Author Archives: Marcus J. Ranum

About Marcus J. Ranum

Marcus J. Ranum, CSO at Tenable Network Security, Inc., is a world-renowned expert on security system design and implementation. He has been involved in every level of operations of a security product business, from developer, to founder and CEO.

In cyberspace you don’t see your attacker (that’s why we don’t know who hacked Sony).

Our hawks (aka warmongers), with their loyal journalist-enablers, have sparked a new round of hysteria about North Korea’s cyber-attack on Sony. Kim Zetter at Wired gives a good analysis in “North Korea Almost Certainly Did Not Hack Sony“. The Hollywood Report cites insiders pointing to disgruntled current or former employees (Sony has many of both). To understand why we might never know the guilty party, see this post by Marcus Ranum from 2011: attribution of cyberattacks runs from difficult to impossible. Click at the end to see the full post.

Cyberwar: About Attribution (identifying your attacker)

Summary:  Identifying the attacker is the key to modern military defense, so one can launch a reprisal or counter-strike.  But attributing cyberattacks is difficult because nothing in cyberspace has to look like anything familiar. How do you attribute a weapon that was created out of thin air and used by an enemy that has no physical location?  Links to other chapters of this series are at the end.

CyberCrime .

Contents

  1. Cyberspace, Novel Weapons, and Location Independence
  2.  Technology, Language, Culture, and Cui Bono
  3.  A Model For Attribution
  4. About the author
  5. For more information

(1)  Cyberspace, Novel Weapons, Location Independence

Cyberspace does have some unique attributes which are not mirrored in the real world. Such as the nonexistence of “territory”.  There is no “there” there.  Some of the things we are accustomed to taking into account in warfare are missing: hostile forces do not need an ‘assembly zone’ that can be detected and watched. Nor do they have to cross ground — where they leave traces of the type that we’re used to dealing with.

Imagine if a hostile power was going to insert a cover operations team into a target area and wanted to be stealthy enough to achieve plausible deniability. In the past troops could be outfitted with uniforms that had been carefully scrubbed of clues to their origin, “sanitized” weapons, etc. Providing such kit was expensive and exacting work. Inserting them into a target, nowadays, would entail avoiding the ubiquitous video-surveillance cameras, providing false identities under which to travel, laundering funds for the operators, and then having an equally carefully scrubbed extraction plan.

In the real world, this kind of thing is expensive and complex. In cyberspace it is relatively easy and practically free. There are some caveats about the “easy and free” claim, depending on the quality of the defenses that are being attacked but — as we’ve been assured over and over again by our government’s own technical experts — our defenses, to put it bluntly, suck.

{ Click here to read the full post }

Cruel, deliberate, and unusually vicious. It’s us.

Summary: Today, one of the bloggers that I follow regularly linked to Charles Pierce’s angry opinion piece on the State Of Oklahoma’s execution of Clayton Lockett: Barbarians In Oklahoma. Because I’ve recently been under a general anaesthetic for surgery, I was curious and decided on a whim to look up the drugs used in the “lethal injection cocktail.”  Shaken and upset, I hope that my interpretation of the pharmacological effects is wrong. I’m pretty sure I am not.

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.
— Eighth amendment to the US Constitution

Execution by Firing Squad

Contents

  1. Introduction
  2. The three drugs
  3. Putting it all together
  4. Death with Dignity
  5. Torture is a crime
  6. About the 8th amendment
  7. For More Information

(1)  Introduction

Let me state for the record that I am not an anesthesiologist or a pharmacologist. I am currently trying to vet this material with a few professionals and am already  gathering feedback that leads me to believe I am not wrong. I may be. If I am wrong, I will publish a suitably public correction/retraction.

(2)  The three drugs

The lethal injection package consists of three drugs given in sequence.

(a) The First Drug

The first drug is a mild hypnotic/disassociative. The subject would feel sleepy and dizzy, but it would not provide an anaesthetic effect. Hypnotics are often used in surgery because they tend to block the formation of long-term memories; subjects appear less likely to suffer PTSD symptoms as a result of surgery if their ability to remember the experience is blocked.

(b) The Second Drug

The second drug is Vecuronium Bromide – basically, Curare. Curare causes rapid and severe paralysis of muscles. The subject remains conscious and the curare does not block pain; it renders the subject unable to move, blink, speak – or breathe. Someone on curare feels as if they are being held down by impossible force, and they begin to strangle as their diaphragm muscles stop functioning.

Continue reading

The Empire Strikes Back: The Demonization of Snowden Begins

Summary: Marcus Ranum, our in-house cyber-expert, looks at the next stage of the government’s defense against the revelations of NSA surveillance. Like the surveillance itself, they rely on non-governmental agents to get the job done.

I’m sure we’re all shocked to see attempts to downplay the significance of the PRISM story.

What’s that you say? You’re not? Well, me either.

That was why I rushed together my article about finely slicing the word salad of “direct access” to servers, etc. It’s useful to try to clarify in advance the lies you are about to be told – it makes them more clear.

The attacks on Greenwald’s scoop tend to break into four categories:

  1. Traitor! Traitor! USA USA USA!
  2. It’s not new; we already knew all that.
  3. It’s not possible, it’s not feasible (reasons given)
  4. That’s not true! (no reasons given)

The people taking the second line of reasoning above either haven’t done their research or are deliberately ignoring the rich history of leaks about this kind of stuff dating back years. Past leaks about the surveillance state show not only the desire to massively tap data, but the resources spent doing so, and the technological capabilities. It is the latter that give the lie to responses such as farcical stories about thumb drives and FTP. Oh, we can be sure that thumb drives and FTP have occasionally been used, but that’s probably to collect information that can’t be gotten indirectly.

People who claim that Greenwald has it wrong are ignoring the rather obvious fact that the “Boundless Informant” slides show 97 billion records of data being injected into the system daily. That’s a lot of thumb-drives worth! They also are ignoring that Greenwald says there are more disclosures to come; my suspicion is that Greenwald has a couple bombs left up his sleeve and he’s waiting for the surveillance state to strongly stake out a position before he pulls the carpet out from under them.

Articles such as Rick Perlstein’s article in The Nation (“Glenn Greenwald’s Epic Botch?“) – title complete with face-saving question mark – show a lack of understanding of history. If Perlstein’s “no expert”, as he says, he should probably invest a day or two studying, rather than an hour or two writing. I find it amazing that any journalist would take a corporate spokesperson’s words at face value when they’re responding to a crisis, without researching the back-story. Was he born yesterday?

Room 641a

Previous whistle-blowers such as Mark Klein, who revealed the existence of Room 641A, have already described systems that align perfectly with what Snowden has revealed. For that matter, Duncan Campbell was documenting ECHELON back in the 80s.

Continue reading