US Matrix-style cyberwar firing range goes to Phase II

Duplicate internet for gov war-malware trials


US plans to develop a virtual network world - to be populated by mirror computers and inhabited by myriad software sim-people "replicants", and used as a firing range in which to develop the art of cyber warfare - have moved ahead.

The so-called "National Cyber Range" project will now move forward to Phase II, and a brace of hefty contracts for this were inked yesterday. US killware goliath Lockheed scoops $30.8m and another $24.8m goes to the Johns Hopkins University Applied Physics Laboratory.

According to Pentagon officials in charge of the Cyber Range programme, Lockheed and Johns Hopkins boffins will "build on the preliminary design created in Phase I, culminating in the completion of a working prototype that demonstrates the capabilities of the National Cyber Range (NCR)... it is anticipated that the NCR will enable a revolution in the Nation's ability to conduct cyber operations".

Previously it has been specified that the Range is to be able to simulate a cyber world on the same scale as the entire internet or the US military Global Information Grid. The Range's unprecedented tech is to be able to create simulated computers, nodes and other network entities of any type - if necessary duplicating a never-before-seen piece of kit "rapidly".

Even more resemblance to a Matrix-esque artificial world is to be achieved with the provision in the Range of "replicants" representing human users, sysadmins and so forth, who will show fear and stress just as real humans do - reacting and changing their behaviour as the frightful code pestilences, mutating malware plagues and other cybergeddon phenomena to be tested in the Range sweep through their universe.

Among the hapless replicant bystanders will move the very cream of America's combat geeks, armed with "technology thrusts [and] classified cyber programs". Against them will manoeuvre the shadowy OpFor (or Opposing Forces) similarly packing weapons-grade, "nation state quality" warez of the most potent sort.

The Range project is at present under the aegis of DARPA, as one might expect: the maverick Pentagon tech bureau is really the only one you'd expect to be in charge of a project to create an entire accurately duplicated internet and simulated IT-using human race purely for the purposes of unleashing cybergeddon upon it.

However if the kit moves forward in the way it is expected to, one might expect the new wave of US military cyber forces to spend much time testing their weapons and polishing their skills within the Range. Security operatives of the 688th Information Operations Wing, for instance, might earn their wings sparring there with the crack hackers of the offensively-oriented 67th Network Warfare Wing in exercises before going out into the real internet to do battle against America's unseen online adversaries.

Blighty, for its part, is to get a cyber range of its own near Portsmouth courtesy of BT and US defence firm Northrop Grumman. ®


Other stories you might like

  • Emotet malware gang re-emerges with Chrome-based credit card heistware
    Crimeware groups are re-inventing themselves

    The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.

    Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the malware will send it to command-and-control (C2) servers that are different than the one that the card stealer module uses, according to researchers with cybersecurity vendor Proofpoint's Threat Insight team.

    The new card information module is the latest illustration of Emotet's Lazarus-like return. It's been more than a year since Europol and law enforcement from countries including the United States, the UK and Ukraine tore down the Emotet actors' infrastructure in January 2021 and – they hoped – put the malware threat to rest.

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • Symbiote Linux malware spotted – and infections are 'very hard to detect'
    Performing live forensics on hijacked machine may not turn anything up, warn researchers

    Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

    Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

    The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

    Continue reading

Biting the hand that feeds IT © 1998–2022