Blast from the past: Bruce Sterling on Cyberspace

With everybody and his dog prepending cyber- to almost everywhere, declaring the cyberspace as a new war dimension (the first four being earth, sea, air and space) abusing and overusing terms like cyberwar, cyberdefense, cyber-infrastructure it is a good idea to return to the basics, like the very definition of the cyberspace. Luckily in his 1992 “Hacker Crackdown” introduction, Bruce Sterling came to assist us, long before a definition for the wider public was needed:

A science fiction writer coined the useful term “cyberspace” in 1982, but the territory in question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is the “place” where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. Not inside the other person’s phone, in some other city. THE PLACE BETWEEN the phones. The indefinite place OUT THERE, where the two of you, two human beings, actually meet and communicate.

Although it is not exactly “real,” “cyberspace” is a genuine place. Things happen there that have very genuine consequences. This “place” is not “real,” but it is serious, it is earnest. Tens of thousands of people have dedicated their lives to it, to the public service of public communication by wire and electronics.

Even if you have no interest in reading about Operation Sundevil, the introduction of the book is a very informative essay on cyberspace that stands on its own.

The Social Organization of the Computer Underground

I think I read the text version of “The Social Organization of the Computer Underground” sometime between 1993 and 1995. Recently I found out that the author has written an anniversary edition with a new introduction to the text (plus PDF and ePub versions).

While information in the text is dated (it was published in 1989) it is still a useful reading for those who wish to understand just a little deeper what went on (and some of what goes on) in the Digital Underground. Even better the introduction offers a methodology on how to do this the right way. I still consider it mandatory reading. My best part of the text is how the following typology from Best and Luckenbill’s 1982 “Organizing Deviance” is used to describe the Computer Underground:

Form of Organization	Mutual Association	Mutual Participation	Division of Labor	Extended Organization
Loners	no	no	no	no
Colleagues	yes	no	no	no
Peers	yes	yes	no	no
Mobs	yes	yes	yes	no
Formal Organizations	yes	yes	yes	yes

I think that people who will read the text will agree that the above typology most probably stands even today. Formal organizations for example do not appear in Meyer’s study, however these days almost every nation is investing in building a cyberwarfare capability (and this is not an “overground” operation).

It is a pity, I think, that such a work cannot be repeated today. If it could, it could provide us with some glimpse into modern cybercrime networks and even espionage (industrial or national) ones. But then again one can hope that there exists the sociologist who will prove me wrong.

PS: Revisiting the text I was reminded of the Cu Digest to which I was a subscriber for quite some time.

Update: Reading the description about the Anonymous group behind the HBGary hacks, I kind of appreciate the above table even more:

“Anonymous is a diverse bunch: though they tend to be younger rather than older, their age group spans decades. Some may still be in school, but many others are gainfully employed office-workers, software developers, or IT support technicians, among other things. With that diversity in age and experience comes a diversity of expertise and ability.”

The Tom Clancy Theorem

Laura McLay reminds us that in The Hunt for Red October Vice Admiral James Greer says:

“The likelihood of a secret’s being blown is proportional to the square of the number of people who are in on it”.

Anything that resembles Metcalfe’s Law, I dig. My first reaction was to wonder whether Tom Clancy had heard of Metcalfe’s Law. But thinking it through, I saw that it did not matter. Given that N people know something that is considered as a secret, representing them as a network, that would make them a clique (or an almost clique). In such a network there exist N(N-1) directed channels of communication, hence the N² heuristic.

In her post, Laura McLay points to J. Michael Steele’s “Models for Managing Secrets” which was published in 1989. In this paper the author
builds on top of the clique a simple communication model and reaches to the conclusion that:

“The expected window of secrecy decays quadratically with the number of people who are in on the secret.”

The more the people, the faster it will get out in the open. The paper then examines one more (complicated) model, some counter-measures of disinformation and points to Game Theory for further study of such models.

So, if the numbers are correct, cablegate was waiting to inevitably happen.

If you cannot kill the content, kill the path that leads to it

One can stop content distribution by DDoS-ing the networks hosting it. This is a direct attack from one opponent to another. There are also some indirect attacks that people rarely think about (or notice). For the content to be reached, two things must be available: routing and DNS. And these are services that are not necessarily under the administrative control of any of the two parties in conflict. And they can even be easier targets, since they can be put in the position to choose between one customer and the rest of their 500K customers.

With Wikileaks now moving to wikileaks.ch, are we to expect a DDoS on the .ch DNS servers?

When are we going to see Wikileaks blackhole routing? Or routing to its DNS servers being blackholed? Or even to its parent ccTLD, making whole countries invisible to DNS? I wonder whether has anybody collected any data on that…

Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier

With Wikileaks hot in the tubes today, it may be a good idea to check the Underground book, written in 1997 and with material that was researched by Julian Assanage.

Update: See what betabug thought of the book back in 2007.

NATO’s New Strategic Concept and the Cyberspace

Excerpts from NATO’s “Active Engagement, Modern Defence“:

12. Cyber attacks are becoming more frequent, more organised and more costly in the damage that they inflict on government administrations, businesses, economies and potentially also transportation and supply networks and other critical infrastructure; they can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability. Foreign militaries and intelligence services, organised criminals, terrorist and/or extremist groups can each be the source of such attacks

19. We will ensure that NATO has the full range of capabilities necessary to deter and defend against any threat to the safety and security of our populations. Therefore, we will:

* develop further our ability to prevent, detect, defend against and recover from cyber-attacks, including by using the NATO planning process to enhance and coordinate national cyber-defence capabilities, bringing all NATO bodies under centralized cyber protection, and better integrating NATO cyber awareness, warning and response with member nations

[via]

On the prehistory of Greek CERT(s)

Lately I find myself attending meetings where the need for a single coordinating body over the various efforts of computer / network / cyber security is stressed. Roll back 15 years:

Once upon a time (circa 1996) the GRNET-CERT was formed. It was nothing official, just three guys (me, Georgios Koutepas and Costas Troulos) and a mail alias. Since we had no funding and the legal landscape was non-existent our main focus was on trying to stop whatever incidents occurred. It seemed to work pretty well at the time. We even managed to find some funding and some of us attened FIRST‘s 1998 and 1999 meetings. With the emergence of the GRNET2 project GRNET-CERT was handed over to another institute for operations. Our interests had already shifted from (pure) incident response and we never really followed-up the national progress on that front.

In the meantime the Greek state responded to the void that was forming regarding the legal side of matters. And it did so in the wisest of ways that we are used to being treated to. It formed a multitude of authorities to cover the area, sometimes conflicting one another. Nature abhors vacuum, but as Rob Pike said “sometimes when you fill the vacuum, it still sucks”. There can appear types of incidents that might require reporting to three (or even four) different authorities with no clear roadmap on what one is expected to do if one receives conflicting guidance on subjects that at times require rapid response.

It is a saddening thought to see that the manpower and the resources exist (something that was not that obvious back in 1996), that people with skill, knowledge and willingness to work exist, yet the overall progress is kind of minimal.

Question for CISA holders: What is your CPE credit strategy?

ISACA informed last week that my application for CISA got accepted. I had passed the exam quite some time ago, but since no professional certification is particularly helpful in the Greek Public Sector I was reluctunt in applying. I finally made up my mind and now I need to dance the steps. So as the subject says, the question is simple:

– What is your strategy in earning CPEs ?

I’ve read the relevant ISACA provided information, but I am particularly interested in what CISA holders in Greece do to keep up. So if you can answer, or forward a link to this post to someone who can provide (even minimal) information / guidance, I would appreciate it.

“Μπεμπέκα”

“Information wants to be free”

“But such is the irresistible nature of truth, that all it asks, -and all it wants,- is the liberty of appearing”

Written in 1791 by Thomas Paine.