Home page logo
/

securecoding logo Secure Coding mailing list archives

Re: [External] Chinese Hacking, Mandiant and Cyber War
From: Ali-Reza Anghaie <ali () packetknife com>
Date: Wed, 20 Feb 2013 13:10:55 -0500

It's "confused" intentionally - the money and control grab that can be
accomplished through "war" FAR exceeds anything that comes under the
context of espionage.

It's all about increasing the perception that a State-level response is the
only effective solution.

RE: Policy makers - the biggest problem I've had with convincing anybody in
those circles is they think attribution is equal when it comes to them. A
Maltego graph finding a bit of information on them and tying it to a
Facebook profile is absolutely convincing. No matter what else you say -
after such a demonstration by an "expert" - they resolutely believe that
all other attributions are just that exacting.

The route I've been taking lately is trying to explain to people how
~little~ a State-funded attacker matters to them. Geopolitical attribution
doesn't even matter until you get thousands of other sheep herded. Until
then all the China-China-China is a distraction from much more baseline and
broad issues in InfoSec.

-Ali



On Wed, Feb 20, 2013 at 10:47 AM, Goertzel, Karen [USA] <
goertzel_karen () bah com> wrote:

I agree - and grow increasingly frustrated with those who insist on
confusing "cyber war" with "cyber espionage" (and vice versa). But I've
found it's quite easy to get them to understand the difference by simply
asking them to drop the prefix "cyber" from each. Cyber war is simply war
fought on an electronic battlefield with digital weapons. The general
objectives are the same as physical warfare: disable/destroy the
adversary's capabilities.

In cyber espionage, by contrast, the objective is to obtain information
that is held secret by the adversary. This said, espionage is never an end
in itself - information must be used for something to have any value. Thus
the (possible) source of confusion (other than that pesky "cyber" tag): one
may undertake cyber espionage in aid of cyber war - just as one sends out
spies to learn secrets to give one's side a strategic advantage in warfare
(or soldiers to do reconnaissance before battle - which is a form of
tactical espionage).

The problem is that the origin of the cyber attacks involved may be the
same, and the timing of the cyber attacks may be (near) simultaneous, so
that in the heat of the moment, one might be forgiven for misconstruing as
"cyber war" what is in fact "cyber espionage in aid of cyber war". But as
the objectives of the two are quite different, the attack patterns are also
very likely to be different. So there is no excuse for anyone with more
than the most superficial level of understanding of "things cyber" to
confuse one with the other.

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"If you're not failing every now and again,
it's a sign you're not doing anything very innovative."
- Woody Allen

________________________________________
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on
behalf of Gary McGraw [gem () cigital com]
Sent: 20 February 2013 09:34
To: Secure Code Mailing List
Cc: Bruce Schneier; Ross Anderson
Subject: [External]  [SC-L] Chinese Hacking, Mandiant and Cyber War

hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant
report that pervades the news this week.  I believe it is important to
understand the difference between cyber espionage and cyber war.  Because
espionage unfolds over months or years in realtime, we can triangulate the
origin of an exfiltration attack with some certainty.  During the fog of a
real cyber war attack, which is more likely to happen in milliseconds,  the
kind of forensic work that Mandiant did would not be possible.  (In fact,
we might just well be "Gandalfed" and pin the attack on the wrong enemy as
explained here:
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
.)

Sadly, policymakers seem to think we have completely solved the
attribution problem.  We have not.  This article published in Computerworld
does an adequate job of stating my position:
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can
help educate policymakers and others so that we don't end up pursuing the
folly of active defense.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault