[Dailydave] "I hunt Sys-Admins"

Wed Jul 13 04:16:29 EDT 2016

I've put in some links, underpinning my sad perception that your idea of 
values and borders is desirable but not the status quo.
-dmos

Am 2016-07-12 18:16, schrieb Alex Grigsby:
> I agree with most of the points you raise (esp. with respect to the
> vagueness of "critical infrastructure") but I'll push back a bit on
> your CERT point.
> 
> You're right that a CERT would likely be a prime target during a
> conflict, but just because a country would want to pwn a CERT doesn't
> necessarily mean that it should. Over the last 100+ years, countries
> have agreed to not deliberately target certain installations in
> wartime even if it's in their strategic interest to do so. For
> example, the laws of war prohibit the targeting hospitals or anything
> with a red cross/red crescent
> (https://en.wikipedia.org/wiki/Protective_sign) even if it would be
> militarily advantageous for a country to do so (i.e. less enemies on
> the battlefield).

https://www.theguardian.com/world/2015/oct/08/doctors-without-borders-bombing-hospital-war-crime-analysis

It is also not allowed to bomb helpers. People that rescue wounded.
http://www.nytimes.com/2012/02/06/world/asia/us-drone-strikes-are-said-to-target-rescuers.html?_r=0

  Same thing goes for restrictions on certain weapons
> (e.g. chemical weapons in the case of the Geneva protocol or booby
> traps in the case of the Conventional Weapons convention).

http://www.globalresearch.ca/turkish-police-find-chemical-weapons-in-the-possession-of-al-nusra-terrorists-heading-for-syria/5336917
http://www.washingtonsblog.com/2015/12/syrian-chemical-weapons-attack-false-flag-turkey-isis.html
http://nsnbc.me/2013/09/19/al-nusra-producing-chemical-weapons-turkey/
> 
> Countries have agreed to these restrictions largely on the basis of
> reciprocity--we won't do it to you if you don't do it to us. It
> doesn't necessarily mean that all states will comply, but they create
> a strong norm in favor of their adherence.
> 
> Based on the history of the laws of war, it doesn't seem completely
> ridiculous that countries could eventually come to some sort of
> understanding that CERTs are off limits.
> 
> Alex
> 
> -----Original Message-----
> From: dailydave-bounces at lists.immunityinc.com
> [mailto:dailydave-bounces at lists.immunityinc.com] On Behalf Of
> dailydave-request at lists.immunityinc.com
> Sent: Tuesday, July 12, 2016 12:00 PM
> To: dailydave at lists.immunityinc.com
> Subject: Dailydave Digest, Vol 56, Issue 1
> 
> Send Dailydave mailing list submissions to
> 	dailydave at lists.immunityinc.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.immunityinc.com/mailman/listinfo/dailydave
> or, via email, send a message with subject or body 'help' to
> 	dailydave-request at lists.immunityinc.com
> 
> You can reach the person managing the list at
> 	dailydave-owner at lists.immunityinc.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dailydave digest..."
> 
> 
> Today's Topics:
> 
>    1. "I hunt Sys-Admins" (dave aitel)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 11 Jul 2016 15:15:12 -0400
> From: dave aitel <dave at immunityinc.com>
> To: "dailydave at lists.immunityinc.com"
> 	<dailydave at lists.immunityinc.com>
> Subject: [Dailydave] "I hunt Sys-Admins"
> Message-ID: <5fc94935-e035-6b70-5d55-7f16d7f25992 at immunityinc.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Occasionally I like to reflect, as you all do, on the various things
> that have mis-shaped our understanding of cyber war.
> 
> For example, take this Intercept article based on the Snowden leaks:
> https://theintercept.com/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/
> 
> Viewed in hindsight, this article points very closely at something I'm
> going to support in depth in an article coming out shortly, which is
> that *the term "Critical Infrastructure" does not apply in cyber the
> way defense strategists think it does*. I mention this, which may seem
> obvious to the readership of this list, because if you read policy
> papers they go on an on about how nations should avoid "attacking"
> each others "critical infrastructure" as a "norm". They don't, of
> course, consider defining a lot of terms in any specificity, but they
> do mention that under no circumstances should CERTs be attacked. Which
> clearly is ridiculous because in cyberwar the CERT is something you
> will have penetrated first so you know when you've been caught
> everywhere else.
> Likewise, CERTs are usually very easy to attack. Likewise, top on your
> list is secure at microsoft.com, and every other security contact. And in
> order to claim those things as "off limits" we have to declare huge
> swaths of infrastructure (often unknown ahead of time) as off limits.
> 
> Also visible in retrospect is that people love to focus on the catchy
> phrases. "I hunt sys-admins". Sure you do! But that means your
> strategic offensive efforts have already failed at least twice. In
> order to get to the point where "I hunt sys-admins" team is involved,
> you have to get through "I hunt developers", "I hunt other hackers",
> and "I hunt system integrators". And even above them is "I hunt
> standards developers and cryptographers" (aka, NIST :) ).
> 
> -dave
> 
> 
> 
> 
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160711/97fa7226/attachment-0001.html>
> 
> ------------------------------
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
> 
> 
> End of Dailydave Digest, Vol 56, Issue 1
> ****************************************
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave