[Dailydave] Mojo

Mohammad Hosein mhtajik at gmail.com
Tue Nov 5 16:41:14 EST 2013


since i am preparing a release of public version of a talk on IO i did a
while ago perhaps now a good time to ask Qs regarding points in the second
mail of this thread .

- what international law defines war and its distinctions with espionage ,
sabotage , coups or revolutions ? i'd be thankful for a link to something
of that nature covering stuff related to IO/IW

- if stealing things , like a bunch of cc and paypal info off some dude's
win8 with some 0day is a Crime , and if by taking the exactly same steps
two adversaries hurt each other , say , one with stealing
loc/addr/phone/residential data of a nuclear scientist later blessed with
magnet bomblets and the other one , stealing codes to render some parts of
a missile defense useless while blessing the same dude with waves of
missiles AND none agrees on any mutually accepted convention on warfare and
all happened unannounced , how that 0day and the steps to exfiltrate the
data in a supposedly simple cyber-robbery and a secret struggle between two
states who hates each other to the fullest could be classified as a
"civilian ill-intended tool" or "stuff" or "something else" in our crime
scenario while being looked as Cyber/Electronic Weapons in the other case ?

- suppose we can combine as many T-P-H Bytes as possible on some data
center out there , and sophisticated math and processing behind it , which
could be of help to identify who coded a duqu-type framework and follow the
dude right to the contractor and make a "attribution case" , at least good
for embarrassment theaters nation-states love , which part of it is
"unscientific" or "emotional" ?

i totally agree with you and some other fellas on "The Source" not being a
Weapon or even Ammunition . it is INTELLIGENCE .
raw/analyzed/verified/outdated/deceptive/smelly/secret/actionable/useless/disinfo
etc . not all parts of a battle , whether between two gangs in a
robbery-gone-bad or two nation-state military are in the row with "Fire"
and "Shooting" materials . some are of more delicate nature and do not show
smoke and flames when a trigger pulled or button pushed , even if they were
named "Flame" .

-mh




On Mon, Nov 4, 2013 at 12:16 PM, Dave Dittrich <dave.dittrich at gmail.com>wrote:

> Dave,
>
> With all due respect, I think the "cyberweapon" and "cyberwar" language
> needs to stop. I urge you to not promote it.
>
> This kind of sloppy rhetoric conflates war (which has clear definitions
> under international law) with espionage (or network exploitation) and
> worse, with crime. Stealing things is NOT war. Breaking into computers is
> NOT war. These are NOT weapons, unless they can clearly be shown to have
> similar effects to actual weapons.
>
> Calling DNA a "cyberweapon," as happened in a previous post, conflates
> information about biology with computer programs (is it not one) and use of
> that information with an act of war (it is NOT war.)
>
> Seriously, this is really hurting our cause by degrading a serious topic
> into unscientific, emotional, and in may cases entirely self-serving
> rhetoric, rather than a serious discussion of serious issues.
>
> Dave (D.)
>
>
> On Thu, Oct 24, 2013 at 1:53 PM, Dave Aitel <dave at immunityinc.com> wrote:
>
>>  So what defines a Cyber Weapon is in some part of my mind, a certain
>> Mojo. It's like the difference between a speech, and rhetoric. With the
>> right rhetoric you can lift whole houses right off the ground. And the
>> right cyber weapon can change the world.
>>
>> To put it into context is Robert Graham:
>> http://blog.erratasec.com/2013/10/the-fifth-estate-consensual.html<http://blog.erratasec.com/2013/10/the-fifth-estate-consensual.html#.UmmFBPnkvz4>
>>
>> "
>>  But once he got the ball rolling, it started to take on a life of its
>> own. That happens a lot on the Internet.
>> "
>>
>> His claim (which is probably right) is that WikiLeaks is there to provide
>> cover for Wikileaks-related hackers (aka, Assange himself) who had data
>> they wanted to get out. But so what? It's genius and everyone else is
>> probably wishing they'd thought of it first, but nobody at the time
>> realized how powerful just dumping semi-organized data on the world in a
>> way that could not be shut up could be. It's like we had Voice of America,
>> but failed to translate that into the Internet world before some random
>> Australian, and now we're all jealous and blindsided.
>>
>> A good cyberweapon has Mojo. It has a life of it's own. That's what makes
>> them so unstoppable.
>>
>> -dave
>>
>>
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>>
>
>
> --
> Dave Dittrich
> dave.dittrich at gmail.com
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20131105/0cc18a97/attachment.html>


More information about the Dailydave mailing list