Russian Cyber Attacks and Capability
I’m going to break with a blog rule I have and directly offer a suggestion to the government of the United States.
This breaks my rule against suggesting policy — rather than commenting on policy. My rule exists because nobody elected me, and I respect that process, if I was responsible for crafting policy AND commenting on that policy’s probable effects, I would be compromised at both, by the intellectual dishonesty of the situation.
So, I choose to comment. Normally. However, every now and then I have an idea — I just have to write about — because I can’t wait patiently enough for the idea to bubble up somewhere else. I’ve got ants in my pants as my grandmother used to say.
The FBI has just released copies — of pieces of Russian hacker code – to major US corporations, so the corporate systems people can compare this “finger printed” code segments to their existing and historical back-up data, and reconstruct any intrusion, and/or leave behinds — from Russian intelligence cyber attack groups — of which there are many; and which are also among the most creative in the world.
I’m not guessing about this, or commenting on other peoples work, my partner and I (he is in Copenhagen Denmark) used programmers from all over the world on our projects — and the Russians were among the best and most importantly — the most creative.
But the FBI needs to go further. When a computer, even a home computer, connects to the DoD network, the network performs a browser scan (and possibly deeper depending upon factors gathered at the connect) of the computer.
The FBI, in collaboration with the DoD, should set up a website where normal Americans, not connected to a corporate entity with an IT department, can log in, and allow the DoD browser sniffer/scanning software — to look for Russian intelligence code.
Now a long list of people will say “Whoa, that’s big brother, I don’t want the DoD looking up my computers tailpipe.” AND that’s why it will be voluntary.
Because a lot of other Americans, who don’t have anything to hide, or not a lot anyway, BUT would like to know: which bots? and to what extent is Russian malware and/or bots present outside the corporate world?
I know Obama is busy here at the end and McCain and Graham are on this, but they have the technology over ay DoD, they should deploy it through a voluntary program and nail down the full extent of this, right now, before some other bot, erases the presence of the first bot.