Firewall Wizards mailing list archives
Re: Castles and Security (fwd)
From: "jeradonah" <jeradonah () fastmail ca>
Date: Thu, 4 Jan 2001 14:22:14 -0500 (EST)
On Wed, 03 Jan 2001 19:03:58 -0800, "Marcus J. Ranum" <mjr () nfr com> wrote:
I feel that in general, the blackhat community does use guerilla tactics. Find an easy kill, move swiftly, and disappear. I'm going to have to play with this one some more.I think there's a subtle distinction between terrorists and guerillas, FYI. Guerillas (according to my dog-eared copy of Mao, anyhow) focus on destruction of infrastructure and are organized as military units.
(this is how it is defined at the national war college: "Guerrilla war, which includes certain kinds of civil wars, is warfare without front lines. Irregular forces operate in the midst of, and often hidden or protected by, civilian populations. The purpose of guerrilla war is not to engage an enemy army in direct confrontation, but rather to harass and punish it so as to gradually limit its operation and effectively liberate territory from its control. Guerrilla warfare is essentially a political war. Therefore, its area of operations exceeds the territorial limits of conventional warfare, to penetrate the political entity itself: the "political animal" that Aristotle defined. In effect,the human being should be considered the priority objective in a political war. And conceived as the military target of guerrilla war, the human being has his most critical point in his mind. Once his mind has been reached, the "political animal" has been defeated, without necessarily receiving bullets. Guerrilla warfare is born and grows in the political environment; in the constant combat to dominate that area of political mentality that is inherent to all human beings and which collectively constitutes the "environment" in which guerrilla warfare moves, and which is where precisely its victory or failure is defined.")
Terrorists focus on media manipulation,
this is a rather *old* definition of terrorism, one befitting the 1970s more than the third millenium... the bombing of the army barracks in beirut (1983) showed that acts of terrorism can have substantive results, in addition to the aim of highlighting a cause and affecting public opinion. media manipulation is not really a goal of modern terrorism anymore...
target "soft" and splashy victims, and are usually organized in cell structures.
these are classic guerrilla tactics. indeed, terrorism is merely the unconventional tactics of smaller military bodies. it is really not that much different than guerrilla tactics, at least as terrorism is pursued *now.*
Guerillas are generally ideologically united,
today's terrorists are generally ideiologically united as well...
while there are some terrorists that are apparently more interested in just causing damage than in serving any particular cause.
i'd be interested in knowing to whom you were referring.
In other words, I wouldn't dignify the hackers by calling them "guerillas" ;)
i suspect the analogy to guerrillas is that they conform perfectly to their environment. packets are packets, and you can't tell the difference between "guerrilla" packets and "civilian" packets. moreover, to force this analogy a little further, sometimes "guerrillas" may be sending "civilian" packets -- not all of their activity is malicious in nature. but you may have a personal affinity for guerrillas that you do not share for "hackers". you consider them "terrorists" because you disagree with their tactics. john hamre made a seven year career at the defense department by calling young teenagers terrorists, too...
However, I still feel castles make an excellent analogy when you want to demonstrate how defense in depth can be applied. Many organizations feel that by throwing up a firewall they are secure. Castles use defense at every layer, networks should follow a simillar concept.Absolutely. Carcassone (S France) is a great example of early walled city construction, and has multiple layers of walls. Many of the walls have fail-safe points - weaknesses are covered by backup walls that have specific hardpoints from which to counter-attack if the wall is penetrated. Lots of sneaky stuff: break through one door and behind it is _another_ door. So in order to break the next door you have to stand in this small room between the doors - a room that has slots in the ceiling for pouring boiling oil. Ow. The medievals were not as nice to their hackers as we are, today. But let's look to the future. For now, the idea of perimeter defense and defense in depth hold. What happens if those break down? Is it possible that we will move into an environment in which defense is _impossible_?? I think we're on our way there thanks to "firewall friendly" applications, downloadable execution paradigms, and reams of readily-available hackerware. The walls don't count for anything because the attackers are able to transparently flow through them. In a medieval castle, when you were under attack you could close the gates. In a modern .COM website, when you are under attack, you are trying to still interact with your customers!! Classical anti-guerilla operations involve identifying infrastructure targets and guarding them.
this was really more the british tactics in southeast asia in the 1950s. it certainly did not work against mao's forces, or for american forces in vietnam. it seems to have been a successful strategy against tamil guerrillas, but not for the russians in afghanistan or chechnia. hmmmm...
Typically, they also identify "free fire zones" - which allows the defenders to address the targeting problem by simply assuming that anything in the FFZ is a target.
afghanistan would be a good place to note where this policy failed...
In a terrorism environment, it's much, much harder because you can't identify an FFZ - there are civilians there carrying out their lives.
well, terrorism generally occurs in friendly environments, guerrilla warfare occurs in hostile environments. which do you presume the net is?
So targeting the bad guys is nearly impossible - you have to wait for them to stand up and start shooting before you can go after them. And they have complete freedom of movement (generally) in small numbers.
yet mao would have said the same thing about guerrilla warfare! indeed, the warfare continuum suggests that the only difference between guerrillas and terrorists are their number.
Right now, we're working in an environment where it's nearly impossible to tell a "good guy" from a "bad guy". In fact, a bad guy could probably mount a credible defense for a while by merely claiming to be a good guy. That's not possible if the target definition is a bit crisper.I've noticed more hacked websites have posts where the badguys say they just modified the index.html page to prove a point. An attempt to legitimize their actions. Just check out the hacked sites on attrition.org, makes for an interesting read.Terrorists are full of excuses, too.
as are those who deem themselves counter-insurgents. indeed, the excuses proffered by john hamre and louis freeh are exceptionally imaginative!
This is another important consideration in terrorist/counterterrorist operations vis Guerilla warfare. In dealing with terrorists it is absolutely critical to do whatever you can to isolate them from the media.
some might think that this is a call to eliminate free speech...
Because the message they are trying to deliver is what they're willing to kill for.
probably the biggest differences between terrorists/guerrillas and "hackers" is that the former group is willing to die for it as well. me thinks the latter isn't...
The dynamic they are trying to achieve is to get the forces of authority to react to them, and thereby destabilize the political situation by appearing (or being!) heavy-handed in response. As soon as the "good guys" are so jittery that they start searching people on the street or cracking down on people because they look or walk funny, they have accomplished their goal of separating the people from the authorities and making the authorities look scared and ineffective. Now, I'm not saying that law enforcement is _scared_ of hackers, but ineffective might be a word that would fit. The hackers today have the ear of the media to a much greater degree than security practitioners (because they're such snappy dressers?) - so there are lots of parallels.
terrorism is merely *one* element in unconventional tactics -- iow, military tactics outside the body of the "book." it is nice that you want to impose "rules" on war, but there are those -- like this country in the 1770s -- whose aspirations cannot be met by "playing by the rules," even if they try. unconventional means are perfectly legitimate tactics in the pursuit of unrealized aspirations by disenfranchised peoples. just because they don't play by the rules and don't have access to conventional weapons of war does not mean they should be relegated to the dustbin of history. and, yes, i realize what i am saying, and i know that people don't like it. interesting analogy, isn't it?
The next question is: what to do about it? The answer's obvious, of course. :)
to you. i guess that really depends on the kind of net you wish to participate in. some of us don't want any kind of instutional intrusions in our lives; it would be kinda sad if a network that was built cooperatively was co-opted by those institutions, whether governmental or corporate... ac _________________________________________________________________ http://fastmail.ca/ - Fast Free Web Email for Canadians
Current thread:
- RE: Castles and Security (fwd), (continued)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)
- Re: Castles and Security (fwd) Neil Buckley (Jan 05)
- Re: Castles and Security (fwd) Adam Shostack (Jan 08)
- Targeting (was Castles and Security) Stephen P. Berry (Jan 08)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Harris, Tim (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Ryan Russell (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Darren Reed (Jan 10)
- RE: Castles and Security (fwd) Robert Graham (Jan 12)
- RE: Castles and Security Lance Spitzner (Jan 12)