<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
A key difference between the<a
href="https://prezi.com/zayyak66yyia/what-is-a-cyber-weapon/">
Immunity mindset on "Cyber Weapons" </a>and the public one is
that we see the ability to <i>offer</i> information that cannot be
removed from the public Internet as an important, and perhaps the
most important type of cyber weapon. If you don't think an AC-130
hurling USB keys full of videos and software into a city isn't a
cyber weapon, then you won't agree with our paradigm and you'll have
to live with being wrong. :)<br>
<br>
<img alt="basic cyberweapon theory image"
src="cid:part2.05040107.00070802@immunityinc.com" height="685"
width="1239"><br>
Emin Gun Sirer has written two blogposts that should be must-reads
by the policy sect or anyone in the security business and this is
one of them:<br>
<a
href="http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/"><a class="moz-txt-link-freetext" href="http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/">http://hackingdistributed.com/2015/12/31/when-surveillance-is-accessible-by-all/</a>
</a><br>
<br>
TL;DR summary: "All the databases are going to be available to
everyone." Cyber intelligence has long depended on the gap between
what people knew was publicly available and what they could <i>access</i>.
You know how powerful even a PHONE BOOK DATABASE is when it's not
publicly known to be accessible? Try running an Alias for an intel
officer who didn't actually have an apartment in Istanbul when she
said she did, and I can check in 20 seconds with my stolen DB. This
is true for the OPM database, all the airline databases and of
course the hospital databases. The same techniques that Twitter uses
to figure out what brand of soap to sell you can detect a fake
persona without breaking a digital sweat. <br>
<br>
Following from these self-evident facts, eventually every service
that uses aliases is going to transition to just having to timeslice
from normal people with normal jobs, which is going to require they
haven't alienated the entire technical community they rely on for
access and influence. (In case you wanted a link to the
Comey-misteps-of-the-day).<br>
<br>
The obvious trendline is that the amount of data that makes a
company run is a constant. Mail spools just don't get big that fast,
and the important information in them gets bigger even slower.
Remember when downloading a movie was a big deal? Now you download 4
in between waking up and heading to the airport onto your Kindle. <br>
<br>
In other words: The increase in available bandwidth has completely
shifted some equation and made "Offer" cyber weapons more important
than they ever otherwise could have been. You only need a tiny dwell
time on the main mail server of a company to end that company
forever, and that dwell time is now smaller than the target's
"Indicators of Compromise" analysis speed. Or as Microsoft's
researcher Sasha would say: "You win automatically when your exfil
time is less than log aggregation and analysis periods."<br>
<br>
On a completely unrelated note, I'm headed to DC today to attend a <a
href="https://msfs.georgetown.edu/CyberConference2016">conference
at Georgetown</a> on Cyber Policy. I think part of what annoys
everyone in the cyber policy world about the State Dept. fucking up
Wassenaar so much is that it has absorbed all the bandwidth
available for analysis for two whole years on an important subject.
The only silver lining is that by aligning the opposition to their
bone-headedness on the subject we may have congealed a multi-cell
predator out of the primordial soup. :)<br>
<br>
-dave<br>
<br>
</body>
</html>