Full Disclosure mailing list archives
Re: High Value Target Selection
From: gmaggro <gmaggro () rogers com>
Date: Sat, 01 Dec 2007 11:09:55 -0500
translation: let's discuss how to discern high degree and/or vulnerable nodes in critical infrastructure networks.
Correct.
1. To bring like minded people together while operating under the strategy of 'leaderless resistance' (http://en.wikipedia.org/wiki/Leaderless_resistance)*yawn*
Apologies, but there's some people that haven't heard of the idea. Not everyone here is from a western country, or wastes their time combing for what might be perceived as 'out there' literature like ELF or SHAC stuff.
2. To be the 'aboveground' partner to the 'underground' scene, or at least serve to distract authorities from the activities of underground groups... ZZzzzzZZZ ... you're losing me, jim.
If we wind up not being to do anything useful, then at least run interference for the real subversives. Keep our friends in intel and law enforcement busy chasing dead ends. Lower the signal-to-noise ratio and make them have to spend as much money as possible. Tarpit them.
4. To capture the imagination of the publicmore like hatred.
What exactly is the difference? :)
So, types of infrastructure to attack: [ list of infrastructure domains as if they exist as discrete unitsindependent of each other... lolz! ]
Well, what was one to do - just put "1. The Internet"? No, the domains were split up for the matter of discussion. Of course with networks any divisions are arbitrary. But given the large area to attack, some focusing of effort will be required, at least at first.
[lots of blah blah blah misunderstanding of what critical infrastructure is and how it is organized, USA bashing, etc...]
Please elaborate on your perceptions of my failure to adequately define 'critical infrastructure'. As for USA bashing, meh. It's just that they make a great target and they got lots of enemies. If I was Irish, maybe I'd have picked England, and if I was Chechen, maybe I'd pick Russia. Not important.
first, go read Global Guerrillas. that will keep you busy for a few weeks and save us all more of this blather: http://globalguerrillas.typepad.com/globalguerrillas/
Thanks for the link, I'll check it out.
second, some attacking critical infrastructure clif notes: 1. those with clue have realized the folly of trying to make infallible infrastructure. their focus has shifted to rapid repair instead of prevention. there are papers written that describe exactly how stupid it is to think you can build resilient infrastructure in the face of a skilled attacker. (see the ATT telco in a trailer truck, etc) 2. critical infrastructure viewed as a graph theory problem highlights the compound vulnerabilities across multiple infrastructures inherent in high degree / high value nodes of critical infrastucture. (metropolitan bridges carrying fiber, gas, electricity, vehicles, etc over the same physical span, etc.) 3. most critical infrastructure is resilient against planned / common failure scenarios, and these protections actually create hyper- sensitive vulnerabilities against targeted / unplanned attacks. (M of N redundancy that leads to catastrophic failure against well targeted M attacks, etc.)
Good stuff. But wouldn't you have already surprised yourself vis-a-vis your first point? 'those with clue' are smaller than we'd like. Sloppiness abounds; I am certain of that.
combining these aspects into attack scenarios is left as an exercise for the reader [who pines for a vacation in club fed...]
Well that depends on the exact nature of any alleged or purported crime, and whatever extradition treaties between the nation-state someone resides in and the USA. They also have to catch you first.
the crux of the problem for the practical attacker is discerning the nature and location of critical infrastructure nodes and links. fortunately for the determined individual this is merely a matter of effort and time, not a question of ability. for the rest of us this means our life style / way of life is highly dependent on the lack of sufficiently skilled malcontents able and willing to express their grievances in direct action against such systems.
A good summary, thank you. So I suppose I'm saying "Hey malcontents, if we can't go more public let's start sharing info and making it incredibly easy for other malcontents". And would people, for once, consider that maybe the net was adopted too damn fast by too many morons in too slap-dash a fashion? I never thought I'd find myself arguing for a conservative approach in, well, anything. But people really need to start doing a better job as it's affecting too many people. Since that's not likely to happen..
perhaps this can be viewed as a check against the fascist dystopia many fear as the end result of authoritarian abuse of power coupled with high tech tools for manipulation and control of the populace...
p.s. my favorite tools in such scenarios (of course not advocation): - the thermic lance - portable saws (lithium battery cells quite power dense now) - post hole diggers - thermite flower pots (lol, so much fun!) - software defined / police band and EM svcs capable radios - bolt action .50 BMG (incendiary DU rounds++)
Why not advocate? If you did get in trouble for this post, I don't think adding a caveat like "of course not advocation" would help you much, if at all. Like those quips in Phrack or Paladin Press books "For educational purposes only". Bwahahaha! Really, how much trouble could we get in if we posted up a list of street addresses, each address being a building that contained significant telco and/or routing infrastructure? Especially if the next week, a bunch of completely unrelated people park Oklahoma Specials out front of said buildings and blow them up. I know where those locations are for my city, and I'm sure others know where those are for their cities. I say, let's post them up, make alot of people nervous, and see what happens. Additional thoughts: Probably be some interesting/useful information poking around BGP land and looking at ASs and their relationships in more detail. Especially when cross-referenced to actual physical locations. Interesting maps: http://chrisharrison.net/projects/InternetMap/high/worlddotblack.png http://chrisharrison.net/projects/InternetMap/high/worldBlack.png http://chrisharrison.net/projects/InternetMap/high/euroblack.png http://chrisharrison.net/projects/InternetMap/high/NorthAmericaBlack.png http://www.isi.edu/ant/address/ http://xkcd.com/195/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: High Value Target Selection gmaggro (Dec 01)
- Re: High Value Target Selection coderman (Dec 01)
- Re: High Value Target Selection gmaggro (Dec 01)
- Re: High Value Target Selection Valdis . Kletnieks (Dec 01)
- Re: High Value Target Selection Vincent Archer (Dec 03)
- Re: High Value Target Selection gmaggro (Dec 01)
- Re: High Value Target Selection gmaggro (Dec 06)
- Re: High Value Target Selection coderman (Dec 01)
- <Possible follow-ups>
- Re: High Value Target Selection gmaggro (Dec 01)
- Re: High Value Target Selection reepex (Dec 03)