Full Disclosure mailing list archives
Re: High Value Target Selection
From: coderman <coderman () gmail com>
Date: Fri, 30 Nov 2007 21:27:34 -0800
On Nov 30, 2007 11:02 AM, gmaggro <gmaggro () rogers com> wrote:
I think it'd be interesting if we started a discussion on the selection of high value targets
translation: let's discuss how to discern high degree and/or vulnerable nodes in critical infrastructure networks.
1. To bring like minded people together while operating under the strategy of 'leaderless resistance' (http://en.wikipedia.org/wiki/Leaderless_resistance)
*yawn*
2. To be the 'aboveground' partner to the 'underground' scene, or at least serve to distract authorities from the activities of underground groups
... ZZzzzzZZZ ... you're losing me, jim.
3. To see exactly what can be accomplished, and accomplish it
pretty easy to make inferences once you've mapped out the critical infrastructure in question. this is of course a little more difficult now given the mostly inept attempts to reign in useful information on such infrastructure. (the easy days of pulling up fiber plats via county/gov websites is long gone...) as for actual attacks, you'll be biting the hand that feeds... (i'll wait for that decentralized wireless mesh net before slicing those glassy life lines, thanks)
4. To capture the imagination of the public
more like hatred. the unwashed masses get all restless and cranky when: a) the 'tubes are clogged or dead b) phone lines to anywhere outside town are down. c) all credit / debit transactions are dead - cash only? d) some/most cable programming is tits up e) travel and/or fuel is highly constrained / unavailable f) electricity is spotty or unavailable
Capturing the imagination of the public sounds like bizspeek bullshit,
this i fully agree with. thanks for that...
So, types of infrastructure to attack: [ list of infrastructure domains as if they exist as discrete units
independent of each other... lolz! ] rarely is one affected in isolation. the ugly truth about critical infrastructure is that those high degree, critical nodes start impacting multiple domains at once when affected by outages or targeted attack.
[lots of blah blah blah misunderstanding of what critical infrastructure is and how it is organized, USA bashing, etc...]
first, go read Global Guerrillas. that will keep you busy for a few weeks and save us all more of this blather: http://globalguerrillas.typepad.com/globalguerrillas/ second, some attacking critical infrastructure clif notes: 1. those with clue have realized the folly of trying to make infallible infrastructure. their focus has shifted to rapid repair instead of prevention. there are papers written that describe exactly how stupid it is to think you can build resilient infrastructure in the face of a skilled attacker. (see the ATT telco in a trailer truck, etc) 2. critical infrastructure viewed as a graph theory problem highlights the compound vulnerabilities across multiple infrastructures inherent in high degree / high value nodes of critical infrastucture. (metropolitan bridges carrying fiber, gas, electricity, vehicles, etc over the same physical span, etc.) 3. most critical infrastructure is resilient against planned / common failure scenarios, and these protections actually create hyper- sensitive vulnerabilities against targeted / unplanned attacks. (M of N redundancy that leads to catastrophic failure against well targeted M attacks, etc.) combining these aspects into attack scenarios is left as an exercise for the reader [who pines for a vacation in club fed...] the crux of the problem for the practical attacker is discerning the nature and location of critical infrastructure nodes and links. fortunately for the determined individual this is merely a matter of effort and time, not a question of ability. for the rest of us this means our life style / way of life is highly dependent on the lack of sufficiently skilled malcontents able and willing to express their grievances in direct action against such systems. perhaps this can be viewed as a check against the fascist dystopia many fear as the end result of authoritarian abuse of power coupled with high tech tools for manipulation and control of the populace... best regards, p.s. my favorite tools in such scenarios (of course not advocation): - the thermic lance - portable saws (lithium battery cells quite power dense now) - post hole diggers - thermite flower pots (lol, so much fun!) - software defined / police band and EM svcs capable radios - bolt action .50 BMG (incendiary DU rounds++) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- High Value Target Selection gmaggro (Nov 30)
- Re: High Value Target Selection Peter Besenbruch (Nov 30)
- Re: High Value Target Selection coderman (Nov 30)