Tuesday, May 13, 2008

The US Air Force Wants to Hack Your Computer

Edit:TG below points out that the original news sources appeared to be in error. The original USAF proposals says "The U.S. would not, and need not, infect unwitting computers as zombies." My apologies. Should have checked the original USAF article.

According to recent news reports the US Air Force is considering constructing a botnet to use in future conflicts. A botnet is a large collection of computers controlled together for nefarious ends. These uses include generating spam or launching denial of service attacks where all the computers make information requests to a server or website in a short period of time to knock it offline. The Air Force wants botnets to knock out enemies’ computer networks and engage in similar cyberwarfare.

Unfortunately, the USAF thinks that the “military should consider infecting civilian machines with trojans, making them potential zombies, should the need for the botnet's use arise.” In English that means the Air Force is thinking about putting computer viruses on your computer without your permission to be used for military purposes. There’s no way to prevent the military from also using these infections as opportunities to spy on civilian computers. There’s also the problem that even well designed viruses will frequently have unintended consequences and can corrupt your data or allow unauthorized third parties access to your machine.

From this description, it sounds like the USAF wouldn’t even alert you to the fact that they had infected your machine. Whatever happened to the right of due process to protect life, liberty and property? Infecting, controlling and potentially damaging my property without even letting me know is about as far from due process as you can get. The Air Force is considering acting like an unethical hacker. I suspect that many people would be willing to install such software if the USAF asked for volunteers. I’d certainly consider it. But this plan, as it is stated, ignores our basic property rights and civil liberties.


TG said...

Your source misread the original article: http://www.armedforcesjournal.com/2008/05/3375884
The author specifically states that he is NOT proposing covertly infecting personal computers. By "civilian," he means non-military government entities, such as the EPA, the DOJ, the IRS, etc. The government would install these bots and use them in crisis situations, probably only with a presidential order.

No need for an ACLU lawsuit just yet.

Joshua said...

Thanks for catching that. That does more or less make this entire post incorrect. Good to know the US military isn't going thinking of infecting our computers.

Dunc said...


I think if the number of government computers is too low the US military, (not quite sure why it's just the USAF), could obtain enough volunteers who would do their patriotic duty and enlist their computers as reservists?

Jim Lippard said...

It's still a bad idea, as I've argued at my blog and on the Armed Forces Journal's online forums.