Re: [Full-disclosure] High Value Target Selection
- From: coderman <coderman@xxxxxxxxx>
- Date: Fri, 30 Nov 2007 21:27:34 -0800
On Nov 30, 2007 11:02 AM, gmaggro <gmaggro@xxxxxxxxxx> wrote:
I think it'd be interesting if we started a discussion on the selection
of high value targets
translation: let's discuss how to discern high degree and/or vulnerable
nodes in critical infrastructure networks.
1. To bring like minded people together while operating under the
strategy of 'leaderless resistance'
2. To be the 'aboveground' partner to the 'underground' scene, or at
least serve to distract authorities from the activities of underground
... ZZzzzzZZZ ... you're losing me, jim.
3. To see exactly what can be accomplished, and accomplish it
pretty easy to make inferences once you've mapped out the critical
infrastructure in question. this is of course a little more difficult now
given the mostly inept attempts to reign in useful information on such
infrastructure. (the easy days of pulling up fiber plats via county/gov
websites is long gone...)
as for actual attacks, you'll be biting the hand that feeds...
(i'll wait for that decentralized wireless mesh net before slicing
those glassy life lines, thanks)
4. To capture the imagination of the public
more like hatred.
the unwashed masses get all restless and cranky when:
a) the 'tubes are clogged or dead
b) phone lines to anywhere outside town are down.
c) all credit / debit transactions are dead - cash only?
d) some/most cable programming is tits up
e) travel and/or fuel is highly constrained / unavailable
f) electricity is spotty or unavailable
Capturing the imagination of the public sounds like bizspeek bullshit,
this i fully agree with. thanks for that...
So, types of infrastructure to attack:independent of each other... lolz! ]
[ list of infrastructure domains as if they exist as discrete units
rarely is one affected in isolation. the ugly truth about critical
is that those high degree, critical nodes start impacting multiple domains
at once when affected by outages or targeted attack.
[lots of blah blah blah misunderstanding of what critical infrastructure
is and how it is organized, USA bashing, etc...]
first, go read Global Guerrillas. that will keep you busy for a few weeks
and save us all more of this blather:
second, some attacking critical infrastructure clif notes:
1. those with clue have realized the folly of trying to make infallible
infrastructure. their focus has shifted to rapid repair instead of
prevention. there are papers written that describe exactly how
stupid it is to think you can build resilient infrastructure in the face
of a skilled attacker.
(see the ATT telco in a trailer truck, etc)
2. critical infrastructure viewed as a graph theory problem highlights
the compound vulnerabilities across multiple infrastructures inherent
in high degree / high value nodes of critical infrastucture.
(metropolitan bridges carrying fiber, gas, electricity, vehicles, etc
over the same physical span, etc.)
3. most critical infrastructure is resilient against planned / common
failure scenarios, and these protections actually create hyper-
sensitive vulnerabilities against targeted / unplanned attacks.
(M of N redundancy that leads to catastrophic failure against
well targeted M attacks, etc.)
combining these aspects into attack scenarios is left as an
exercise for the reader [who pines for a vacation in club fed...]
the crux of the problem for the practical attacker is discerning the nature
and location of critical infrastructure nodes and links. fortunately for the
determined individual this is merely a matter of effort and time, not a
question of ability. for the rest of us this means our life style / way of life
is highly dependent on the lack of sufficiently skilled malcontents able and
willing to express their grievances in direct action against such systems.
perhaps this can be viewed as a check against the fascist dystopia many
fear as the end result of authoritarian abuse of power coupled with high
tech tools for manipulation and control of the populace...
p.s. my favorite tools in such scenarios (of course not advocation):
- the thermic lance
- portable saws (lithium battery cells quite power dense now)
- post hole diggers
- thermite flower pots (lol, so much fun!)
- software defined / police band and EM svcs capable radios
- bolt action .50 BMG (incendiary DU rounds++)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] High Value Target Selection
- Next by Date: Re: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability
- Previous by thread: Re: [Full-disclosure] High Value Target Selection
- Next by thread: Re: [Full-disclosure] High Value Target Selection