lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 3 Dec 2007 13:53:36 -0600
From: reepex <reepex@...il.com>
To: gmaggro <gmaggro@...ers.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: High Value Target Selection

you should destroy myspace.com

after the downfall of and removal of myspace, many emo kids and future
teenage moms will commit sucide saving the world from future jerry springer
episodes and adding to the list of an heroes

On 11/30/07, gmaggro <gmaggro@...ers.com> wrote:
>
> I think it'd be interesting if we started a discussion on the selection
> of high value targets to be used in the staging of attacks that damage
> significant infrastructure. The end goals, ranked equal in importance,
> would be as follows:
>
> 1. To bring like minded people together while operating under the
> strategy of 'leaderless resistance'
> (http://en.wikipedia.org/wiki/Leaderless_resistance)
>
> 2. To be the 'aboveground' partner to the 'underground' scene, or at
> least serve to distract authorities from the activities of underground
> groups
>
> 3. To see exactly what can be accomplished, and accomplish it
>
> 4. To capture the imagination of the public
>
> The 'leaderless resistance' aspect of organization is going to be key.
> Plenty of technology exists for encryption and anonymity but that
> doesn't apply to people. We have to be like the Internet itself here, as
> originally intended: able to take the largest of blows and route around
> the damage automatically. We also have to be like good encryption: able
> to expose everything about our mechanism without leading to compromise.
>
> Capturing the imagination of the public sounds like bizspeek bullshit,
> but it's a very powerful tool - it only takes one cow to start a
> stampede. Furthermore it serves as a useful discriminator in selecting
> targets. Bringing down Facebook or Amazon might annoy people... but it
> really gets driven home when they can't pay their bills, buy food from
> supermarkets, or take the train to work.
>
> So, types of infrastructure to attack:
>
> 1. Transportation
> 2. Financial
> 3. Telecommunications
> 4. Petrochemical
> 5. Manufacturing
> 6. Health care
> 7. Education
> 8. Civilian Law Enforcement
> 9. Government (Judicial, Executive, Legislative)
> 10. Military
>
> This is just what I've thought of to date. One thing we'll need to do is
> prioritize that list and flesh it out. For instance, for 'Financial' I'd
> be inclined to break up something like this: banks, credit card
> companies, credit processing companies, ATM companies, credit bureaus,
> collection agencies, investment firms, etc.
>
> I guess we should pick some kind of a nation-state to narrow the scope.
> I'm going to propose the USA for several reasons:
>
> 1. Alot of folks got it in for them. This makes it easier to blend into
> the background. There's also the potential for assistance via
> enemy-of-my-enemy-is-my-friend co-operation among like minded
> individuals and groups. Also, in security, the advantage always goes to
> the attacker; he only needs to be successful once but the defender has
> to suceed every time. And since they're no doubt getting assaulted left
> right and centre they've probably been tenderized pretty good. These
> factors, I believe, combine to nullify any advantage they might have
> from being well practiced at having to withstand assaults.
>
> 2.They're weak right now. In many ways. Given the issues in the
> sub-prime market and it's cascade effects, profits are down everywhere.
> When businesses lose money, what's the first thing that suffers?
> Customer service. What's the second thing? Security. Not trying to slant
> politically one way or the other here, but the American implementation
> of capitalism is not renowned for having led to people making quality
> goods or loving their jobs. Sloppiness abounds whether it's ACLs on the
> router or easy-to-social-engineer employees. The effects of more people
> losing their jobs and increased sociocultural turmoil will only
> exacerbate this. Alot of talented people will be out a job for reason of
> economics or colour, and if engaged properly, can add to the ranks.
>
> 3. They're easy to penetrate. If you can't walk right into the states
> over the Mexican or Canadian border, then there's a million lines of
> fibre and copper running straight in. It is an incredibly well connected
> place with a widely geographically dispersed populace. And alot of
> coffee shops near open wifi. Entire cities blanketed in connectivity
> accessible from back alleys, washrooms in malls, or remote corners of
> public parks with a 12db Yagi. Miles upon miles of SCADA wiring.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ