Dailydave mailing list archives
Re: IT Underground trip report
From: Paul Wouters <paul () xelerance com>
Date: Mon, 18 Oct 2004 23:38:58 +0200 (MET DST)
On Mon, 18 Oct 2004, Dave Aitel wrote:
The particular location in this case is a dumpling house in Old-Town. Warsaw tends towards small, finely decorated places. Prices range from 10 Zloty to 15 Zloty for a plate. (3.5 Zloty to a Dollar).
Though I have to say that Polish cuisine is best described as "flavoured fat & oil". After three days I had a craving for clearasil for the first time in my life.
But the vodka applejuice combination was very good! Anyone remember which Polish we drank?
Overall, the conference went quite well, I think. A large part of this was no doubt because they had 2 translators in each of the three rooms, and so you could understand what the speaker was saying in Polish or in English, no
It is the first time I had to work with translators. It was fun to play jokes with them, though I really noticed I was talking way too much in half sentences, which I then dropped for another sentence. I felt quite bad for the translators.
Robert Lee Ayers is a Director for Critical National Infrastructure Defense for Northrop Grumman Mission Systems EuropeA former US DoD official, Bob now is a UK citizen. He did the keynote:
I realised a few things after listening to him. - I tend to dislike keynote speaker personalities. - Calling something 'national critical infrastructure' is another way of giving the military control of something civilian, and should always be treated with extreme skepticism. (They tried it with the AMS-IX too)
Interestingly he differentiated between a conventional war and a logical war. In his words, there is a clear indication of victor in a conventional war. As well, a conventional war is, as Clausewitz would agree, between nation states, whereas a logical war is not.
I guess you could just call it 'open warfare' and 'hidden regime change'. I don't really think the word 'logical' is appropriate here. It can be logical to fight a conventional war. Also, is the war in Iraq (or in Vietnam) a war with clear victor? I don't think so. As for 'nation states', they are sooooo yesterday :)
He uses this terminology, which some people may not be familiar with: Strategic warning: You are going to be attacked Tactical warning: You have been attacked
But he didn't mention the process of when strategic turns into tactical. Or in other words, pre-emptive versus Retaliation/self-defense
He claims that logical attacks have no strategic warning and that tactical warning requires rapid data collection and effective reporting mechanisms, which are almost always missing.
I don't understand this one either. I could see an increase in say worms, viri or ddos attacks, and still not know who or what is attacked. But it is definitely a warning signal. I think Robert thinks too much in black and white. (or red, orange, yellow).
He also claimed that all of the major internal switches (Cisco boxes) were compromised and concocting a sniffing operation for up to 4 years in 1992-1994. He says CERT had published a report on this, but I can't find it.
that part of his talk just sounded completely bogus, that's why I asked for more information. First of all, if this was a bug over four years ago published by CERT, and of such importance, why couldn't he tell us what kind of bug this was? Onlyafter pushing him for details did he admit it 'had to be cisco', but even so, in four years time there were a LOT of different cisco's and IOS'es out there.
But he made it even more unlikely when he said those compromised machines were running 'custom programs'. He suggested these intrusions were not all the same exploit and the same backdoor or harvesting code, but consisted of custom made programs per compromised sites. I think he even mentioned things like 'passing along documents'. He also said the hackers were never identified or found. Again, this is extremely unlikely if they were so widespread and actively (and specifically) looking and harvesting information. Even if they couldn't trace this online, which seems just impossible, then surely they could inject one document to these attackers that would lure them out somehow to identify them. I'm sorry, this bit undermined the credibility of everything in his talk.
One weird statistic he posed is that 50% of all corporations have "offensive attack programs" ready to use. He claims a large percentage of them are hacking back. I don't see it. I think some of them are hiring outside companies that do DoS attacks on phishing companies, but I don't see a hack back strategy.
I don't buy that either. It is a lot easier to defend then to attack. And even if you would attack, who would you be attacking and what would you gain for you money? Money is much better spent defending. It reminds me of the talk I saw at BlackHat Amsterdam (I think it was Sensei? some south african company) where the guy had attacks like 'putting a | symbol into the dns to execute commands on the attacking machine that is checking the logs'. I didn't really get a good answer to my question "Apart from pipe symbols not getting through any DNS server/resolver, you have just nuked a victim's machine. Now what?".
I would comment on his talk with two things I think are incorrect: 1.He claimed that there is no mobilization cost to Logical war.
Obviously, doing something very hidden is definitely expensive.
2.He claims there is a low cost of entry to logical war.
I'd say that might be true, if you compare it to the cost of sending a aircraft carrier to the other end of the planet.
nation states, they are fundamentally between ideologies. And powerful non-religious ideologies are just as warlike Communism, for example.
Darn, why didn't you see 'free market ideas and capitalism' :)
Thinking of war as a purely nation-state endeavor is to think of the rightful collection of power as a purely nation-state endeavor.
Robert Morgan wrote a nice book called "Market Forces". He describes the commercialisation of war, not fought by nation states, but by stock broker companies, whose sole interest in war is short term shareholder value.
Joanna was one of the stand-outs from the conference.
She was. I'm pretty sure we'll hear more from her. I hope she will translate her talk and present it at the CCC at the end of the year.
She noticed that the infosec community is quite Gossipy which
Information wants to be free :) It was a lot of fun, though I didn't get to see much or Warsaw. And when I landed at Amsterdam, the trains were not running because of a stupid general purpose "we want more money" strike. I think my 35 euros (140 Zloty) would have riven me from Warsaw to Berlin :P Guess we Dutch people DO need to work harder for our euros. Paul _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- IT Underground trip report Dave Aitel (Oct 18)
- Re: IT Underground trip report Florian Weimer (Oct 18)
- Re: IT Underground trip report David Maynor (Oct 18)
- Re: IT Underground trip report Paul Wouters (Oct 18)