nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

US military spies: We'll capture enemy malware, tweak it, lob it right back at our adversaries

Collateral damage in 3, 2, 1…

By Iain Thomson, 15 Aug 2017

The US Defense Intelligence Agency has vowed to capture enemy malware, study and customize it, and then turn the software nasties on their creators.

Speaking at the US Department of Defense Intelligence Information Systems (DoDIIS) conference in Missouri on Monday, the head of the agency Lieutenant General Vincent Stewart told attendees that the US was tired of just taking hits from outside players, can so it was planning to strike back.

"Once we've isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use against us," he said. "We must disrupt to exist."

Speaking in front of a cheesy animated world map of simulated cyber-attacks, built by defunct security biz Norse, Stewart said that the traditional stance of the US has been defensive: intrusions would be detected, and infections would be cleaned up. But this would change, he said.

There are a few worries to spring to mind: one is that miscreants, whether state-backed hackers or independent crews, typically use networks and other infrastructure shared with innocent folks: from email to web hosts to ISPs. Malware commandeered by Uncle Sam and launched back at the bad guys could knock out important civilian systems.

Also, attribution is difficult at the best of times – in other words, it's tricky to be sure who exactly is behind a truly sophisticated attack – so the malware may be flung in the face of a party that had nothing to do with the original assault. A Trojan built by a teenager in a São Paulo bedroom could be incorrectly pinned on Iranian or Russian or Venezuelan government spies, leading to all sorts of awkward conversations at the embassy.

While the DIA employs a very high standard of hacker, flinging repurposed malware at enemies is, to us, a high-risk maneuver. The chances of a server in, say, Uzbekistan getting fried because some other state-sponsored hacker was using it to attack America are very high.

This is also somewhat outside of the DIA's remit. Online warfare is best handled by the NSA and US Cyber Command, which really do have the best hackers on the US taxpayers' payroll. Then again, the DIA does have something of a reputation for wanting more digital responsibilities. ®

PS: The DIA said it used Norse's map because the conference was (U) unclassified, and thus a pretty animated map was the best it had to hand without leaking classified material.

The Register - Independent news and views for the tech community. Part of Situation Publishing