Full Disclosure mailing list archives
High Value Target Selection
From: gmaggro <gmaggro () rogers com>
Date: Fri, 30 Nov 2007 14:02:26 -0500
I think it'd be interesting if we started a discussion on the selection of high value targets to be used in the staging of attacks that damage significant infrastructure. The end goals, ranked equal in importance, would be as follows: 1. To bring like minded people together while operating under the strategy of 'leaderless resistance' (http://en.wikipedia.org/wiki/Leaderless_resistance) 2. To be the 'aboveground' partner to the 'underground' scene, or at least serve to distract authorities from the activities of underground groups 3. To see exactly what can be accomplished, and accomplish it 4. To capture the imagination of the public The 'leaderless resistance' aspect of organization is going to be key. Plenty of technology exists for encryption and anonymity but that doesn't apply to people. We have to be like the Internet itself here, as originally intended: able to take the largest of blows and route around the damage automatically. We also have to be like good encryption: able to expose everything about our mechanism without leading to compromise. Capturing the imagination of the public sounds like bizspeek bullshit, but it's a very powerful tool - it only takes one cow to start a stampede. Furthermore it serves as a useful discriminator in selecting targets. Bringing down Facebook or Amazon might annoy people... but it really gets driven home when they can't pay their bills, buy food from supermarkets, or take the train to work. So, types of infrastructure to attack: 1. Transportation 2. Financial 3. Telecommunications 4. Petrochemical 5. Manufacturing 6. Health care 7. Education 8. Civilian Law Enforcement 9. Government (Judicial, Executive, Legislative) 10. Military This is just what I've thought of to date. One thing we'll need to do is prioritize that list and flesh it out. For instance, for 'Financial' I'd be inclined to break up something like this: banks, credit card companies, credit processing companies, ATM companies, credit bureaus, collection agencies, investment firms, etc. I guess we should pick some kind of a nation-state to narrow the scope. I'm going to propose the USA for several reasons: 1. Alot of folks got it in for them. This makes it easier to blend into the background. There's also the potential for assistance via enemy-of-my-enemy-is-my-friend co-operation among like minded individuals and groups. Also, in security, the advantage always goes to the attacker; he only needs to be successful once but the defender has to suceed every time. And since they're no doubt getting assaulted left right and centre they've probably been tenderized pretty good. These factors, I believe, combine to nullify any advantage they might have from being well practiced at having to withstand assaults. 2.They're weak right now. In many ways. Given the issues in the sub-prime market and it's cascade effects, profits are down everywhere. When businesses lose money, what's the first thing that suffers? Customer service. What's the second thing? Security. Not trying to slant politically one way or the other here, but the American implementation of capitalism is not renowned for having led to people making quality goods or loving their jobs. Sloppiness abounds whether it's ACLs on the router or easy-to-social-engineer employees. The effects of more people losing their jobs and increased sociocultural turmoil will only exacerbate this. Alot of talented people will be out a job for reason of economics or colour, and if engaged properly, can add to the ranks. 3. They're easy to penetrate. If you can't walk right into the states over the Mexican or Canadian border, then there's a million lines of fibre and copper running straight in. It is an incredibly well connected place with a widely geographically dispersed populace. And alot of coffee shops near open wifi. Entire cities blanketed in connectivity accessible from back alleys, washrooms in malls, or remote corners of public parks with a 12db Yagi. Miles upon miles of SCADA wiring. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- High Value Target Selection gmaggro (Nov 30)
- Re: High Value Target Selection Peter Besenbruch (Nov 30)
- Re: High Value Target Selection coderman (Nov 30)