"Marcus J. Ranum" wrote:
> Imagine if somewhere between 10% and 20% of the "hacker sites" were
> actually owned and operated by netcops. ... Further, imagine that a significant but
> undetermined percentage of the "hackers" out there are actually netcops.
> ... More importantly again we have the targeting problem: there
> would still be plenty of hacking activity going on, but it'd now be an FFZ
> they'd be operating in, rather than a sheltering environment in which
> information can be easily exchanged.
I don't buy that this is feasible. Much of what the bad guys exchange is:
* vulnerability clues: lookit the buffer overflow in foo daemon
* sploits: software that exploits vulnerabilities. In principle you can trojan it, but in practice the sploits are all source code, and netcopz distributing such copwarez would get outed really fast.
I think it would turn into a really short-lived game of "spot the Fed". I very short order, the undercover netcopz would be well-known, and thus of little use.
I.e. the FFZ analogy does not apply :-)
Going a little deeper, the *reason* it does not apply is that you can only attack someone by sending them information if they have to trust the veracity of that information. If the recipient can indipendently verify that the info you sent was bogus, then not only
does the attack not work, but you get tagged as an enemy.
So in a nation-state warfare situation, mis-information works, because e.g. the Third Reich had a hard time verifying facts about internal ops in the UK. In the terrorist world, the bad guys can verify or debunk a lot of mis-information, so the tactic doesn't work
so well.
Crispin
--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Jan 04 2001
Intro
