Dave, It's worth noting that "offer" cyberweapons don't have to offer *true* information! There's a lot of focus on exfiltrating data, but infiltrating the right data has the potential to be incredibly powerful.
For a somewhat-but-not-entirely serious look, I found http://blog.dilbert.com/post/143378109231/cyberbombs-and-isis to be interesting. Dakota On Mon, Apr 25, 2016 at 7:29 AM dave aitel <[email protected]> wrote: > A key difference between the Immunity mindset on "Cyber Weapons" > <https://prezi.com/zayyak66yyia/what-is-a-cyber-weapon/>and the public > one is that we see the ability to *offer* information that cannot be > removed from the public Internet as an important, and perhaps the most > important type of cyber weapon. If you don't think an AC-130 hurling USB > keys full of videos and software into a city isn't a cyber weapon, then you > won't agree with our paradigm and you'll have to live with being wrong. :) > > [image: Basic Cyberweapon Theory.PNG] > Emin Gun Sirer has written two blogposts that should be must-reads by the > policy sect or anyone in the security business and this is one of them: > > <http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/> > http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/ > > TL;DR summary: "All the databases are going to be available to everyone." > Cyber intelligence has long depended on the gap between what people knew > was publicly available and what they could *access*. You know how > powerful even a PHONE BOOK DATABASE is when it's not publicly known to be > accessible? Try running an Alias for an intel officer who didn't actually > have an apartment in Istanbul when she said she did, and I can check in 20 > seconds with my stolen DB. This is true for the OPM database, all the > airline databases and of course the hospital databases. The same techniques > that Twitter uses to figure out what brand of soap to sell you can detect a > fake persona without breaking a digital sweat. > > Following from these self-evident facts, eventually every service that > uses aliases is going to transition to just having to timeslice from normal > people with normal jobs, which is going to require they haven't alienated > the entire technical community they rely on for access and influence. (In > case you wanted a link to the Comey-misteps-of-the-day). > > The obvious trendline is that the amount of data that makes a company run > is a constant. Mail spools just don't get big that fast, and the important > information in them gets bigger even slower. Remember when downloading a > movie was a big deal? Now you download 4 in between waking up and heading > to the airport onto your Kindle. > > In other words: The increase in available bandwidth has completely shifted > some equation and made "Offer" cyber weapons more important than they ever > otherwise could have been. You only need a tiny dwell time on the main mail > server of a company to end that company forever, and that dwell time is now > smaller than the target's "Indicators of Compromise" analysis speed. Or as > Microsoft's researcher Sasha would say: "You win automatically when your > exfil time is less than log aggregation and analysis periods." > > On a completely unrelated note, I'm headed to DC today to attend a conference > at Georgetown <https://msfs.georgetown.edu/CyberConference2016> on Cyber > Policy. I think part of what annoys everyone in the cyber policy world > about the State Dept. fucking up Wassenaar so much is that it has absorbed > all the bandwidth available for analysis for two whole years on an > important subject. The only silver lining is that by aligning the > opposition to their bone-headedness on the subject we may have congealed a > multi-cell predator out of the primordial soup. :) > > -dave > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
