continental U.S. (without realizing it...) and the nuke fuse that ended up in Okinawa or somewhere way were it shouldn't have been.

    Anyway, my guess is he's put a halt to all the peripheral stuff until they can get the basic SOPs clicking again.

    Oh, and with the guns of August once again sounding in the distance, figuring out how to fight a two front war against Iran and Russia. Because God, and every other sentient being, knows Bush, McCain, and Obama are all fully capable of stumbling into it.

  3. Herby

    So this is why Vista runs so slow...

    ...they already did it (as noted above). Maybe that is why the government doesn't anyone to use Linux. Of course, it could be incorporated in the BIOS code, but that might be more difficult for Microsoft to do!

  4. Flocke Kroes Silver badge
    Black Helicopters

    Quick: Lock up McKinnon

    If the US build Skynet, they will have to find ways to prevent it from being used against them:

    1) lock up everyone capable of looking for accounts with empty or simple passwords.

    2) publish some fake UFO reports to keep conspiracy theorists busy.

    I am not sure why the US bothers with armed forces. They should just threaten to sue anyone who attacks them.

  5. Aeternus

    More difficult indeed...

    ... since most BIOSses are integrated in the far east. In countries like Taiwan and... China?

  6. Anonymous Coward
    Black Helicopters

    @Herby

    Microsoft don't have anything to do with your BIOS...

    Also, I wonder what sort of software and hardware they'll be using... you think they'll have guys sat at computer terminals, or a full 3D VR representation of the internet?

    Stick a cable in the back of some of the more major routers worldwide and you could harvest vast amounts of data to help create a coherent picture of what's happenning in the virtual world!

    Actually, with a decent way of visualising the data and said hookup to those more major routers you could manipulate the data as it went along very simply.

    Ah, t'would be great to have that sort of access...

  7. Anonymous Coward
    Black Helicopters

    BIOS, ACPI

    ... and other "vendor" code is on every system, isn't optional and is rarely (if ever) vetted. That's quite some potential for mischief!

  8. Al
    Black Helicopters

    The Yanks attacking in cyberspace? G_d help us all....

    With their record for 'friendly fire' attacks, how long before sites in the UK get shut down in error.

    We're doomed. Doomed!

  9. Abbro56

    No need to worry...

    about "friendly fire" until we are done shooting ourself in the foot.

  10. Anonymous Coward
    Alert

    @Al

    "...before sites in the UK get shut down in error..."

    It's already started - AOL have been blocking our email for years.

    "Subdomain? What's a subdomain?"

  11. James Monnett

    @ AC

    Why bother with a cable when a few lines of code can make the server send you all it knows, and modify it any way you please, using someone ELSE's cable.

    Make the otehr Sod by the hardware.

  12. Jesse
    Boffin

    OMG a serious post?

    The DOD needs to make a new branch specifically for cyberwarfare if they deem it necessary (aside from the NSA).

    That said, why doesn't the NSA just handle it? Or do we need a specific command complete with Media Relations officers so that dipshit Americans can be assured their data is safe via canned statements?

  13. David Eddleman
    Flame

    Re: Done Deal

    Oh what a conspiracy theorist. I bet you think that Majestic 12 are real and there's alien research going on at Area 51.

  14. Duffy
    Black Helicopters

    America already has cybercommand aside from NSA

    The secret service is now responsible for "civilian" internet protection along with Homeland Security and the Justice Department (trust me, I'm not feeling safe or secure).

    Defense Secretary Gates had long been demanding the Air Force to do more in today's fighting (building/fielding drones, sending boots on the ground to help fight) instead of focusing on stealth fighters and satellites.

  15. Anonymous Coward
    Pirate

    @David Eddleman

    Not that good at spotting bait, are you?

  16. This post has been deleted by a moderator

  17. jay margo
    Black Helicopters

    @ Herby

    It IS "being incorporated in the BIOS code."

    The recent theft of a client's computer, and its subsequent appearance on my remote support dashboard, lead me to speaking with the police investigator, who asked me to install "Computrace/Lojack for Laptops" through the remote client.

    He then tells me that most newer machines from Dell, HP, Toshiba, etc already have “Computrace/Lojack” on the BIOS, and it only takes the service tag number and a simple call from the local sheriff/constable to turn it on. No NSA/MI5 involvement required.

    See: http://www.absolute.com/products-bios-enabled-computers.asp

    Where's your Linux security now, Moses?

  18. Zmodem

    like nipple sheilds

    a website running on a box in the corner of a basement cant affect a countries security. especially when the military can have its own personal 2 way satalite for a WAN to communicate with bases around the planet. which is probaly what the GPS sat it

This topic is closed for new posts.

Other stories you might like

  • America edges closer to a federal data privacy law, not that anyone can agree on it
    What do we want? Safeguards on information! How do we want it? Er, someone help!

    American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.

    The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.

    Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).

    Continue reading
  • Brave roasts DuckDuckGo over Bing privacy exception
    Search biz hits back at 'misleading' claims, saga lifts lid on Microsoft's web tracking advice

    Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers.

    Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway.

    "For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."

    Continue reading
  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • Now Windows Follina zero-day exploited to infect PCs with Qbot
    Data-stealing malware also paired with Black Basta ransomware gang

    Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.

    The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.

    This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading
  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading

Biting the hand that feeds IT © 1998–2022