lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <47505E42.90503@rogers.com>
Date: Fri, 30 Nov 2007 14:02:26 -0500
From: gmaggro <gmaggro@...ers.com>
To: full-disclosure@...ts.grok.org.uk
Subject: High Value Target Selection

I think it'd be interesting if we started a discussion on the selection
of high value targets to be used in the staging of attacks that damage
significant infrastructure. The end goals, ranked equal in importance,
would be as follows:

1. To bring like minded people together while operating under the
strategy of 'leaderless resistance'
(http://en.wikipedia.org/wiki/Leaderless_resistance)

2. To be the 'aboveground' partner to the 'underground' scene, or at
least serve to distract authorities from the activities of underground
groups

3. To see exactly what can be accomplished, and accomplish it

4. To capture the imagination of the public

The 'leaderless resistance' aspect of organization is going to be key.
Plenty of technology exists for encryption and anonymity but that
doesn't apply to people. We have to be like the Internet itself here, as
originally intended: able to take the largest of blows and route around
the damage automatically. We also have to be like good encryption: able
to expose everything about our mechanism without leading to compromise.

Capturing the imagination of the public sounds like bizspeek bullshit,
but it's a very powerful tool - it only takes one cow to start a
stampede. Furthermore it serves as a useful discriminator in selecting
targets. Bringing down Facebook or Amazon might annoy people... but it
really gets driven home when they can't pay their bills, buy food from
supermarkets, or take the train to work.

So, types of infrastructure to attack:

1. Transportation
2. Financial
3. Telecommunications
4. Petrochemical
5. Manufacturing
6. Health care
7. Education
8. Civilian Law Enforcement
9. Government (Judicial, Executive, Legislative)
10. Military

This is just what I've thought of to date. One thing we'll need to do is
prioritize that list and flesh it out. For instance, for 'Financial' I'd
be inclined to break up something like this: banks, credit card
companies, credit processing companies, ATM companies, credit bureaus,
collection agencies, investment firms, etc.

I guess we should pick some kind of a nation-state to narrow the scope.
I'm going to propose the USA for several reasons:

1. Alot of folks got it in for them. This makes it easier to blend into
the background. There's also the potential for assistance via
enemy-of-my-enemy-is-my-friend co-operation among like minded
individuals and groups. Also, in security, the advantage always goes to
the attacker; he only needs to be successful once but the defender has
to suceed every time. And since they're no doubt getting assaulted left
right and centre they've probably been tenderized pretty good. These
factors, I believe, combine to nullify any advantage they might have
from being well practiced at having to withstand assaults.

2.They're weak right now. In many ways. Given the issues in the
sub-prime market and it's cascade effects, profits are down everywhere.
When businesses lose money, what's the first thing that suffers?
Customer service. What's the second thing? Security. Not trying to slant
politically one way or the other here, but the American implementation
of capitalism is not renowned for having led to people making quality
goods or loving their jobs. Sloppiness abounds whether it's ACLs on the
router or easy-to-social-engineer employees. The effects of more people
losing their jobs and increased sociocultural turmoil will only
exacerbate this. Alot of talented people will be out a job for reason of
economics or colour, and if engaged properly, can add to the ranks.

3. They're easy to penetrate. If you can't walk right into the states
over the Mexican or Canadian border, then there's a million lines of
fibre and copper running straight in. It is an incredibly well connected
place with a widely geographically dispersed populace. And alot of
coffee shops near open wifi. Entire cities blanketed in connectivity
accessible from back alleys, washrooms in malls, or remote corners of
public parks with a 12db Yagi. Miles upon miles of SCADA wiring.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ