[Dailydave] Bandwidth and the Cyber Weapon of Availability

dave aitel dave at immunityinc.com
Mon Apr 25 10:15:09 EDT 2016

A key difference between theImmunity mindset on "Cyber Weapons"
<https://prezi.com/zayyak66yyia/what-is-a-cyber-weapon/>and the public
one is that we see the ability to /offer/ information that cannot be
removed from the public Internet as an important, and perhaps the most
important type of cyber weapon. If you don't think an AC-130 hurling USB
keys full of videos and software into a city isn't a cyber weapon, then
you won't agree with our paradigm and you'll have to live with being
wrong. :)

 basic cyberweapon theory image
Emin Gun Sirer has written two blogposts that should be must-reads by
the policy sect or anyone in the security business and this is one of them:

TL;DR summary: "All the databases are going to be available to
everyone." Cyber intelligence has long depended on the gap between what
people knew was publicly available and what they could /access/. You
know how powerful even a PHONE BOOK DATABASE is when it's not publicly
known to be accessible? Try running an Alias for an intel officer who
didn't actually have an apartment in Istanbul when she said she did, and
I can check in 20 seconds with my stolen DB. This is true for the OPM
database, all the airline databases and of course the hospital
databases. The same techniques that Twitter uses to figure out what
brand of soap to sell you can detect a fake persona without breaking a
digital sweat.

Following from these self-evident facts, eventually every service that
uses aliases is going to transition to just having to timeslice from
normal people with normal jobs, which is going to require they haven't
alienated the entire technical community they rely on for access and
influence. (In case you wanted a link to the Comey-misteps-of-the-day).

The obvious trendline is that the amount of data that makes a company
run is a constant. Mail spools just don't get big that fast, and the
important information in them gets bigger even slower. Remember when
downloading a movie was a big deal? Now you download 4 in between waking
up and heading to the airport onto your Kindle.

In other words: The increase in available bandwidth has completely
shifted some equation and made "Offer" cyber weapons more important than
they ever otherwise could have been. You only need a tiny dwell time on
the main mail server of a company to end that company forever, and that
dwell time is now smaller than the target's "Indicators of Compromise"
analysis speed. Or as Microsoft's researcher Sasha would say: "You win
automatically when your exfil time is less than log aggregation and
analysis periods."

On a completely unrelated note, I'm headed to DC today to attend a
conference at Georgetown
<https://msfs.georgetown.edu/CyberConference2016> on Cyber Policy. I
think part of what annoys everyone in the cyber policy world about the
State Dept. fucking up Wassenaar so much is that it has absorbed all the
bandwidth available for analysis for two whole years on an important
subject. The only silver lining is that by aligning the opposition to
their bone-headedness on the subject we may have congealed a multi-cell
predator out of the primordial soup. :)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160425/dc1c9b3d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Basic Cyberweapon Theory.PNG
Type: image/png
Size: 101930 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160425/dc1c9b3d/attachment-0001.png>

More information about the Dailydave mailing list