funsec mailing list archives
Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers
From: Dragos Ruiu <dr () kyx net>
Date: Tue, 26 Jan 2010 13:12:34 -0800
On 26-Jan-10, at 9:24 AM, r.b. wrote:
'“In other words,” The Register’s Lew Page notes, “any code you write, perhaps even any document you create, might one day be traceable back to you - just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive ‘fist’ with which they operated their Morse keys. Or something like that, anyway.' This makes great copy but it doesn't sound like they've heard about, or bothered to take into consideration: JITs Automated code generation Optimizers Or a slipperier issue: Just because someone wrote the code doesn't mean they launched the attack. This idea has been hyped before without result. I don't expect that to change any time soon. -r On Tue, Jan 26, 2010 at 17:58, Larry Seltzer <larry () larryseltzer com> wrote:One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the 'cyber equivalent of fingerprints or DNA' that can identify even the best-cloaked hackers.http://www.wired.com/dangerroom/2010/01/pentagon-searches-for-digital-dna-to-identify-hackers/How much luck can they actually have with this?
You folks are thinking too mechanistically. That's the problem with using real world metaphors like DNA analysis and fingerprints... the internet isn't exactly like the physical domain. So it doesn't just have to be running some filter on a binary piece of code. I've worked with enough penetration test teams and different pen testers to identify that each attacker/intruder definitely has identifiable "styles," habits and other traits that could be identifiable give-aways. What the attacker does after getting on the machine for reconaissance for instance(I.e. how thoroughly do they examine local processes on the machine, or do they go immediately for the next hop network survey and pivot, timing, aggressiveness, noise level, etc...), the sequence or ordering they use to check for vulnerabilities etc... These correlational bits of information could very well lead to some sort of identification of different attackers and attack campaigns. You are also limiting your scope of imagination to single discrete intrusions - but identifying objectives and different attack teams could be done across a whole series of intrusions in an attack campaign to identify different "advanced persistent threats" as it were.... ;-P I'm not agreeing or disagreeing with the methodology espoused or know enough about what the team mentioned in the article is trying to identify to say whether it can work, but it's not right to out of hand dismiss the idea of identifying different separate attack campaigns across a series of intrusions by their properties enough to differentiate different threat vectors. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 22-26 http://cansecwest.com Amsterdam, Netherlands June 16/17 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Larry Seltzer (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers r.b. (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers r.b. (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Rich Kulawiec (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Dragos Ruiu (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Larry Seltzer (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Dragos Ruiu (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 27)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Chris Boyd (Jan 27)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 26)
- Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers r.b. (Jan 26)