On 06/15/2013 05:13 AM, Rich Kulawiec wrote:
First: this is a fascinating discussion. Thank you.
Second:
On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
There will be indeed be _plenty_ of ways that a low bit rate channel can do everything the right adversary needs.
A few bits for second is plenty of data rate for sending control commands/rule changes to a router backdoor mechanism, stealing passwords, or leaking cryptographic keys required to decrypt the VPN data stream intercepted from elsewhere on the network, leaking counters, snmp communities, or interface descriptions, or criteria-selected forwarded data samples, etc.... I was actually thinking much slower: a few bits per *day*. Maybe slower yet.
(So what if it takes a month to transmit a single 15-character password?)
For people who think in terms of instant gratification, or perhaps, in next-quarter terms, or perhaps, in next-year terms, that might be unacceptabe. But for people who think in terms of next-decade or beyond, it might suffice.
And if the goal is not "get the password for router 12345" but "get as many as possible", then a scattered, random, slow approach might yield the best results -- *because* it's scattered, random, and slow.
And all of us here by virtue of talking about it do not have a day job which involves thinking all of this stuff up. A lot of the stuff the DoD is willing to talk about is seriously brilliant, and that's just the public stuff. Information really, really wants to be free. Getting access to poorly defended routers is probably the easy part for them. Masking the payloads is something that they get paid the big bux for in general, so it is seriously naive to think they don't have dozens of tricks they employ on a daily basis. The only thing we really have to counter their ingenuity, IMO, are laws and other layer 8 impediments. Mike, still wonders if this phenomenon is just a restatement of entropy