[iwar] [fc:Terrorism.and.the.Tactics.of.Network.Destruction]

From: Fred Cohen (fc@all.net)
Date: 2001-10-08 10:57:47
Next message: Fred Cohen: "[iwar] [fc:Internet.proves.easy.way.for.terrorists.to.communicate]"
Previous message: Fred Cohen: "[iwar] [fc:A.Secret.Language.Hijackers.May.Have.Used.Secret.Internet.Messaging.Technique]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110081757.KAA13128@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 8 Oct 2001 10:57:47 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Terrorism.and.the.Tactics.of.Network.Destruction]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Terrorism and the Tactics of Network Destruction
 E Praire.com, 10/8/2001
<a href="http://eprairie.com/analysis/viewanalysis.asp?newsletterID=3010">http://eprairie.com/analysis/viewanalysis.asp?newsletterID=3010>

CHICAGO - Open source and complexity theory hold the strategic keys to
managing risk in this age of terrorism, writes Eric Norlin of the
Denver-based Titanic Deckchair Rearrangement Corporation. 

Let's explore a simple analogy... 

The terrorist organization is a network a loosely affiliated group of
nodes that exhibit emergent properties as they form for a task and then
disband.  Their organization fits within the standard model of modern
complexity theory: nodes of prominence emerge naturally as the forces of
co-evolutionary development (namely, natural selection and auto
catalysis) battle it out. 

That is to say that terrorists are, in a sense, born and not made (and
no, I don't mean that as some slight on Arabs, Muslims or Islamic
culture). 

The Internet is also a loosely affiliated group of nodes that exhibit
emergent properties.  In fact, if the structure of the two were lined up
side by side, they would be nearly indistinguishable.  As such, that
which seriously damages the Internet could, from a tactical standpoint,
teach us valuable lessons about damaging the terrorist network. 

The Nimda virus hurt the Internet more than any major corporation is
willing to acknowledge, but make no mistake about it this sucker
seriously impeded performance and leaves certain systems still cleaning
up.  In other words, a virus at least temporarily, brought a large
portion of the Internet to a crawl.  This should be our first clue. 

Terrorist networks are distributed intelligence.  Thus, they do not
respond to the attacks of a command and control architecture i.e., tank
battalions are pretty senseless.  Hacks against computer networks, on
the other hand, provide a useful outline for harm:

1) Take down a few key hubs. 

OK, so Nimda didn't actually do this in theory, but in practice it might
as well have.  In a terrorist network, this will mean the physical
destruction of known camps, training centers and monetary sources (and a
few key humans, if possible). 

2) Begin a denial of service attack. 

Nimda, at its core, did this on an individual node basis as it occupied
servers everywhere with its incessant spreading.  Translating this to
terrorism means a little creativity, as a denial of service attack is
essentially a request for information. 

I would think the analogy in the terrorist lexicon is something similar
to gathering intelligence at such a rapid rate that they become alerted
to your closing presence on a daily and repeated basis.  This forces the
network to constantly attempt to reorganize its connections to maintain
viability. 

3) Don't stop. 

This is where the Internet analogy crosses over to complexity theory. 
The lifecycle of a complex system (be it terrorist network, ecosystem or
Internet) runs as follows:

Initial conditions build to a point wherein auto-catalysis
(self-organization) occurs among the existing interactive elements.  The
auto-catalysis leads to a organizational network of prominence, wherein
certain nodes gain levels of importance over other nodes.  The key here,
though, is the process the value and viability of the system lies in its
ability to interact node-to-node.  That is to say that information is
generated in the process between nodes, and it is at that point that the
co-evolutionary drives kick in. 

(Note: We see this in the terrorist networks in the loose actions that
ripple across cells that do not actually know each other.  The operation
only becomes viable as the nodes process interactions with each other.)

The system, once organized, will evolve so as to encourage maximum
levels of diversity.  Essentially this means that the system will
naturally push itself to the now-famous "edge of chaos" as it seeks to
remain viable.  Systems living on this edge achieve maximum productivity
(viability), but they also become increasingly vulnerable to
catastrophic, exogenous events that push them into a reorganizational
state equivalent to extinction.  Alternatively, systems that do not
reach this edge become rigid in their responses to information.  This
brings their extinction rate to 100 percent. 

The extremely dynamic nature of the terrorist network implies that it
lives on the edge of chaos a network whose very viability depends upon
its ability to rapidly respond to incoming information.  Thus, the
network is vulnerable to repeated deluges of assault not so much in the
physical sense as in the intelligence sense. 

By forcing the network to adjust to ever-tightening circles of
intelligence, you're asking it to respond ever more rapidly to
information requests effectively setting up a denial of service attack. 
Insistent, aggressive intelligence forces the network to expend its
energy reorganizing and ensuring survival vs.  pursuing its stated
purpose for existence.  This will push the network over the edge of
chaos and into a state of disarray.  Whether it is able to reorganize is
anybody's guess. 

So you see, the terrorist network can be effectively fought and it would
appear that Powell et al.  have some clue as to how to go about it. 

For business, this means that distributed approaches to organization are
now doubly important and while I hate to say we can learn something from
the open source movement (if only because Eric Raymond wrote the single
most asinine piece of the decade in response to the terrorist strike)
well, it's true. 

Open source and complexity theory hold the strategic keys to managing
risk in this age of terrorism. 

For those that are wondering, yes, I'm available for strategic and
tactical consulting in this area.  What makes me qualified, you ask?
Four years working with the NSA doing (stuff) that I'll never tell you
about.  Call me if you need help (and you know you do). 


--------------------------------------------------------------------

Eric Norlin is a defense analyst and CEO of the Denver-based Titanic
Deckchair Rearrangement Corporation.  He can be reached at <a
href="mailto:enor-@uswest.net?Subject=Re:%20(ai)%20Terrorism%20and%20the%20Tactics%20of%20Network%20Destruction%2526In-Reply-To=%2526lt;200110081436.f98EaNs09213@smtpsrv2.mitre.org">enor-@uswest.net</a>

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Internet.proves.easy.way.for.terrorists.to.communicate]"
Previous message: Fred Cohen: "[iwar] [fc:A.Secret.Language.Hijackers.May.Have.Used.Secret.Internet.Messaging.Technique]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST