[Dailydave] Bandwidth and the Cyber Weapon of Availability

Dakota Nelson dakota.w.nelson at gmail.com
Tue Apr 26 13:27:15 EDT 2016 

Dave,

It's worth noting that "offer" cyberweapons don't have to offer *true*
information! There's a lot of focus on exfiltrating data, but infiltrating
the right data has the potential to be incredibly powerful.

For a somewhat-but-not-entirely serious look, I found
http://blog.dilbert.com/post/143378109231/cyberbombs-and-isis to be
interesting.


Dakota

On Mon, Apr 25, 2016 at 7:29 AM dave aitel <dave at immunityinc.com> wrote:

> A key difference between the Immunity mindset on "Cyber Weapons"
> <https://prezi.com/zayyak66yyia/what-is-a-cyber-weapon/>and the public
> one is that we see the ability to *offer* information that cannot be
> removed from the public Internet as an important, and perhaps the most
> important type of cyber weapon. If you don't think an AC-130 hurling USB
> keys full of videos and software into a city isn't a cyber weapon, then you
> won't agree with our paradigm and you'll have to live with being wrong. :)
>
>  [image: Basic Cyberweapon Theory.PNG]
> Emin Gun Sirer has written two blogposts that should be must-reads by the
> policy sect or anyone in the security business and this is one of them:
>
> <http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/>
> http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/
>
> TL;DR summary: "All the databases are going to be available to everyone."
> Cyber intelligence has long depended on the gap between what people knew
> was publicly available and what they could *access*. You know how
> powerful even a PHONE BOOK DATABASE is when it's not publicly known to be
> accessible? Try running an Alias for an intel officer who didn't actually
> have an apartment in Istanbul when she said she did, and I can check in 20
> seconds with my stolen DB. This is true for the OPM database, all the
> airline databases and of course the hospital databases. The same techniques
> that Twitter uses to figure out what brand of soap to sell you can detect a
> fake persona without breaking a digital sweat.
>
> Following from these self-evident facts, eventually every service that
> uses aliases is going to transition to just having to timeslice from normal
> people with normal jobs, which is going to require they haven't alienated
> the entire technical community they rely on for access and influence. (In
> case you wanted a link to the Comey-misteps-of-the-day).
>
> The obvious trendline is that the amount of data that makes a company run
> is a constant. Mail spools just don't get big that fast, and the important
> information in them gets bigger even slower. Remember when downloading a
> movie was a big deal? Now you download 4 in between waking up and heading
> to the airport onto your Kindle.
>
> In other words: The increase in available bandwidth has completely shifted
> some equation and made "Offer" cyber weapons more important than they ever
> otherwise could have been. You only need a tiny dwell time on the main mail
> server of a company to end that company forever, and that dwell time is now
> smaller than the target's "Indicators of Compromise" analysis speed. Or as
> Microsoft's researcher Sasha would say: "You win automatically when your
> exfil time is less than log aggregation and analysis periods."
>
> On a completely unrelated note, I'm headed to DC today to attend a conference
> at Georgetown <https://msfs.georgetown.edu/CyberConference2016> on Cyber
> Policy. I think part of what annoys everyone in the cyber policy world
> about the State Dept. fucking up Wassenaar so much is that it has absorbed
> all the bandwidth available for analysis for two whole years on an
> important subject. The only silver lining is that by aligning the
> opposition to their bone-headedness on the subject we may have congealed a
> multi-cell predator out of the primordial soup. :)
>
> -dave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160426/797875f5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Basic Cyberweapon Theory.PNG
Type: image/png
Size: 101930 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160426/797875f5/attachment-0001.png>

More information about the Dailydave mailing list