mailing list archives
From: Michael Thomas <mike () mtcc com>
Date: Sat, 15 Jun 2013 08:03:59 -0700
On 06/15/2013 05:13 AM, Rich Kulawiec wrote:
First: this is a fascinating discussion. Thank you.
On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
There will be indeed be _plenty_ of ways that a low bit rate channel
can do everything the right adversary needs.
A few bits for second is plenty of data rate for sending control
commands/rule changes to a router backdoor mechanism, stealing
passwords, or leaking cryptographic keys required to decrypt the VPN
data stream intercepted from elsewhere on the network, leaking
counters, snmp communities, or interface descriptions, or
criteria-selected forwarded data samples, etc....
I was actually thinking much slower: a few bits per *day*. Maybe slower yet.
(So what if it takes a month to transmit a single 15-character password?)
For people who think in terms of instant gratification, or perhaps,
in next-quarter terms, or perhaps, in next-year terms, that might be
unacceptabe. But for people who think in terms of next-decade or
beyond, it might suffice.
And if the goal is not "get the password for router 12345" but "get as
many as possible", then a scattered, random, slow approach might yield
the best results -- *because* it's scattered, random, and slow.
And all of us here by virtue of talking about it do not have a day job
which involves thinking all of this stuff up. A lot of the stuff the DoD
is willing to talk about is seriously brilliant, and that's just the public
Information really, really wants to be free. Getting access to poorly defended
routers is probably the easy part for them. Masking the payloads is something
that they get paid the big bux for in general, so it is seriously naive to think
they don't have dozens of tricks they employ on a daily basis. The only thing
we really have to counter their ingenuity, IMO, are laws and other layer 8
Mike, still wonders if this phenomenon is just a restatement of entropy