killswitch's blog

Adversary Resistant Systems

The world has been shaken in 2015. First the Office of Personnel Management lost everything it had on four million Americans with security clearances. Then Italy's Hacking Team lost control of the entire contents of their corporate systems. Then in quick succession NYSE and United Airlines were down, around the same time an outsider managed to send commands to a Turkish Patriot missile battery deployed in the field.

Among the Hacking Team treasures was the source code for Remote Control System, a piece of second string espionageware, not quite as capable as Duqu or Flame, but still quite dangerous in the hands of an entity with good operating discipline. Along with the C&C (command & control) the world also got to see the range of methods used to compromise target systems. Among these was an appliance for man on the side attacks – a Corruptor-Injector Network tool.

We started to understand how dangerous things had truly become thanks to Snowden's leak in 2013. Now with the Hacking Team intrusion we can see the full spectrum of tools and methods employed by a small but skilled surveillance dragnet operator. No amount of legislation or law enforcement is going to fix problems like this unless it also utterly breaks the good stuff the Internet does.

What the world needs are Adversary Resistant Systems, and there are a number of grassroots projects that already provide quite a bit of functionality.

Syndicate content