I came across some interesting passages in the RAND Corp. study, An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After ... in Cyberspace II", MR-797-DARPA. http://www.rand.org/publications/MR/MR797 The report describes the results of an exercise sponsored by the Defense Advanced Research Projects Agency (DARPA) using the RAND "The Day After..." methodology to elicit the views of participants on research and investment strategies addressing the security and safety of systems and networks supporting various U.S. physical and functional infrastructures. The exercise was held on March 23, 1996 in Washington D.C., and involved approximately 60 participants from government, universities, and commercial industries involved with the U.S. information infrastructure. Has this report been discussed on the list? ---------------- Is it possible to "sterilize" data passing through our telecommunications systems? Billions of bits of data pass through our national information infrastructure each second. Some of those bits represent information about individual citizens' login and password combinations, social security and credit card numbers, account information, health status, and innumerable other sensitive information items. Our nation has superb communications monitoring tools, housed primarily in the National Security Agency. However, the NSA is precluded by law from collecting information about U.S. citizens. When incidents of "information warfare" are being waged against U.S. systems, could key data flows be "sterilized" or "sanitized" by computer hardware and/or software in such a manner that the NSA could help monitor and track perpetrators in cyberspace without violating these laws? This topic was raised during exercise discussions. We have not studied all the relevant laws and regulations to assess whether such sterilization measures would allow the power of NSA's analyses to be brought to bear on telecommunications involving U.S. citizens, but perhaps the topic merits further investigation. If so, what kinds of pattern detection and replacement algorithms would suffice to accomplish this goal? Sponsor development of an aircraft-like "black box" recording device When a cyberspace security incident happens, it is often not detected in real time, and the trail back to the perpetrator becomes lost. Could a "black box" recording device be developed, to be attached to key nodes or links of cyberspace systems, that would record every transaction passing through that node or link during the last n minutes (where n=5 or 10, for example)? If so, that record would be invaluable in tracing the source of incidents, whether they are accidental or deliberately perpetrated. Thousands of such systems would be required to cover key links or nodes; could they be made robust, inexpensive, and ultra-reliable? PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur@netcom.com Grinder | Sacred Cow Meat Co. | --------------------------------------------------------------------- Hacker Opportunities (Let's Make Lots Of Money) I've got the brains, you've got the tricks Let's make lots of money You've got the code, I've got the hacks Let's make lots of ... I've had enough of scheming and messing `round with jerks My crypto code's compiled, I'm afraid it doesn't work I'm looking for a partner, someone who gets things fixed Ask yourself this question: do you want to be rich? I've got the brains, you've got the tricks Let's make lots of money You've got the code, I've got the hacks Let's make lots of money You can tell I'm educated, I studied at CalTech Doctored in mathematics, I could've been set I can program a computer, choose the perfect time If you've got the inclination, I have got the crime Ooooh, there's a lot of opportunities If you know when to take them, you know There's a lot of opportunities If there aren't, you can make them (Make or break them) I've got the brains, you've got the tricks Let's make lots of money Let's make lots of ... You can see I'm single-minded, I know what I could be How do you feel about it? Come, take a walk with me I'm looking for a partner regardless of expense Think about it seriously, you know it makes sense Let's (Got the brains) Make (Got the tricks) Let's make lots of money (Money) Let's (You've got the code) Make (I've got the hacks) Let's make lots of money (Money) I've got the brains (Got the brains) You've got the code (Got the hacks) Let's make lots of money (Money) Money!