lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 May 2008 23:03:39 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: A cyber human shield?

A cyber human shield? A rogue government could take traditional
military tactics [1] and put them into the cyberspace warfare arena.

This evidently [2] hasn't been thought about after I read the military
article cited by S/U/N <s.u.n@...e.fr>.

[1] http://en.wikipedia.org/wiki/Human_shield

[2] http://www.afji.com/2008/05/3375884/

All the best,

n3td3v

---------- Forwarded message ----------
From: n3td3v <xploitable@...il.com>
Date: Wed, May 21, 2008 at 11:25 AM
Subject: Re: [Full-disclosure] pentagon botnet
To: full-disclosure@...ts.grok.org.uk


On Wed, May 21, 2008 at 9:16 AM, S/U/N <s.u.n@...e.fr> wrote:
> http://www.afji.com/2008/05/3375884/
>

What if the bot net of the enemy state are hospital computers, will
you still attack them? What if the bot net of the enemy state are
power station computers, will you still attack them? Will you risk
putting civilian life at risk if the enemy state hides their bot net
in national infrastructure that will make you look the worst if you
attack them?

Enemy states would end up hiding their bot nets in places you wouldn't
want to attack... because if you did it would shut down a national
infrastructure. The enemy states aren't going to have their bot nets
in home computers with Windows Vista running, they are going to be
national infrastructure computers that if you attack them will put the
countries civilians at risk, making you the baddies and them the
goodies.

You haven't thought things through well enough and the tactics your
enemy state will use to make you the baddie for attacking their bot
net, which you will have a hell of a job convincing the single mom and
retired couple crowd that a hospital or power station was something
called a bot net which they haven't even heard of a bot net before and
are told it was attacking pentagon networks or something, which didn't
affect the single mom and retired couple to begin with, but are told
its a good idea to shut down a countries hospital or power station
anyway.

Just trust your government, shutting down a rogue nations national
infrastructure is in your best interest, even though joe public don't
know what the hell a bot net is and why that fluffy innocent looking
hospital or power station was one and that it was attacking the United
States pentagon networks. Thats really going to go down well with the
American public who one fifth of have never used or sent an e-mail.
http://news.cnet.com/8301-10784_3-9946706-7.html

>>From the American public point of view and the rest of the world's
point of view it will be US government attacking innocent hospitals
and power stations that look like its doing nothing wrong from the
single mom and retired couple prospectus, so how are you going to win
over hearts and minds that shutting down a countries national
infrastructure was a good idea, when there is nothing wrong with that
hospital or power station to the untrained public eye?

You're going to need to educate your citizens first of all what a bot
net is, and then teach them that an enemy state is hiding rogue bot
net computers in hospitals and power stations, and that you need to
attack that infrastructure, and once you've attacked and shut down the
enemy states hospital and power station that from the untrained eye
was doing nothing wrong from the prospectus of the one fifth of
Americans who have never used e-mail before, you'll need to find a way
of proving that hostpital or power station did have a rogue bot net in
it and that you weren't just making it up.

There are probably more cunning national infrastructure places your
enemy state would hide their bot net than just a hospital or power
station, but those are pretty good standard examples to get your mind
thought juices flowing. So how are you going to convince joe public
why you're DDoS'ing eastern countries national infrastructure and its
citizens are out on the streets protesting because they have no food,
water, health care, electricity and whatever other thing you attacked
because the enemy state had placed their rogue bot net computers there
for the United States to offensively attack?

Those people out on the streets protesting won't even know what a bot
net is or understand why their power station, hospital or other
national infrastructure has suddenly stopped working. Try explaining
that to them and the rest of the world when they are starving and in
need of world aid organizations to come save their lives.

Its not going to work, so quit this pentagon bot net idea already,
there is enough carnage and problems in the world without the above
carry on happening, all because of military bot nets attacking
military bot nets that are cunningly placed in national infrastructure
to make whoever attacks it look bad.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ