Re: [iwar] Re: Interests

From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Mon, 21 Aug 2000 05:41:38 -0700 (PDT)
Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: James Crooks To: "[iwar] Re: Pakistanis hit US Navy..."
Previous message: From: Mohammad Ozair Rasheed To: "[iwar] Re: Interests"
fc  Mon Aug 21 05:43:14 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Mon, 21 Aug 2000 05:43:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Mon Aug 21 12:43:08 2000)
X-From_: sentto-279987-491-966861701-fc=all.net@returns.onelist.com  Mon Aug 21 07:42:06 2000
Received: from c9.egroups.com (c9.egroups.com [208.50.99.230]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id HAA10345 for ; Mon, 21 Aug 2000 07:42:06 -0500
X-eGroups-Return: sentto-279987-491-966861701-fc=all.net@returns.onelist.com
Received: from [10.1.10.35] by c9.egroups.com with NNFMP; 21 Aug 2000 12:41:41 -0000
Received: (qmail 16809 invoked from network); 21 Aug 2000 12:41:40 -0000
Received: from unknown (10.1.10.142) by m1.onelist.org with QMQP; 21 Aug 2000 12:41:40 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 21 Aug 2000 12:41:39 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA24817 for iwar@egroups.com; Mon, 21 Aug 2000 05:41:38 -0700
Message-Id: <200008211241.FAA24817@all.net>
To: iwar@egroups.com
In-Reply-To: <8nqm35+8tlf@eGroups.com> from "Mohammad Ozair Rasheed" at Aug 21, 2000 07:35:01 AM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, 21 Aug 2000 05:41:38 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: Re: [iwar] Re: Interests
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Mohammad Ozair Rasheed:

> Fair answer and a fair question,

Just the attitude I hoped you would take.
...

> However, were these attacks sustained, coordinated and directed 
> towards a specific target (either commercial or governmental) they 
> would assume the proportions of a warfare. 

You appear to think that warfare has to do primarily with intensity,
continuity, and target sets.  So if I choose to throw a hand grenade
once a week at a random target it cannot be called warfare, but if I
throw one every 15 seconds at the same company, it can be caled warfare?

It's not a bad notion and it goes along - to some extent - with a common
chart that uses 'intensity' to differentiate between warfare and other
sorts of conflict.  It also agrees with Schwartau's notion that
information warfare can be individual, corporate, or military.

I am interested in the development of weapons, the development of
skills, and other precursers of capabilities related to high intensity
conflict because of their potential for use in high intensity conflict. 
That is one of the reasons I post so many articles related to low-level
incidents.  I also post a lot of articles related to governments and
their dealings with information technology because I believe that the
interaction between governments and people are one of the root causes of
developing conflicts.  As freedoms are restricted, civil disobedience
and other higher intensity things develop.  As the governments of the
world exploit the 'big brother' potentials of information technology and
attempt to control more and more of the perceptions and behaviors of
their citizens, the potential for high intensity conflict increases.  I
am even more anxious to post events where these things mix - for example
the intersection between attack technology and governments - when a
government web site is defaced or private citizen records are taken -
this is closer to IW in my view.  When governments go at each other or
political issues are involved it becomes even more interesting to me
because it is more clearly a conflict directed toward political ends. 
Something like 'politics is war through other means' - or is it the
other way. 

...
> There are several means of information warfare namely, TV, magazines 
> (even as harmless as National Geographics), radio, books and the WEB. 
> But the "Web" is perhaps the medium with most far reaching and 
> damaging consequences due to the low cost associated with it's use 
> and that it spans political and geographical boundaries with ease.

I agree - perception management is clearly in the realm of IW in my
view.  I guess I prefer the term information operations (IO) for this
form of exploitaiton.  But I also think that there is a 'legitimate'
level of 'propaganda'.  In essence, to restrict perception management is
to restrict freedom of expression - something I am most assuredly
opposed to.  And yet I think there are limits to what people should be
allowed to push out.  Screaming 'fire' in a crowded building - inciting
others to riot - are over the line - but in the cyber domain.  One of
the reasons I favor attribution is that if we can tie the statement to
the individual, we are able to respond to pure propaganda in a more
meaningful manner - it also prevents abuses of the freedom of speech
such as its use to slandar others.

> Futhermore, as of today Internet serves merely a promotional/ 
> distribution channel for most businesses, disruption of which, if is 
> a lifeline, can severly impact the profitability of any company. If 
> the companies were to evolve further and integrate "WEB" as part of 
> their organization processes then the impact of these events can 
> prove to be even more detrimental. This brings two important question 
> to mind. One. Are the businesses aware of the degree of impact while 
> considering integrating "WEB" in their processes and Two. What steps 
> can they take (or have taken) to keep their lifeline open at all 
> times.

This, to me, is not of interest.  I could not care less about how
corporations fail to protect themselves - except of course for my
coproate clients.  I do, however, care how they protect or fail to
protect me.
...

> Looking at the events on the commercial frontier we see incidents 
> which range from hacking websites to cybersquatting to virus 
> deployment. I would like to know if there is any impact on the 
> Organizational processes, personnel, procedures and job descriptions 
> due to occurrence of these events. May be at some point in time these 
> sporadic events may become so frequent that organizations may have to 
> define new job descriptions for people who are specialists in 
> combating this menace.

Most US corporations of substantial size have people at the director
level of higher whose sole responsibility is information protection.

> There may be other forms of information warfare which can be termed 
> as nuiscance e.g. the ever going chain letter about microsoft 
> tracking the mail, a dying boy wanting his e-mail to travel to all 
> corners of the globe, ericsson giving a mobile phone to every 
> individal who forwards a mail to at least 10 people (with a copy to 
> someperson@ericsson.com), KFC using Genetically Bred Chickens instead 
> of real chickes in their food. Incidents like these pander to the 
> human sentiments and are a mere nuisance but incurr costs interms of 
> bandwidth and time and may become real. 

They sound like precursors of the techniques we may see in large-scale
military information operations.

FC

---------------------------------------------------------------------

------------------
http://all.net/
Next message: From: James Crooks To: "[iwar] Re: Pakistanis hit US Navy..."
Previous message: From: Mohammad Ozair Rasheed To: "[iwar] Re: Interests"