RE: [iwar] what next? DDoS and then?

From: St. Clair, James
To: 'iwar@egroups.com'
From: jstclair@vredenburg.com
To: iwar@egroups.com
Fri, 15 Dec 2000 04:52:40 -0800

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: MAGLAN 1 To: "Re: [iwar] Cyber conflict over the Middle East - update 12.12.00 "
Previous message: From: MAGLAN 1 To: "Re: [iwar] what next? DDoS and then?"

fc  Fri Dec 15 04:55:07 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Fri, 15 Dec 2000 04:55:07 -0800 (PST)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri Dec 15 12:50:47 2000)
X-From_: jstclair@vredenburg.com  Fri Dec 15 06:50:25 2000
Received: from hn.egroups.com (hn.egroups.com [208.50.99.199]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id GAA23237 for ; Fri, 15 Dec 2000 06:50:23 -0600
X-eGroups-Return: sentto-279987-814-976884880-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by hn.egroups.com with NNFMP; 15 Dec 2000 12:54:42 -0000
X-Sender: JStClair@vredenburg.com
X-Apparently-To: iwar@egroups.com
Received: (EGP: mail-6_3_1_3); 15 Dec 2000 12:54:39 -0000
Received: (qmail 20835 invoked from network); 15 Dec 2000 12:54:39 -0000
Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 15 Dec 2000 12:54:39 -0000
Received: from unknown (HELO vre?sd?nt.vredenburg.com) (208.221.135.20) by mta1 with SMTP; 15 Dec 2000 12:54:39 -0000
Received: by vre-sd-nt.vredenburg.com with Internet Mail Service (5.5.2650.21) id ; Fri, 15 Dec 2000 04:54:35 -0800
Message-ID: 
To: "'iwar@egroups.com'" 
X-Mailer: Internet Mail Service (5.5.2650.21)
From: "St. Clair, James" 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Fri, 15 Dec 2000 04:52:40 -0800
Reply-To: iwar@egroups.com
Subject: RE: [iwar] what next? DDoS and then?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Concur, Fred - It is those portions of IW that do not attract attention that
are most damaging. The next step in a web site defacement is to simply alter
the data without any other noticeable changes, or corrupt a database without
outward claims of responsibility. While the overall premise may appear
primitive, the fact remains that websites and web-enabled information are
considered not only viable but strategically important targets. This is
fundamental IW. 

Jim 




-----Original Message-----
From: Fred Cohen [mailto:fc@all.net]
Sent: Friday, December 15, 2000 7:40 AM
To: iwar@egroups.com
Subject: Re: [iwar] what next? DDoS and then?


Per the message sent by MAGLAN 1:
...
> - Web and Mail Forgery
> - Virus and Vandals implant
> - Remote Sniffing
> - Intrusion to Internal Networks
> - Intrusion to organizational Internet Networks (DMZ hacking)
> - Extensive Infrastructures Scanning
> - Social Engineering
> - Denial of Service

Didn't you forget the attack that gleaned the details of US supporters
of Israel, stole their credit cards.  sent them harrassing email, took
some of their funds, and was declared part of an economic war?

This represents something more than those listed above.  In particular,
it is an attack on the international political and financial support of
a country.

Similarly, the defacements of PLO sites tended to be rather religiously
insulting in nature and were designed to insight, not merely to deface. 
When you accuse the CIA of being the Central Stupidity Agency, that is
defacement.  When you put up religiously offensive pictures on the site
of a religiously organized/oriented group, that is something quite
different. 

This is, of course, not the same as trying to really degrade a military
operational capability, but then isn't that precisely what the PLO tried
to do when it used denial of service against IDF network sites? And
wasn't the targetting of PLO military leaders based on the locaitons of
their cell phones when in use also in the realm of a military act?

It seems to me that there are indeed information operations underway
here, but that the ones getting more publicity are only the public face
of the information conflict.  Perception management is fundamental to
this and other similar conflicts.  The goal of the PLO is not military
victory but rather political victory.  Going toe to toe with Israel will
not get them what they want because they are outgunned.  Rather, they
seek to engage other Arab nations in the conflict to leverage those
nations' militaries against Israel, the wish to degrade support for
Israel from abroad, and they seek to get international support for their
own statehood.  This is the same plan followed by Israel at the end of
WWII.

I think that this could not be called anything other than an information
war, with the physical part of the war acting only as a weapon of the
information war. 

I bet there will be other comments on this...

FC
--
Fred Cohen at Sandia National Laboratories at tel:925-294-2087
fax:925-294-1225
  Fred Cohen & Associates: http://all.net - fc@all.net -
tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to
serve.
	PGP keys: https://all.net/pgpkeys.html - Have a great day!!!


------------------
http://all.net/

-------------------------- eGroups Sponsor -------------------------~-~>
Make FREE long-distance calls with Tellme!
        Just dial 1-800-555-TELL.
http://click.egroups.com/1/10794/1/_/595019/_/976884880/
---------------------------------------------------------------------_->

------------------
http://all.net/

Next message: From: MAGLAN 1 To: "Re: [iwar] Cyber conflict over the Middle East - update 12.12.00 "
Previous message: From: MAGLAN 1 To: "Re: [iwar] what next? DDoS and then?"