Return-Path: <sentto-279987-1393-994335005-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 05 Jul 2001 05:11:07 -0700 (PDT) Received: (qmail 22896 invoked by uid 510); 5 Jul 2001 11:12:08 -0000 Received: from mk.egroups.com (208.50.144.76) by 204.181.12.215 with SMTP; 5 Jul 2001 11:12:08 -0000 X-eGroups-Return: sentto-279987-1393-994335005-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by mk.egroups.com with NNFMP; 05 Jul 2001 12:10:06 -0000 X-Sender: JStClair@vredenburg.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 5 Jul 2001 12:10:04 -0000 Received: (qmail 62485 invoked from network); 5 Jul 2001 12:07:25 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 5 Jul 2001 12:07:25 -0000 Received: from unknown (HELO vre?sd?nt.vredenburg.com) (64.242.205.6) by mta3 with SMTP; 5 Jul 2001 12:07:25 -0000 Received: by vre_sd_nt with Internet Mail Service (5.5.2650.21) id <3FNK8LXH>; Thu, 5 Jul 2001 05:04:44 -0700 Message-ID: <B30A25E2D1D2D1118021006097C3AC63C9814A@CCOPO> To: "'iwar@yahoogroups.com'" <iwar@yahoogroups.com> X-Mailer: Internet Mail Service (5.5.2650.21) From: "St. Clair, James" <jstclair@vredenburg.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 5 Jul 2001 05:07:51 -0700 Reply-To: iwar@yahoogroups.com Subject: RE: [iwar] Critical Mass to wage IW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Resource requirements are entirely dependent on your target and desired Measure of Effectiveness, much like planning the "perfect crime" (which is essentially what you're doing). Time and persistence are always on the side of the person choosing to attack, as you only have to exploit one weakness and a defender must protect all of them. Jim -----Original Message----- From: Dan Ellis [mailto:ellisd@cs.ucsb.edu] Sent: Thursday, July 05, 2001 8:00 AM To: IWAR Subject: [iwar] Critical Mass to wage IW I have heard statements from many in the computer security and information warfare that waging information warfare requires the resources of a nation state. Can anybody explain why a terrorist group, a single security professional, or a small group of "hobbyists" couldn't mount the resources necessary to wage information warfare? Maybe I am alone in believing that a small, trained, coordinated group could pull off at least a significant offensive for a short period of time. What resources are needed in order to wage a significant offensive? I suggest the following resources: 1) training/competency, 2) time, 3) computer software & hardware, 4) a connection to the internet. Computer software and hardware are relatively inexpensive ($1k is more than enough). An internet connection is likewise not an outlandish prerequisite. Time may be a limiting factor: it requires time to build the tools necessary. I suggest that underground tools, in their current state, could not easily be used by just one person to do a lot of damage. I know some of you will want to jump on this argument. But suffice it to say that time is necessary--for target planning and development of tools. I suggest that with 2 hours a day, over the course of a year, a serious hobbyist could produce some very potent tools. The most limiting resource, I suggest, is training or competency. It is true that the more one understands computers the more ways one can find to break them, but it doesn't take much knowledge before several different attacks become apparent. Any person who has graduate from college with a bachelors in computer science/engineering, electrical engineering, information technology is well equiped with the prerequisite knowledge. This is by no means an exhaustive list of potential candidates. (Imagine what one person could do if he created a potent tool and was able to mobilize the standing army of script kiddies to use that tool. Once an attacker learns how to replicate code into effective mobile agents, the script kiddies add nothing.) Are there other resources that are required that I am missing? Are there resources whose prerequisite attributes I have inaccurately chatagerized? --------------------------- Dan Ellis, Ph.D. student www.cs.ucsb.edu/~ellisd (703) 883-5807 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:36 PDT