Pentagon has list of "cyber-weapons" for use in computer warfare

At the Washington Post, Ellen Nakashima has a story this evening about a list of cyber-weapons and tools (for instance, malware with which to attack an enemy state's infrastructure networks) for computer warfare. The list of capabilities is classified, and has been in use for several months. Other US agencies, including the CIA, have approved it, and the list is now of the Pentagon's set of weapons or "fires" approved for use against an adversary. Snip:

"So whether it's a tank, an M-16 or a computer virus, it's going to follow the same rules so that we can understand how to employ it, when you can use it, when you can't, what you can and can't use," a senior military official said.
The integration of cyber-technologies into a formal structure of approved capabilities is perhaps the most significant operational development in military cyber-doctrine in years, the senior military official said.
The framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later. The military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate. Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said.

List of cyber-weapons developed by Pentagon to streamline computer warfare (WaPo)

Pentagon: Hacking can count as an act of war

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE: News • politics • security • Technology • war

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

Anonymous

Gosh, but what if they all have Mac’s?
Anonymous

I’m sure Windows Vista is on the list of cyber weapons. That thing is a trap!
Forwardista

They forgot to list Microsoft SharePoint!

I wouldn’t be surprised to learn that Microsoft SharePoint was designed by terrorists or communists or communist terrorists.
Antinous / Moderator

I can’t wait to see Ahmadinejad’s reaction to 2Girls1Cup.
- teapot
  
  That dirty little shit-eater will probably take notes.
Sam125

Whoa this is pretty heavy stuff. Well, I guess it was just a matter of time.
nate_freewheel

Typical. Humans create a new way to express their desire for community, enlightenment, and the spread of creativity, and the government only sees weapons. Could we write anything more absurd?
IL Denizen

So let me get this straight… if another government hacks into US computers – that could be deemed an act of war. But if we do this, it is just… um… “gathering intelligence?”
Gotta love the double standard…
- Rindan
  
  So let me get this straight… if another government hacks into US computers – that could be deemed an act of war. But if we do this, it is just… um… “gathering intelligence?”
  Gotta love the double standard…
  
  Hacking isn’t an act of war. It just can be an act of war. So, breaking into some US computers to steal information might provoke a similar response, but it wouldn’t be an act of war any more than a couple of your spies getting caught would be. Breaking into a US computer running a nuclear power plant and causing it to melt down… probably an act of war that is going to get you the guns and bombs treatment.
  
  I actually and kind of happy about what the Pentagon has done here. Hacking does have the potential to be very destructive. An alleged old sk00l hack the US did against the USSR was plant bad designs for a some pipe line that resulted in the pipes destruction (though accounts vary): http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage
  
  These are “weapons”. They might range from more or less harmless (Goatse spam), to something much more destructive. The Stuxnet virus for instance managed to kick the Iranian nuclear program back a year or two. That was an extremely specialized virus intended to harm only a very specific piece of infrastructure. It doesn’t take a lot of imagination to think up ways to leverage that kind of virus deployment that might knock down a power grid instead some secret nuclear centrifuges.
  
  The big advantage of classifying these as “weapons”, is that there is a clear chain of command in deploying them. Some board middle manager type now can’t deploy the “cause China’s power grid to go down” virus because he is having a bad day. He has to go through the same chain of command that it would take to authorize sending a handful of cruise missiles into China. This is a good thing.
Anonymous

A question.

There is, now, a classified list of “something” that is a “cyber-weapon”. Anything that is a “cyber-weapon” is normally information by itself, rather than a physical object, and is, more often than not, based on a knowledge of a fault in something else and software to exploit that fault to breach security.

Right? So.

Does this mean that known exploits in common systems can now be qualified as “cyber weapons”, fall under export prevention laws and become US national secrets, so patching them, or exporting the patch, becomes illegal?
Anonymous

I think we can all agree that it’s completely wrong for the government to have the capability to engage in cyber warfare. Only Anonymous should be allowed to do that sort of thing.
Anonymous

What the heck is a “beacon” in this context?!?!

“Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said.”
bkad

So let me get this straight… if another government hacks into US computers – that could be deemed an act of war. But if we do this, it is just… um… “gathering intelligence?”
Gotta love the double standard..

I believe the language in yesterday’s article is that hacking can be an act of war (not necessarily is). So I’m not sure there’s a double standard. Maybe the physical metaphor is ‘bombing your buildings’ is an act of war, but sneaking people in over the boarder take pictures of all your weapons factories and make battle plans is just business as usual. Espionage has a long history in the modern world as one of those things all countries do to all other countries. It’s almost socially acceptable. Though it isn’t so nice for specific individuals who are caught, people aren’t usually concerned, politically speaking, about British and Israeli spies in the US, or US spies in China. I suspect spies are caught all the time, and the only time we hear about it is when a politician wants to make a particular point.
dross1260

Don’t point Ellen to the DARPA site. They got the maths challenge.
turn_self_off

It was all fun and games until Sam brought a gun to the playground…
DIYer

Trouble is, they’re always gearing up to fight the previous war.

So they’ll be all goatse, when, you know, tubgirl is already soooo last decade. Our enemies will take one look and go “meh”.
Wabsnasm

Hilarious logo, by the way.