Return-Path: <sentto-279987-1412-994791689-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 10 Jul 2001 12:02:08 -0700 (PDT) Received: (qmail 1051 invoked by uid 510); 10 Jul 2001 18:03:52 -0000 Received: from fh.egroups.com (208.50.144.71) by 204.181.12.215 with SMTP; 10 Jul 2001 18:03:52 -0000 X-eGroups-Return: sentto-279987-1412-994791689-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by fh.egroups.com with NNFMP; 10 Jul 2001 19:01:29 -0000 X-Sender: azb@llnl.gov X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 10 Jul 2001 19:01:28 -0000 Received: (qmail 28615 invoked from network); 10 Jul 2001 19:00:28 -0000 Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 10 Jul 2001 19:00:28 -0000 Received: from unknown (HELO smtp-1.llnl.gov) (128.115.250.81) by mta1 with SMTP; 10 Jul 2001 19:00:27 -0000 Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-1.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id MAA26968 for <iwar@yahoogroups.com>; Tue, 10 Jul 2001 12:00:25 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id MAA00218 for <iwar@yahoogroups.com>; Tue, 10 Jul 2001 12:00:26 -0700 (PDT) Message-Id: <4.3.2.7.2.20010710110018.00b254e0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 To: iwar@yahoogroups.com In-Reply-To: <9if996+j2r4@eGroups.com> References: <4.3.2.7.2.20010709155750.00b16d30@poptop.llnl.gov> From: Tony Bartoletti <azb@llnl.gov> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 10 Jul 2001 12:10:00 -0700 Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Re: Critical Mass to wage IW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit At 04:08 PM 7/10/01 +0000, you wrote: >>It is difficult to apply the term "war" to situations where guts are not >>spilling out everywhere. > >Agreed. > >>How strong the offensive, and how long the duration, does depend >>upon resources. And a nation-state will generally have a lot more >>resources. But ... > >Generally... But whit, intellectual capacity, and creativity does not >always correlate to large numbers. True. And intellect/creativity can be highly leveraged in the cyber arena, which was my motivation for the supposition that one could gain an N-factor increase in damage with only a log(N) factor of effort. >>The real point is that the force-difference is greatly reduced. In >>ordinary warfare, a nation with n-times more resources might be able to >>inflict n-times the damage over the long haul. With cyber-warfare, >>perhaps only a log(n) factor is required. > >As opposed to how many resources the attacker has, I suggest looking at >the fragility of the defender. The same resources apply a different force >factor, depending on the object of the attack. Agreed. I was simply holding the defender qualities constant to examine one side of the equation. >>Fifty ordinary "hackers" can produce some damage and a lot of noise. But >>a dedicated fifty "master criminals" with deep pockets and a degree of >>patient preparation may be able to produce damage many magnitudes greater >>than the fifty script-kiddies, no matter how sophisticated those scripts > >"Fifty." Interesting number. A long ways from a nation state that >is. This would be another interesting discussion. How do you measure >critical mass? People? If so, do you think fifty is enough/too much/just >right? My thought: Too many people involved and secrecy/stealth becomes a problem. In order to effect maximum damage, a group might want to spend several years in preparation. Perhaps 10 or 20 people would "infiltrate" key industries in order to identify the vulnerabilities and understand the processes that will be subject to manipulation. Meanwhile, another 20 are developing and secretly testing the "automatic attack" softwares that will be employed. As D-Day nears, another group begins setting up fake accounts, distributing key hardware (disposable laptops/modems, etc.) All of these systems are designed with redundancy and fallback contingency plans. At D-day minus one, many of these disposables subvert hundreds of "soft" systems, likely those of ordinary homeowners, in order to effect the desired force-multiplier. On D-Day, everyone involved has scattered to the winds, and a built-in countdown triggers the attack automatically. Ideally (from the attacker's viewpoint) this entire setup would be duplicated in completely compartmented form, with separate systems and targets. Thus, after the first attack has done its damage, they retain the ability to launch further attacks at a later date, basically by "remote control." >That leads me to ask the question: How good is our traceback >capability? I am familiar with academic papers on the subject of >traceback, but all of them require mechanisms that haven't been >implemented and/or a world view of the traffic. I am confident that this >problem is being solved (if it hasn't been solved already) by government >agencies. Is anybody at liberty to say "we can catch anybody at a >computer who engages a constant stream for more than 10 minutes" or >something of the sort (and be able to back it up:). I doubt that, especially if the traceback encounters multiple hops through subverted accounts in varied countries. But even under the optimistic view that such traceback (in 10 minutes) were possible, what good would it do? Under the scenario I have outlined, the attack would have already produced the desired damage, and the traceback would end up locating a laptop wired to a remote telephone pole. The laptop, having performed its mission, wipes out what little evidence it contained about the nature of the attack, and no information about the attackers should have been allowed on the triggering devices in the first place. We are talking about professionals here. For this reason, I tend to focus defensive measures on issues of prevention rather than reaction or even detection. Airbags are valuable, of course, but they are no substitute for brakes. ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:37 PDT