Return-Path: <sentto-279987-1652-998940633-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 27 Aug 2001 12:32:09 -0700 (PDT) Received: (qmail 24631 invoked by uid 510); 27 Aug 2001 19:30:39 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 27 Aug 2001 19:30:39 -0000 X-eGroups-Return: sentto-279987-1652-998940633-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by ej.egroups.com with NNFMP; 27 Aug 2001 19:30:33 -0000 X-Sender: ellisd@cs.ucsb.edu X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 27 Aug 2001 19:30:33 -0000 Received: (qmail 7790 invoked from network); 27 Aug 2001 19:11:20 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 27 Aug 2001 19:11:20 -0000 Received: from unknown (HELO n2.groups.yahoo.com) (10.1.10.41) by mta1 with SMTP; 27 Aug 2001 19:11:20 -0000 X-eGroups-Return: ellisd@cs.ucsb.edu Received: from [10.1.10.69] by hi.egroups.com with NNFMP; 27 Aug 2001 19:11:19 -0000 To: iwar@yahoogroups.com Message-ID: <9me60j+r9pm@eGroups.com> In-Reply-To: <200108271609.JAA05665@big.all.net> User-Agent: eGroups-EW/0.82 X-Mailer: eGroups Message Poster X-Originating-IP: 128.29.4.1 From: ellisd@cs.ucsb.edu Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 27 Aug 2001 19:11:15 -0000 Reply-To: iwar@yahoogroups.com Subject: [iwar] Re: Why 'conventional' terrorist groups Not utilizing Cyber Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit --- In iwar@y..., Fred Cohen <fc@a...> wrote: [snip] > > Non sequitor. Does an increase in complexity lead to higher costs, an > > increase in attribution, or likely of failure? > > All of the above. > > > Higher costs are likely to be bounded by the amount of human effort > > required, which is a very low-order function. > > Not for complex attacks. Adding bodies follows the law of diminishing returns (Brooks, The Mythical Manmonth). People may be needed to gather initial data, but analyzing the attack is not something that takes hundreds or even dozens of people. > > > Attribution is only more likely as the heinousness of the attack > > grows. The more heinous, the more man power will be thrown at it > > from the victim to discern who to blame. However, even here, the > > law of diminishing returns plays a significant role. There is a tight > > asymptotic upper bound for attribution given conventional methods of > > traceback. > > The more complex, the larger the infrastructure in support of it, thus > the larger the footprint. Most terrorist acts involve a very small > number of individual actors - part of their operations security. Given the fact that an attack is sinister, is it necessarily complex? I would suggest no. It may exploit complexities. It may require a great deal of understanding and domain knowledge, but the attack itself may be relatively simple. Just because a diamond cutter has a high degree of domain knowledge and the diamond itself is a complex structure does not mean that the hammer and pick need to also be complex. (Maybe this is a bad analogy, and if you think so, I am sure you will let me know.:) > > > Several to many orders of magnitude more expensive for a strong IW > > > attack than a pipe bomb. > > > How did either of us come to our conclusion? > > Like I said, I have studied this in some depth over an extended period > of time using specific examples. How did you come to your conclusions? I admit that my historical experience is limited. I just thought about what damage I personally could do and how I would do it. Although neither approach is complete, which would you put more confidence in? An incomplete analysis of what is possible based on historical survey or a creative approach that simply attempts to answer the question "what is possible?"? I am guessing you would prefer the latter. In any case, do you agree that our differences come down to the nature of IW attacks? I suggest that complexity is always a part of the setup but not always an attribute of the attack itself. Am I correct to assume that you think complexity is always a part of the attack itself? cheers, Dan ------------------------ Yahoo! Groups Sponsor ---------------------~--> The Nissan Sentra Everything but compact http://NissanDriven.com http://us.click.yahoo.com/3vsIKC/txlCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT