Red team attacks vs. cracking
Hi,
This is to forestall those of you who seem to be be arguing
that the debconf6 KSP crack was a red team attack -- here is how that
attack differed from a legitimate red team effort (I have been a
member of red teams before, and have lead a number of red team
attacks in my time).
a) You talk to the chain of command. The DPL was present, the the
person running the key signing come to mind. The red team
details the attack to the officer in charge, laying out the plan,
so that the attack and response can be monitored
b) No actual damage is done -- in this case, the web of trust should
not be contaminated by actual keys being signed. This could have
been easily done by proclaiming the deception when the KSP was
just over, and by sending an email to the debconf list, and to
the devel list, and in the IRC channel. The experiment was over
by then -- people had challenged, or not, the key.
c) Allow the blue team to dissect the attack. This could have been
done easily by setting up in hacklab, allowing people toexamine
the trick ID, the real ID, and have other people with german
passports and the DPL assure us that there was no real attack in
progress, and allow us all to examine the passport, if any, to
assure us of the identity of the red team, belatedly.
None of these characteristics of a legitimate read team attack
were in evidence. The disclosure came days later, in a blog posting,
well after the web of trust was tainted by fake signatures.
My friends, I know read team attacks. Red teams are friends of
mine. This, my friends, was no read team attack.
manoj
ps: udos to those who get the last para.
--
Garbage In, Gospel Out
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: