Re: Castles and Security (fwd)

["jeradonah" <jeradonah () fastmail ca>]

On Wed, 03 Jan 2001 19:03:58 -0800, "Marcus J. Ranum" <mjr () nfr com> 
wrote:
> > I feel that in general, the blackhat community does use guerilla 
> > tactics.  Find an easy kill, move swiftly, and disappear.  I'm 
> > going to have to play with this one some more.
>
> I think there's a subtle distinction between terrorists and
> guerillas, FYI. Guerillas (according to my dog-eared copy of Mao,
> anyhow) focus on destruction of infrastructure and are organized
> as military units. 

(this is how it is defined at the national war college:

"Guerrilla war, which includes certain kinds of civil wars, is 
warfare without front lines. Irregular forces operate in the midst 
of, and often hidden or protected by, civilian populations. The 
purpose of guerrilla war is not to engage an enemy army in direct 
confrontation, but rather to harass and punish it so as to gradually 
limit its operation and effectively liberate territory from its
control.

Guerrilla warfare is essentially a political war. Therefore, its area 
of operations exceeds the territorial limits of conventional warfare, 
to penetrate the political entity itself: the "political animal" that
Aristotle defined.

In effect,the human being should be considered the priority objective 
in a political war. And conceived as the military target of guerrilla 
war, the human being has his most critical point in his mind. Once 
his mind has been reached, the "political animal" has been defeated,
without necessarily receiving bullets.

Guerrilla warfare is born and grows in the political environment; in 
the constant combat to dominate that area of political mentality that 
is inherent to all human beings and which collectively constitutes 
the "environment" in which guerrilla warfare moves, and which is 
where precisely its victory or failure is defined.")

> Terrorists focus on media manipulation,

this is a rather *old* definition of terrorism, one befitting the 
1970s more than the third millenium...

the bombing of the army barracks in beirut (1983) showed that acts of
terrorism can have substantive results, in addition to the aim of
highlighting a cause and affecting public opinion.  media manipulation
is not really a goal of modern terrorism anymore...

> target "soft" and splashy victims, and are usually organized in 
> cell structures. 

these are classic guerrilla tactics.  indeed, terrorism is merely the 
unconventional tactics of smaller military bodies.  it is really not
that much different than guerrilla tactics, at least as terrorism is
pursued *now.*

> Guerillas are generally ideologically united, 

today's terrorists are generally ideiologically united as well...

> while there are some terrorists that are apparently more interested 
> in just causing damage than in serving any particular cause.

i'd be interested in knowing to whom you were referring.

> In other words, I wouldn't dignify the hackers by calling them
> "guerillas" ;)

i suspect the analogy to guerrillas is that they conform perfectly to
their environment.  packets are packets, and you can't tell the 
difference between "guerrilla" packets and "civilian" packets.  
moreover, to force this analogy a little further, sometimes 
"guerrillas" may be sending "civilian" packets -- not all of their
activity is malicious in nature.  

but you may have a personal affinity for guerrillas that you do not
share for "hackers".  you consider them "terrorists" because you 
disagree with their tactics.  john hamre made a seven year career at 
the defense department by calling young teenagers terrorists, too...

> > However, I still feel castles make an excellent analogy when you
> > want to demonstrate how defense in depth can be applied.  Many
> > organizations feel that by throwing up a firewall they are
> > secure.  Castles use defense at every layer, networks should
> > follow a simillar concept.
>
> Absolutely. Carcassone (S France) is a great example of early
> walled city construction, and has multiple layers of walls. Many
> of the walls have fail-safe points - weaknesses are covered by
> backup walls that have specific hardpoints from which to
> counter-attack if the wall is penetrated. Lots of sneaky stuff:
> break through one door and behind it is _another_ door. So in
> order to break the next door you have to stand in this small room
> between the doors - a room that has slots in the ceiling for
> pouring boiling oil. Ow. The medievals were not as nice to their
> hackers as we are, today.
>
> But let's look to the future. For now, the idea of perimeter
> defense and defense in depth hold. What happens if those break
> down? Is it possible that we will move into an environment in
> which defense is _impossible_??  I think we're on our way there
> thanks to "firewall friendly" applications, downloadable execution
> paradigms, and reams of readily-available hackerware. The walls
> don't count for anything because the attackers are able to
> transparently flow through them. In a medieval castle, when you
> were under attack you could close the gates. In a modern .COM
> website, when you are under attack, you are trying to still
> interact with your customers!!
>
> Classical anti-guerilla operations involve identifying
> infrastructure targets and guarding them. 

this was really more the british tactics in southeast asia in the 
1950s.  it certainly did not work against mao's forces, or for 
american forces in vietnam.  it seems to have been a successful 
strategy against tamil guerrillas, but not for the russians in 
afghanistan or chechnia.  hmmmm...

> Typically, they also identify "free fire zones" - which allows the 
> defenders to address the targeting problem by simply assuming that 
> anything in the FFZ is a target.

afghanistan would be a good place to note where this policy failed...

> In a terrorism environment, it's much, much harder because you 
> can't identify an FFZ - there are civilians there carrying out 
> their lives. 

well, terrorism generally occurs in friendly environments, guerrilla
warfare occurs in hostile environments.  which do you presume the
net is?

> So targeting the bad guys is nearly impossible - you have to wait 
> for them to stand up and start shooting before you can go after 
> them. And they have complete freedom of movement (generally) in 
> small numbers.

yet mao would have said the same thing about guerrilla warfare!  
indeed, the warfare continuum suggests that the only difference 
between guerrillas and terrorists are their number.  

> > > Right now, we're working in an environment where it's nearly
> > > impossible to tell a "good guy" from a "bad guy".  In fact, a
> > > bad guy could probably mount a credible defense for a while by
> > > merely claiming to be a good guy. That's not possible if the
> > > target definition is a bit crisper.
> >
> > I've noticed more hacked websites have posts where the badguys
> > say they just modified the index.html page to prove a point.  An
> > attempt to legitimize their actions.  Just check out the hacked
> > sites on attrition.org, makes for an interesting read.
>
> Terrorists are full of excuses, too.

as are those who deem themselves counter-insurgents.  indeed, the
excuses proffered by john hamre and louis freeh are exceptionally
imaginative!

> This is another important consideration in
> terrorist/counterterrorist operations vis Guerilla warfare. In
> dealing with terrorists it is absolutely critical to do whatever
> you can to isolate them from the media. 

some might think that this is a call to eliminate free speech...

> Because the message they are trying to deliver is what they're 
> willing to kill for. 

probably the biggest differences between terrorists/guerrillas and
"hackers" is that the former group is willing to die for it as well.
me thinks the latter isn't...

> The dynamic they are trying to achieve is to get the forces of
> authority to react to them, and thereby destabilize the political
> situation by appearing (or being!) heavy-handed in response. As
> soon as the "good guys" are so jittery that they start searching
> people on the street or cracking down on people because they look
> or walk funny, they have accomplished their goal of separating the
> people from the authorities and making the authorities look scared
> and ineffective. Now, I'm not saying that law enforcement is
> _scared_ of hackers, but ineffective might be a word that would
> fit. The hackers today have the ear of the media to a much greater
> degree than security practitioners (because they're such snappy
> dressers?) - so there are lots of parallels.

terrorism is merely *one* element in unconventional tactics -- iow, 
military tactics outside the body of the "book."  it is nice that you 
want to impose "rules" on war, but there are those -- like this 
country in the 1770s -- whose aspirations cannot be met by "playing 
by the rules," even if they try.  unconventional means are perfectly 
legitimate tactics in the pursuit of unrealized aspirations by 
disenfranchised peoples.  just because they don't play by the rules 
and don't have access to conventional weapons of war does not mean 
they should be relegated to the dustbin of history.

and, yes, i realize what i am saying, and i know that people don't 
like it.  interesting analogy, isn't it?

> The next question is: what to do about it? The answer's obvious,
> of course. :)

to you.  i guess that really depends on the kind of net you wish to
participate in.  some of us don't want any kind of instutional 
intrusions in our lives; it would be kinda sad if a network that was
built cooperatively was co-opted by those institutions, whether
governmental or corporate...

ac














_________________________________________________________________
     http://fastmail.ca/ - Fast Free Web Email for Canadians