Re: Cypherpunks response to viral stimuli

"Or would you instead, simply just stick a Carnivore machine at one hop above each CDR node that you're interested in, and gather the information you wanted with nearly zero risk of tipping your hand? Or even simpler than that, get a hotmail or yahoomail account and just subscribe. Which of the above scenarios makes the most sense in terms of Occam's?" While you make some good points, you've way overstated both sides of your argument. But this statement..."simply stick a Carnivore machine at one hop above each CDR node"... Isn't that almost like saying "simply splice into the undersea cable"? Of course, if we're talking about hunting down Osama bin Laden a TLA (or whoever) would probably do that. But in terms of merely rounding up the names of potential trouble makers (particularly when they don't want anyone to know that they're doing this) it seems to be an awfully easy thing to do. As for the fake virus part, all they need to do is go to some year-old virus list, select a virus, and send one directly through a non-de-mimed list server, and then watch what comes out. Seems a lot cheaper and easier. But this misses the point: Even IF this would be "stupid", it would be stupider still to be aware that this is possible, and then not implement a fix (if a cheap fix is available). De-miming is now obvious. In other words, the idea is not to compare dick sizes but to actually force them to spend huge amounts of money on trivial tasks, by raising aware of and plugging any holes that become evident. That assymetry is exactly what crypto is, in a nutshell. -TD

From: sunder To: Tyler Durden CC: petard@freeshell.org, cypherpunks@minder.net Subject: Re: Cypherpunks response to viral stimuli Date: Tue, 03 Feb 2004 13:28:47 -0500

Tyler Durden wrote:

...

And in case it's not clear, I'm suggesting that it may be useful for them to deliberately create a "fake" virus that is easily detectable, and so cull the bounce messages.

Right, why should they do something passive that doesn't tip their hand and allows them to collect the information they need, when instead they can do something active and stupid that could possibly give away their position.

Think about it. In fact, apply Occam's Razor to this, in fine, thin slices:

If you were a TLA and you'd want to send a "fake" virus, it would need to be something that would trip every anti-virus software that anyone could possibly run, but yet, not be a virus, and you'd need to do so without giving away your IP address - while making it look like it came from lots of sources. If you'd only use a single IP address, the guy that runs the node would likely block you as a virus source.

Then, on top of it, you'd have to *HOPE* that none of your targets saw the real version of the virus, and then bothered to compare the two, or worse yet, dissect the decoy you've sent, and figure out that it isn't real.

How's would you do this and have it be successful? Unless, of course, you wish to claim that the TLA's wrote the anti-SCO viruses? In which case, there's a lovely bridge between Brooklyn and Manhattan that I would gladly sell you... Real cheap... it's a bit old, but it's in decent shape... No? How about some nice foil hats? Real cheap... For you, only $100 each (plus tax of course)... guaranteed to be made of 100% aluminum foil.

Or would you instead, simply just stick a Carnivore machine at one hop above each CDR node that you're interested in, and gather the information you wanted with nearly zero risk of tipping your hand? Or even simpler than that, get a hotmail or yahoomail account and just subscribe. Which of the above scenarios makes the most sense in terms of Occam's?

P.S.: I stand by my original statement: the collective IQ of the posters on list is dropping.

_________________________________________________________________ Check out the new MSN 9 Dial-up  fast & reliable Internet access with prime features! http://join.msn.com/?pgmarket=en-us&page=dialup/home&ST=1