Home page logo
/

dailydave logo Dailydave mailing list archives

Re: The underlying structure is foamy
From: Moses Hernandez <moses () moses io>
Date: Thu, 23 May 2013 18:20:14 -0400

Cyberwar. I am not sure that it conjures the right picture on my head
because there would be a dark skies and a dystopian society with only Mel
Gibson, Harrison Ford, and just for the heck of it Patrick Swayze from Road
House. Do I believe that people are going to replace their fleet with
something else? Yes. A scramjet based one. Nothing says dystopia like a
scramjet drone army.

I think this new notion that large companies are pushing, the one I work
for included, of the Internet of Everything dilutes some of these point a
bit. I can agree that we are building some new 'navies' for a portion of
the internet. I don't think that its that analogous for the system as a
whole. What we are building, I don't think humans have ever been seen
before.

To start cyber enhances kinetic warfare, today nuclear, tomorrow whatever.
More importantly, some of us have become weapons makers with or without
wanting it to be that way. I am not sure if 'Cyber war is still the
appropriate word'. The history of war shows us, those with the best
technology generally wins. Not always, but mostly. I think
guerrilla insurgents are supposed to teach us something about that. I am
not sure I can't pay attention long enough.

I think cyber is a bit of a leveling field for countries to some extent,
while it could be an effective tool, its not going to be the only piece
that matters. Your analogy to financials is one thing, having a campaign
that tears down all financials would be bad. We have however heard of some
countries being able to do manipulations of currency to subvert governments
that are much more effective that just a simple 'crash'. In our case, the
varying levels of cyber and how they are used would be the
more interesting implication. Something as advanced as stuxnet being
created in the mid to early 2000's for instance, while South Korea gets hit
with the equivalent of 'rm -rf'.

A point about physical and virtual gateways. A few years from now there be
Machine to Machine communication in order to attempt to take the 'fallacy'
of humans out of the equation. I just heard the CEO of Ford speaking about
cars talking to other cars. It would be 'better' if my car could talk to
other cars on the road to understand how to move along the city. If my car
could talk to the city then it could understand weather the road was wet
and so-on. If an attacker took control of my that car and drove it into
other cars, that would not be fun. Maybe it would be depending on your
personality. If the internet is backbone of that neural network then those
that are 'policing' that portion of it wouldn't be called a navy. I am not
sure what we call this 'thing' at that point. What I can tell you is a few
things:

- Society needs order so that people can live a normal life and so that it
can sustain itself, no self crashing cars. In the same sense that if we had
so much credit card theft electronically the system would not work
and would need to be shut down.

- Those that build these machines will be forced to build them safer,
because no one will get into a self driving car when the roads are not safe
to drive. No one will fly Pan-Am because their planes crash. This is partly
why Pan-Am no longer exists.

- Maybe our governments are not fully prepared to face a world without
borders that the internet provides. If we attempt in our minds
to separate cyber and physical, there is no real country in cyber its all
one country with many places to visit.

Moses
www.moses.io

road house


On Thu, May 23, 2013 at 4:49 PM, Dave Aitel <dave () immunityinc com> wrote:

So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
Halvar's general tenets that the easiest analogy to what is happening in
the cyber space is the creation of a new Navy (or set of Navy's). But he
refuses to argue with it when it's not words on paper. So I figured I'd
put down some words on paper.

The first and most basic premise is that the Internet has replaced the
oceans as the global Commons. While it's true if you're moving mercury
or steel or plastic rubber duckies from China to somewhere not-China,
and while it's also true that the very wires that are the Internet are
sitting across Ocean floors, deep down Commerce now largely moves over
the Internet.

I don't know if that's the part Ben disagrees with. I think the part he
disagrees with is that by moving bits around, you can effect him in Real
Life. Which brings us to the second part:

I believe that you can cause dramatic nation-state effecting things over
the Internet. I also believe you can do small things if you want. There
are graduated Booms available if you have true information dominance.
Ben lives in a house that has power only a minority of the hours of the
day, so it's hard sometimes to imagine how you would effect him
personally. But he also flies around in metal tubes running
lowest-bidder real time operating systems hooked up to the network
(occasionally, at least). Modern planes can only fly if a quorum if the
cyber attackers on their systems vote to let them fly.

I look at these physical<-->cyber connections as simple gateways, but I
find that if you go around postulating more ways to do this stuff in
public, people consider you a huge douchebag.

Basically Dvorak and Ben are "not scared". Which is fine. But the people
who really make these decisions in most nation-states ARE scared. And on
one end, that's all that you need for working Deterrence, which is the
next argument.

In other words - I believe that cyber can replace nuclear (and has, to
some extent already) as a military deterrent. If Iran turned around
tomorrow and said "Stop the financial blockade or every wall street firm
goes away forever" then what's the US response? I hope we know, because
that very well is the next step. "We don't believe you" is not the
probable reaction, I'm guessing.

How about this one? "We're going to take a random ship and fill its
ballast tanks completely with water in the next storm". How's that Navy
looking now? At a lot of code assessments and not a lot of sailing
around the world enforcing trade embargoes, I'm afraid.

And if you can replace ANYTHING as a deterrent, then you might as well
replace our aging, expensive, and dangerous fleet of ballistic
submarines. Each of which is TWO BILLION DOLLARS. That's almost real money.

So that's the basic setup for the thesis, all of which annoys @RantyBen
AS PROMISED.

In case you're curious where all this comes from (other than phone calls
with Halvar), I've been working in my copious spare time on a Doctrine
for Cyberwar, which is essentially just game theory as applied to the
realities of what we do as hackers. This results in the three talks I've
given over the past year:


https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies
http://www.youtube.com/watch?v=vBQET68HHSg (Amateur hour on the Internet
aka what is and what is not a cyberweapon)
http://www.youtube.com/watch?v=X2M9nmqP6n0 (Everything Buffy the Vampire
Slayer Taught me about Cyberwar)

-dave
(Ben, you're up.)
(Also, for those of you who haven't noticed yet, there's a special ad in
Immunity Debugger right now that links you to a special video. :>)


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault