Dailydave mailing list archives
"I hunt Sys-Admins"
From: dave aitel <dave () immunityinc com>
Date: Mon, 11 Jul 2016 15:15:12 -0400
Occasionally I like to reflect, as you all do, on the various things that have mis-shaped our understanding of cyber war. For example, take this Intercept article based on the Snowden leaks: https://theintercept.com/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/ Viewed in hindsight, this article points very closely at something I'm going to support in depth in an article coming out shortly, which is that *the term "Critical Infrastructure" does not apply in cyber the way defense strategists think it does*. I mention this, which may seem obvious to the readership of this list, because if you read policy papers they go on an on about how nations should avoid "attacking" each others "critical infrastructure" as a "norm". They don't, of course, consider defining a lot of terms in any specificity, but they do mention that under no circumstances should CERTs be attacked. Which clearly is ridiculous because in cyberwar the CERT is something you will have penetrated first so you know when you've been caught everywhere else. Likewise, CERTs are usually very easy to attack. Likewise, top on your list is secure () microsoft com, and every other security contact. And in order to claim those things as "off limits" we have to declare huge swaths of infrastructure (often unknown ahead of time) as off limits. Also visible in retrospect is that people love to focus on the catchy phrases. "I hunt sys-admins". Sure you do! But that means your strategic offensive efforts have already failed at least twice. In order to get to the point where "I hunt sys-admins" team is involved, you have to get through "I hunt developers", "I hunt other hackers", and "I hunt system integrators". And even above them is "I hunt standards developers and cryptographers" (aka, NIST :) ). -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- "I hunt Sys-Admins" dave aitel (Jul 11)
- Re: "I hunt Sys-Admins" J.M. Porup (Jul 12)
- <Possible follow-ups>
- Re: "I hunt Sys-Admins" Alex Grigsby (Jul 12)
- Re: "I hunt Sys-Admins" Dave Aitel (Jul 12)
- Re: "I hunt Sys-Admins" Konrads Smelkovs (Jul 13)
- "I hunt Sys-Admins" Konrads Smelkovs (Jul 13)
- Re: "I hunt Sys-Admins" Alex Grigsby (Jul 13)
- Re: "I hunt Sys-Admins" Mara Tam (Jul 13)
- Re: "I hunt Sys-Admins" Dave Aitel (Jul 13)
- Re: "I hunt Sys-Admins" Dave Aitel (Jul 12)
- Re: "I hunt Sys-Admins" future (Jul 13)