Warning: Cannot modify header information - headers already sent by (output started at /home/content/30/8410730/html/index.php:2) in /home/content/30/8410730/html/wp-includes/feed-rss2.php on line 8
The Orlando Doctrine » Dilemmas http://orlandodoctrine.com The Network Use of Force Continuum Wed, 28 Jan 2015 18:40:21 +0000 en-US hourly 1 https://wordpress.org/?v=4.1.33 Attribution is Hard, Part 1 | Tenable Network Security http://orlandodoctrine.com/?p=301 http://orlandodoctrine.com/?p=301#comments Wed, 28 Jan 2015 18:40:21 +0000 http://orlandodoctrine.com/?p=301 To accurately establish attribution, you need evidence and understanding:

Evidence linking the presumed attacker to the attack

An understanding of the attacker’s actions, supporting that evidence

Evidence collected from other systems that matches the understanding of the attacker’s actions

An understanding of the sequence of events during the attack, matching the evidence

via Attribution is Hard, Part 1 | Tenable Network Security.

http://orlandodoctrine.com/?feed=rss2&p=301 0
Claims that cyberspace is now cyberbattlefield http://orlandodoctrine.com/?p=272 http://orlandodoctrine.com/?p=272#comments Tue, 12 Nov 2013 12:46:49 +0000 http://orlandodoctrine.com/?p=272 http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/

From the article:

Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber operations. Many intelligence agencies have created dedicated internal units, specialized in hacking for sabotage and cyber espionage. Almost every government is improving its cyber capabilities, in many cases they’re working in the development of cyber weapons.

The article goes on to describe two alleged NSA tools, one using RF to communicate. So, my question is:

Does a government data collection / espionage activity, even one that that has the ability to become malicious, rise to the level of warfare? Espionage is not war. Thats why the US sent a Russian supermodel packing a few years ago, rather than fire missiles on Moscow, back before Anna Chapman appeared in Playboy, or proclaimed her love for Snowden.

Lets be clear, espionage is not war.

But maybe its preparation for it. Right, China, Russia, Israel, DPRK, UK, FRG, Australia, Brazil?

http://orlandodoctrine.com/?feed=rss2&p=272 5
Cyber mass shooter http://orlandodoctrine.com/?p=264 http://orlandodoctrine.com/?p=264#comments Fri, 04 Oct 2013 17:02:03 +0000 http://orlandodoctrine.com/?p=264 http://p.washingtontimes.com/news/2013/oct/3/cyber-mass-shooter-poses-future-threat-computer-se/

What a great article. Of course General Hayden’s comments beg the question, how do you stop a criminal, if you can’t defend yourself? This really goes directly to the need to be able to respond to an immediate threat with a proportional use of force in self-defense. Of course, some will argue that it is illegal, and some will say that it invites retaliation, and others will continue the attribution arguments. I will point to the Network Use of Force Continuum, which indicates that if you are not appropriately defending your networks, then it is difficult to justify a more aggressive form of self defense.

From the article:

The fastest-growing cyber threat is from a kind of digital mass shooter, a deranged or outraged hacker able to obtain cyberweapons currently available only to nation-states and organized crime, a former senior U.S. intelligence official said Thursday.

“They’re just mad, they’re mad at the world,” said retired Air ForceGen. Michael Hayden. “They may have demands that you or I cannot understand.”

Mr. Hayden warned that within five years hackers “will acquire the [cyberattack] capabilities that we now associate with criminal gangs or nation states,” such as being able to conduct online sabotage of industrial control systems that run power plants, factories and utilities.

Thanks General Hayden! You set them up and we’ll keeping knocking them down, sir.

http://orlandodoctrine.com/?feed=rss2&p=264 1
Malware Attribution is a Waste of Time http://orlandodoctrine.com/?p=256 http://orlandodoctrine.com/?p=256#comments Fri, 28 Jun 2013 12:01:41 +0000 http://orlandodoctrine.com/?p=256 According to Ellyne Phneah‘s piece at ZDNet, Rob Rachwald, senior director of research at FireEye observed that the security industry today is keen on attributing malware to a specific region or group in an effort to assign blame.

[H]e pointed out attribution to malware was not key in combating cybercrime because it did little to improve the state of security and most attribution took a long time and may not be accurate.

via FireEye: Malware attribution not key in cybercrime fight | ZDNet.

http://orlandodoctrine.com/?feed=rss2&p=256 0
WhiteRabbit, on why Hackback is a bad idea http://orlandodoctrine.com/?p=244 http://orlandodoctrine.com/?p=244#comments Tue, 04 Jun 2013 03:06:37 +0000 http://orlandodoctrine.com/?p=244 hp’s Rafal Los, the WhiteRabbit on why hackback is a bad idea.

No argument. Its probably a bad idea to hackback, unless you are reasonably certain that:

a) you are the toughest kid on the playground; or
B) you have nothing left to lose, because it is a matter of life or death.

Much like in the real-world. Which begs the question:

Why are we still stuck in the 90’s mentality that what happens on the Internet is not IRL?

  • Kids are committing suicide over cyber-bullying.
  • Businesses go bankrupt because of cybercrime.
  • Your company is probably paying Millions to protect itself from network crime, terror, hacktivists and state sponsored espionage. Probably way more than it pays for physical security.

Can we agree that this is a real problem, not an imaginary one, where a cyber bully flicks your cyber ear, and you cyber respond with a cyber insult? Instead a real person did something really bad to you using the dangerous weapon attached to his keyboard, and you have to demonstrate an immediate ability to protect yourself, or the bad guy will do it again. This is real life, and there are real losses, do you hire armed, or unarmed cybersecurity guards to mitigate your risk?

http://orlandodoctrine.com/?feed=rss2&p=244 0
Spat between two Dutch companies sparks record-breaking 300Gbps DDoS attack – Yahoo! News http://orlandodoctrine.com/?p=243 http://orlandodoctrine.com/?p=243#comments Thu, 28 Mar 2013 16:30:28 +0000 http://orlandodoctrine.com/?p=243 Spat between two Dutch companies sparks record-breaking 300Gbps DDoS attack – Yahoo! News.

So, Spamhaus blacklists a hosting company, then Spamhaus gets hit by 300 GBPS of DDOS action. Looks like for Cyberbunker, there was immediacy, and there was a proportional response in the Disrupt spectrum, at least if Cyberbunker is doing it.

Why proportional? The blacklisting would have disrupted the business of Cyberbunker.

What do you think?

http://orlandodoctrine.com/?feed=rss2&p=243 0
Schneier on Security: More on Chinese Cyberattacks http://orlandodoctrine.com/?p=239 http://orlandodoctrine.com/?p=239#comments Thu, 21 Feb 2013 20:34:21 +0000 http://orlandodoctrine.com/?p=239 Schneier on Security: More on Chinese Cyberattacks.

Schneier disagrees with active defense. From the post:

Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be “Gandalfed” and pin the attack on the wrong enemy.)

“Gandalfed” cool word to indicate that you attack the wrong enemy, or attribute the attack to the wrong group. I agree with the post that we have not solved that attribution problem. I continue to argue that during the long millisecond where the attack is active, there is no need to attribute. There is simply a need to make the attack stop. Find out where the attack originates after you halt the attack with an appropriate use of force.

http://orlandodoctrine.com/?feed=rss2&p=239 0
Obama Administration justification for use of drones against American Targets http://orlandodoctrine.com/?p=207 http://orlandodoctrine.com/?p=207#comments Tue, 05 Feb 2013 22:15:15 +0000 http://orlandodoctrine.com/?p=207 http://www.wired.com/threatlevel/2013/02/legal-basis-killing-americans/

From the article:

The paper’s basic contention is that the government has the authority to carry out the extrajudicial killing of an American citizen if ‘an informed, high-level official’ deems him to present a ‘continuing’ threat to the country. This sweeping authority is said to exist even if the threat presented isn’t imminent in any ordinary sense of that word, even if the target has never been charged with a crime or informed of the allegations against him, and even if the target is not located anywhere near an actual battlefield. The white paper purports to recognize some limits on the authority it sets out, but the limits are so vague and elastic that they will be easily manipulated.

This speaks very concisely about the difference between governments and private citizens in using offensive capabilities. The imminent threat concept speaks to the immediacy of an event that will potentially result in the loss of life or property. By removing immediacy or imminence from the equation, this moves the issue into the realm of retaliation, which is never legal for a private citizen.

http://orlandodoctrine.com/?feed=rss2&p=207 0
DDoS Attacks As Legitimate Protest? http://orlandodoctrine.com/?p=179 http://orlandodoctrine.com/?p=179#comments Sat, 12 Jan 2013 14:34:34 +0000 http://orlandodoctrine.com/?p=179 The hacktivist group Anonymous, or someone claiming to be associated with them named Dylan K., has taken the unusual step of petitioning the Obama Administration to make Distributed Denial of Service Attacks DDoS legal.

via “Anonymous” petitions Obama to decriminalize DDos attacks: Voice of Russia.

http://orlandodoctrine.com/?feed=rss2&p=179 0
DOJ Plans To Indict State-Sponsored Cyber Attackers | Defense News | defensenews.com http://orlandodoctrine.com/?p=151 http://orlandodoctrine.com/?p=151#comments Mon, 07 Jan 2013 12:56:00 +0000 http://orlandodoctrine.com/?p=151 The issue with indictments is that they require attribution. How does the DoJ plan to reconcile this notion as their very own fires a soundbite like this one:

“I’ll give you a prediction,” said John Carlin, the principal deputy assistant Attorney General in Justice’s national security division. “Now that we are having people look at bringing one of these cases, it’s there to be brought, and you’ll see a case brought.”

via DOJ Plans To Indict State-Sponsored Cyber Attackers | Defense News | defensenews.com.

http://orlandodoctrine.com/?feed=rss2&p=151 0