Re: [iwar] when back alley fights really hurt

From: Fred Cohen (
Date: 2001-05-10 13:52:13

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 10 May 2001 13:54:08 -0700 (PDT)
Received: (qmail 1309 invoked by uid 510); 10 May 2001 19:55:02 -0000
Received: from ( by with SMTP; 10 May 2001 19:55:02 -0000
Received: from [] by with NNFMP; 10 May 2001 20:53:35 -0000
Received: (EGP: mail-7_1_2); 10 May 2001 20:53:34 -0000
Received: (qmail 56755 invoked from network); 10 May 2001 20:52:15 -0000
Received: from unknown ( by with QMQP; 10 May 2001 20:52:15 -0000
Received: from unknown (HELO ( by mta2 with SMTP; 10 May 2001 20:52:14 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id NAA13013 for; Thu, 10 May 2001 13:52:13 -0700
Message-Id: <>
In-Reply-To: <Pine.GSO.4.21.0105101002490.882-100000@kenny> from "Dan Ellis" at May 10, 2001 01:37:35 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Thu, 10 May 2001 13:52:13 -0700 (PDT)
Subject: Re: [iwar] when back alley fights really hurt
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Dan Ellis:

> 	We have all witnessed the pathetic reports of the nature of the
> 'cyber war' between Chinese Honkers and American teenagers.  (Aside: I am
> glad that it was a pathetic engagement.)  It seems that nothing happened
> that couldn't just be shrugged off as harmless but annoying.

Agreed.  It was a pretty pathetic engagement.

> What happens
> when these teenagers (or other uebercrackers) do something more than just
> deface webpages?  What I mean by 'more' is something substantial, like
> disrupt EMS, effectivly disrupt a power grid, or disrupt our economy
> through psyops, etc.  Although not necessarily sanctioned or launched by
> the PRC, would the US consider this a military offensive?

The question of what is an act of war in the information domain is an
interesting one and one I feel is worthy of discussion.

> Would they
> consider the PRC responsible for the engagement?  Is the PRC responsible
> to make sure that its citizens are not engaging in warfare operations?

If so, wouldn't the US be responsible for the acts of our citizens? I
think the US attackers are often pretty vicious and that the US attacker
community did more to attack, harrass, and infuriate the Chinese that
the Chinese ever did to the US - and the US attackers did it over a
period of years.  And I think it is irresponsible of the US to allow it
to continue to happen.

> If the US did deem such an attack a military offensive and if (a big if)
> the US could isolate the attacks as coming from the Honker Union or some
> other subset of Chinese nationalists (other than the Chinese military),
> does the US declare war against the Honkers, simply engage in information
> operations against the Honkers, or do they pull the PRC into the mix?

Or is it their choice either way? The Chinese may decide to engage or

> Is
> there some other alternative?  The US has, in the past, taken action
> against a government or regime (Saddam Hussein) but made it clear that we
> were not warring with 'the people of Iraq', just their leader.  Could the
> opposite be true?  Would the US ever declare war or initiate operations
> against a (subset of the) people but not the government of that people?

I think the issue comes down to the interpretation of governments about
the actions of other governments as opposed to their citizens.  That is
why it is so critical from an analytical standpoint to make the
distinction and ask and answer the question of whether the attackers
were acting uinder the direction, consent, or against the wishes of the
Chinese government.  If it is Chinese policy, it is an attack by the
government of China against the US.  If China simply allowed it, it is
similar to what the US allows against China.  Otherwise, these folks
would be in jail with body parts falling, so we can discount that

> 	It appears that escalation may be provided, not just by nation
> states (or their militaries), but by individuals from either nation, or,
> because of the lack of authentication over our communication media, some
> third party (eg, Taiwa--to beat the PRC with a big American stick).

Or perhaps it is all an intel operation designed to create public outcry
and move back toward the Cold War?

> 	Comments on any of the following are requested:  

> 1) Does a nation have the responsibility to keep its own in check?

To some extent they do - for example - by making it illegal and
following up against those who do it.  If they do not, then they will be
attributed as supporting or allowing it to take place.  The normal
process is a formal protect filed with the other government - followed
by escalation at risk of retribution.

> 2) How does a nation respond to a threat that is projected by a proper
> subset of another nation's population?  Is this just another case of
> terrorism?

As above.  Protest, retribution, escalation, and ultimately war if the
issue is that important or the conflict that unsettling.

> 3) How substantial does an attack (from somebody other than a nation
> state) need to be before it justifies/demands/etc. some sort of
> retaliation?

As strong as the other nation is willing to allow before starting down
the path of increased hostilities.  Conflict is a continuum.

Only my view...


> ------------------------------
> Dan Ellis, PhD student, UCSB
> Home: (805) 971-6183
> Work: (805) 893-4394
> Fax:  (805) 893-8553

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:12 PDT