Return-Path: <sentto-279987-1402-994469321-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 06 Jul 2001 18:30:08 -0700 (PDT) Received: (qmail 28035 invoked by uid 510); 7 Jul 2001 00:31:06 -0000 Received: from n4.groups.yahoo.com (HELO hk.egroups.com) (216.115.96.54) by 204.181.12.215 with SMTP; 7 Jul 2001 00:31:06 -0000 X-eGroups-Return: sentto-279987-1402-994469321-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by hk.egroups.com with NNFMP; 07 Jul 2001 01:28:41 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 7 Jul 2001 01:28:40 -0000 Received: (qmail 21477 invoked from network); 7 Jul 2001 01:28:40 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 7 Jul 2001 01:28:40 -0000 Received: from unknown (HELO web14503.mail.yahoo.com) (216.136.224.66) by mta1 with SMTP; 7 Jul 2001 01:28:40 -0000 Message-ID: <20010707012840.48911.qmail@web14503.mail.yahoo.com> Received: from [12.78.117.183] by web14503.mail.yahoo.com via HTTP; Fri, 06 Jul 2001 18:28:40 PDT To: iwar@yahoogroups.com In-Reply-To: <3B4456D6.F883AE03@mitre.org> From: "c.b r" <fastflyer28@yahoo.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 6 Jul 2001 18:28:40 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Critical Mass to wage IW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi Dan- Assume that if it were cheap, or easy, or required few people wil limited capibilities, then systems would be taken down all of the time. Remember onb thing- while the party being attacked has fixed comst going into the hardware, every time they were successfully attacked, they would need to totally rewrite an operating system. That can cost Millions. Stanford got totally taken down in the spring for 1/2 a day. They just cant flip the " on" swotch back up and all is well. They had to completly replace their OS with attention on security-and that is just one that made the news. call me tomorrow after 11am and I willl fill you in. 703-765-0756 --- Dan Ellis <ellisd@cs.ucsb.edu> wrote: > > I have heard statements from many in the computer > security and > information warfare that waging information warfare > requires the > resources of a nation state. Can anybody explain > why a terrorist group, > a single security professional, or a small group of > "hobbyists" couldn't > mount the resources necessary to wage information > warfare? Maybe I am > alone in believing that a small, trained, > coordinated group could pull > off at least a significant offensive for a short > period of time. > What resources are needed in order to wage a > significant offensive? I > suggest the following resources: 1) > training/competency, 2) time, 3) > computer software & hardware, 4) a connection to the > internet. > Computer software and hardware are relatively > inexpensive ($1k is more > than enough). > An internet connection is likewise not an > outlandish prerequisite. > Time may be a limiting factor: it requires time to > build the tools > necessary. I suggest that underground tools, in > their current state, > could not easily be used by just one person to do a > lot of damage. I > know some of you will want to jump on this argument. > But suffice it to > say that time is necessary--for target planning and > development of > tools. I suggest that with 2 hours a day, over the > course of a year, a > serious hobbyist could produce some very potent > tools. > The most limiting resource, I suggest, is training > or competency. It > is true that the more one understands computers the > more ways one can > find to break them, but it doesn't take much > knowledge before several > different attacks become apparent. Any person who > has graduate from > college with a bachelors in computer > science/engineering, electrical > engineering, information technology is well equiped > with the > prerequisite knowledge. This is by no means an > exhaustive list of > potential candidates. (Imagine what one person > could do if he created a > potent tool and was able to mobilize the standing > army of script kiddies > to use that tool. Once an attacker learns how to > replicate code into > effective mobile agents, the script kiddies add > nothing.) > Are there other resources that are required that I > am missing? Are > there resources whose prerequisite attributes I have > inaccurately > chatagerized? > > --------------------------- > Dan Ellis, Ph.D. student > www.cs.ucsb.edu/~ellisd > (703) 883-5807 > > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:36 PDT