Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Why evaluating consequences is so important

From: Sergio 'shadown' Alvarez <shadown () gmail com>
Date: Tue, 23 Dec 2014 18:26:17 +0100
Hi there,

I've been reading the Sony thingy also the Operation Cleaver where analysts from US make analysis and look someone to 
blame, and who knows what will come next.
 
I have nothing against US, as a matter or fact I have a lot of very good friends, so please don't take it personal.
 
I'm pretty sure some people will get upset with this, but it is what I think.
 
My understanding was that there are things, which are off-limits at government level, military level, intelligence 
community and so on. As the General retired Michael Hayden mentioned during his keynote at Blackhat back in 2010, which 
I personally believe was a great talk. (https://www.youtube.com/watch?v=pKZDYgj0KTA)
 
Since Stuxnet, which was the first piece of software that targeted something which was off-limits, US should have taken 
a step back. But that didn't happen; after that, Flame, Duqu, etc came after, not even mention the Snowden stuff.
 
Shouldn’t those things be considered as an act of war as well? I mean, we were just lucky nothing blown up, but it 
could have.
 
Basically, if somebody violated all those agreements that were there was US, and that certainly had an impact all over 
the world.
 
Personally what the intel community does I don't give a damn because that's something every single country does, if 
someone plays better than others good for whoever it is.
 
On the other hand, when things turn into violating things which have an impact or could have a drastic impact on the 
general population, that is a whole different talking, because it is not a military game anymore.
 
Making a proper analysis of the consequences before taking actions was easier before because the overwhelming power was 
clear, which prevented the weaker ones from counter attacking.
 
In the past whoever had the most powerful weapons had a clear win, period.
 
The issue is that since everything started to get connected directly or indirectly and became digital, the game changed 
entirely.
 
Now a day a team with a bunch of skilled hackers and developers can leverage attacks with catastrophic results. Which 
means that any country/company/group_of_people with a team of a few skilled guys (10?) can do a disaster, from anywhere 
in the world with a few laptops.
 
I won't elaborate into what catastrophic results means because the list is pretty long as well as the technologies and 
software involved, and I believe the most critical ones are clear already. To name a few: chemical, transportation, 
SCADA, communications, financial, medical and so on.
 
The ones taking decisions in the US government should have done a better analysis of the consequences and risk 
associated to what they started.
 
State and non-state sponsored actors have unfortunately started to take actions that I don't believe will stop any 
soon. Pretty sad.

Cheers,
  Sergio
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: