Re: [External] Chinese Hacking, Mandiant and Cyber War

[Ali-Reza Anghaie <ali () packetknife com>]

It's "confused" intentionally - the money and control grab that can be
accomplished through "war" FAR exceeds anything that comes under the
context of espionage.

It's all about increasing the perception that a State-level response is the
only effective solution.

RE: Policy makers - the biggest problem I've had with convincing anybody in
those circles is they think attribution is equal when it comes to them. A
Maltego graph finding a bit of information on them and tying it to a
Facebook profile is absolutely convincing. No matter what else you say -
after such a demonstration by an "expert" - they resolutely believe that
all other attributions are just that exacting.

The route I've been taking lately is trying to explain to people how
~little~ a State-funded attacker matters to them. Geopolitical attribution
doesn't even matter until you get thousands of other sheep herded. Until
then all the China-China-China is a distraction from much more baseline and
broad issues in InfoSec.

-Ali



On Wed, Feb 20, 2013 at 10:47 AM, Goertzel, Karen [USA] <
goertzel_karen () bah com> wrote:

> I agree - and grow increasingly frustrated with those who insist on
> confusing "cyber war" with "cyber espionage" (and vice versa). But I've
> found it's quite easy to get them to understand the difference by simply
> asking them to drop the prefix "cyber" from each. Cyber war is simply war
> fought on an electronic battlefield with digital weapons. The general
> objectives are the same as physical warfare: disable/destroy the
> adversary's capabilities.
>
> In cyber espionage, by contrast, the objective is to obtain information
> that is held secret by the adversary. This said, espionage is never an end
> in itself - information must be used for something to have any value. Thus
> the (possible) source of confusion (other than that pesky "cyber" tag): one
> may undertake cyber espionage in aid of cyber war - just as one sends out
> spies to learn secrets to give one's side a strategic advantage in warfare
> (or soldiers to do reconnaissance before battle - which is a form of
> tactical espionage).
>
> The problem is that the origin of the cyber attacks involved may be the
> same, and the timing of the cyber attacks may be (near) simultaneous, so
> that in the heat of the moment, one might be forgiven for misconstruing as
> "cyber war" what is in fact "cyber espionage in aid of cyber war". But as
> the objectives of the two are quite different, the attack patterns are also
> very likely to be different. So there is no excuse for anyone with more
> than the most superficial level of understanding of "things cyber" to
> confuse one with the other.
>
> ===
> Karen Mercedes Goertzel, CISSP
> Lead Associate
> Booz Allen Hamilton
> 703.698.7454
> goertzel_karen () bah com
>
> "If you're not failing every now and again,
> it's a sign you're not doing anything very innovative."
> - Woody Allen
>
> ________________________________________
> From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on
> behalf of Gary McGraw [gem () cigital com]
> Sent: 20 February 2013 09:34
> To: Secure Code Mailing List
> Cc: Bruce Schneier; Ross Anderson
> Subject: [External]  [SC-L] Chinese Hacking, Mandiant and Cyber War
>
> hi sc-l,
>
> No doubt all of you have seen the NY Times article about the Mandiant
> report that pervades the news this week.  I believe it is important to
> understand the difference between cyber espionage and cyber war.  Because
> espionage unfolds over months or years in realtime, we can triangulate the
> origin of an exfiltration attack with some certainty.  During the fog of a
> real cyber war attack, which is more likely to happen in milliseconds,  the
> kind of forensic work that Mandiant did would not be possible.  (In fact,
> we might just well be "Gandalfed" and pin the attack on the wrong enemy as
> explained here:
> http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
> .)
>
> Sadly, policymakers seem to think we have completely solved the
> attribution problem.  We have not.  This article published in Computerworld
> does an adequate job of stating my position:
> http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9
>
> Those of us who work on security engineering and software security can
> help educate policymakers and others so that we don't end up pursuing the
> folly of active defense.
>
> gem
>
> company www.cigital.com
> podcast www.cigital.com/silverbullet
> blog www.cigital.com/justiceleague
> book www.swsec.com
>
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________