Re: [iwar] Critical Mass to wage IW

From: c.b r (fastflyer28@yahoo.com)
Date: 2001-07-06 18:28:40


Return-Path: <sentto-279987-1402-994469321-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 06 Jul 2001 18:30:08 -0700 (PDT)
Received: (qmail 28035 invoked by uid 510); 7 Jul 2001 00:31:06 -0000
Received: from n4.groups.yahoo.com (HELO hk.egroups.com) (216.115.96.54) by 204.181.12.215 with SMTP; 7 Jul 2001 00:31:06 -0000
X-eGroups-Return: sentto-279987-1402-994469321-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by hk.egroups.com with NNFMP; 07 Jul 2001 01:28:41 -0000
X-Sender: fastflyer28@yahoo.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 7 Jul 2001 01:28:40 -0000
Received: (qmail 21477 invoked from network); 7 Jul 2001 01:28:40 -0000
Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 7 Jul 2001 01:28:40 -0000
Received: from unknown (HELO web14503.mail.yahoo.com) (216.136.224.66) by mta1 with SMTP; 7 Jul 2001 01:28:40 -0000
Message-ID: <20010707012840.48911.qmail@web14503.mail.yahoo.com>
Received: from [12.78.117.183] by web14503.mail.yahoo.com via HTTP; Fri, 06 Jul 2001 18:28:40 PDT
To: iwar@yahoogroups.com
In-Reply-To: <3B4456D6.F883AE03@mitre.org>
From: "c.b r" <fastflyer28@yahoo.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 6 Jul 2001 18:28:40 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] Critical Mass to wage IW
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi Dan-
Assume that if it were cheap, or easy, or required few
people wil limited capibilities, then systems would be
taken down all of the time.  Remember onb thing- while
the party being attacked has fixed comst going into
the hardware, every time they were successfully
attacked, they would need to totally rewrite an
operating system.  That can cost Millions.  Stanford
got totally taken down in the spring for 1/2 a day. 
They just cant flip the " on" swotch back up and all
is well.  They had to completly replace their OS with
attention on security-and that is just one that made
the news.

call me tomorrow after 11am and I willl fill you in.
703-765-0756





--- Dan Ellis <ellisd@cs.ucsb.edu> wrote:
> 
> 	I have heard statements from many in the computer
> security and
> information warfare that waging information warfare
> requires the
> resources of a nation state.  Can anybody explain
> why a terrorist group,
> a single security professional, or a small group of
> "hobbyists" couldn't
> mount the resources necessary to wage information
> warfare?  Maybe I am
> alone in believing that a small, trained,
> coordinated group could pull
> off at least a significant offensive for a short
> period of time.
> 	What resources are needed in order to wage a
> significant offensive?  I
> suggest the following resources: 1)
> training/competency, 2) time, 3)
> computer software & hardware, 4) a connection to the
> internet.  
> 	Computer software and hardware are relatively
> inexpensive ($1k is more
> than enough).  
> 	An internet connection is likewise not an
> outlandish prerequisite.  
> 	Time may be a limiting factor: it requires time to
> build the tools
> necessary.  I suggest that underground tools, in
> their current state,
> could not easily be used by just one person to do a
> lot of damage.  I
> know some of you will want to jump on this argument.
>  But suffice it to
> say that time is necessary--for target planning and
> development of
> tools.  I suggest that with 2 hours a day, over the
> course of a year, a
> serious hobbyist could produce some very potent
> tools.
> 	The most limiting resource, I suggest, is training
> or competency.  It
> is true that the more one understands computers the
> more ways one can
> find to break them, but it doesn't take much
> knowledge before several
> different attacks become apparent.  Any person who
> has graduate from
> college with a bachelors in computer
> science/engineering, electrical
> engineering, information technology is well equiped
> with the
> prerequisite knowledge.  This is by no means an
> exhaustive list of
> potential candidates.  (Imagine what one person
> could do if he created a
> potent tool and was able to mobilize the standing
> army of script kiddies
> to use that tool.  Once an attacker learns how to
> replicate code into
> effective mobile agents, the script kiddies add
> nothing.)
> 	Are there other resources that are required that I
> am missing?  Are
> there resources whose prerequisite attributes I have
> inaccurately
> chatagerized?
> 
> ---------------------------
> Dan Ellis, Ph.D. student
> www.cs.ucsb.edu/~ellisd
> (703) 883-5807
> 
> 


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:36 PDT