[Dailydave] The underlying structure is foamy

Moses Hernandez moses at moses.io
Thu May 23 18:20:14 EDT 2013


Cyberwar. I am not sure that it conjures the right picture on my head
because there would be a dark skies and a dystopian society with only Mel
Gibson, Harrison Ford, and just for the heck of it Patrick Swayze from Road
House. Do I believe that people are going to replace their fleet with
something else? Yes. A scramjet based one. Nothing says dystopia like a
scramjet drone army.

I think this new notion that large companies are pushing, the one I work
for included, of the Internet of Everything dilutes some of these point a
bit. I can agree that we are building some new 'navies' for a portion of
the internet. I don't think that its that analogous for the system as a
whole. What we are building, I don't think humans have ever been seen
before.

To start cyber enhances kinetic warfare, today nuclear, tomorrow whatever.
More importantly, some of us have become weapons makers with or without
wanting it to be that way. I am not sure if 'Cyber war is still the
appropriate word'. The history of war shows us, those with the best
technology generally wins. Not always, but mostly. I think
guerrilla insurgents are supposed to teach us something about that. I am
not sure I can't pay attention long enough.

I think cyber is a bit of a leveling field for countries to some extent,
while it could be an effective tool, its not going to be the only piece
that matters. Your analogy to financials is one thing, having a campaign
that tears down all financials would be bad. We have however heard of some
countries being able to do manipulations of currency to subvert governments
that are much more effective that just a simple 'crash'. In our case, the
varying levels of cyber and how they are used would be the
more interesting implication. Something as advanced as stuxnet being
created in the mid to early 2000's for instance, while South Korea gets hit
with the equivalent of 'rm -rf'.

A point about physical and virtual gateways. A few years from now there be
Machine to Machine communication in order to attempt to take the 'fallacy'
of humans out of the equation. I just heard the CEO of Ford speaking about
cars talking to other cars. It would be 'better' if my car could talk to
other cars on the road to understand how to move along the city. If my car
could talk to the city then it could understand weather the road was wet
and so-on. If an attacker took control of my that car and drove it into
other cars, that would not be fun. Maybe it would be depending on your
personality. If the internet is backbone of that neural network then those
that are 'policing' that portion of it wouldn't be called a navy. I am not
sure what we call this 'thing' at that point. What I can tell you is a few
things:

- Society needs order so that people can live a normal life and so that it
can sustain itself, no self crashing cars. In the same sense that if we had
so much credit card theft electronically the system would not work
and would need to be shut down.

- Those that build these machines will be forced to build them safer,
because no one will get into a self driving car when the roads are not safe
to drive. No one will fly Pan-Am because their planes crash. This is partly
why Pan-Am no longer exists.

- Maybe our governments are not fully prepared to face a world without
borders that the internet provides. If we attempt in our minds
to separate cyber and physical, there is no real country in cyber its all
one country with many places to visit.

Moses
www.moses.io

road house


On Thu, May 23, 2013 at 4:49 PM, Dave Aitel <dave at immunityinc.com> wrote:

> So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
> Halvar's general tenets that the easiest analogy to what is happening in
> the cyber space is the creation of a new Navy (or set of Navy's). But he
> refuses to argue with it when it's not words on paper. So I figured I'd
> put down some words on paper.
>
> The first and most basic premise is that the Internet has replaced the
> oceans as the global Commons. While it's true if you're moving mercury
> or steel or plastic rubber duckies from China to somewhere not-China,
> and while it's also true that the very wires that are the Internet are
> sitting across Ocean floors, deep down Commerce now largely moves over
> the Internet.
>
> I don't know if that's the part Ben disagrees with. I think the part he
> disagrees with is that by moving bits around, you can effect him in Real
> Life. Which brings us to the second part:
>
> I believe that you can cause dramatic nation-state effecting things over
> the Internet. I also believe you can do small things if you want. There
> are graduated Booms available if you have true information dominance.
> Ben lives in a house that has power only a minority of the hours of the
> day, so it's hard sometimes to imagine how you would effect him
> personally. But he also flies around in metal tubes running
> lowest-bidder real time operating systems hooked up to the network
> (occasionally, at least). Modern planes can only fly if a quorum if the
> cyber attackers on their systems vote to let them fly.
>
> I look at these physical<-->cyber connections as simple gateways, but I
> find that if you go around postulating more ways to do this stuff in
> public, people consider you a huge douchebag.
>
> Basically Dvorak and Ben are "not scared". Which is fine. But the people
> who really make these decisions in most nation-states ARE scared. And on
> one end, that's all that you need for working Deterrence, which is the
> next argument.
>
> In other words - I believe that cyber can replace nuclear (and has, to
> some extent already) as a military deterrent. If Iran turned around
> tomorrow and said "Stop the financial blockade or every wall street firm
> goes away forever" then what's the US response? I hope we know, because
> that very well is the next step. "We don't believe you" is not the
> probable reaction, I'm guessing.
>
> How about this one? "We're going to take a random ship and fill its
> ballast tanks completely with water in the next storm". How's that Navy
> looking now? At a lot of code assessments and not a lot of sailing
> around the world enforcing trade embargoes, I'm afraid.
>
> And if you can replace ANYTHING as a deterrent, then you might as well
> replace our aging, expensive, and dangerous fleet of ballistic
> submarines. Each of which is TWO BILLION DOLLARS. That's almost real money.
>
> So that's the basic setup for the thesis, all of which annoys @RantyBen
> AS PROMISED.
>
> In case you're curious where all this comes from (other than phone calls
> with Halvar), I've been working in my copious spare time on a Doctrine
> for Cyberwar, which is essentially just game theory as applied to the
> realities of what we do as hackers. This results in the three talks I've
> given over the past year:
>
>
> https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies
> http://www.youtube.com/watch?v=vBQET68HHSg (Amateur hour on the Internet
> aka what is and what is not a cyberweapon)
> http://www.youtube.com/watch?v=X2M9nmqP6n0 (Everything Buffy the Vampire
> Slayer Taught me about Cyberwar)
>
> -dave
> (Ben, you're up.)
> (Also, for those of you who haven't noticed yet, there's a special ad in
> Immunity Debugger right now that links you to a special video. :>)
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130523/73d5ac48/attachment-0001.html>


More information about the Dailydave mailing list