poison pill for leakers

[J.A. Terranson]

Just a few amusing points:


On Fri, 6 Jul 2012, Eugen Leitl wrote:

> b
Imagine if some chemist invented some new formula for whatever that was of
> great value, growing hair, and they then placed the true [formula] in the
> midst of a hundred bogus ones,b
 explains Salvatore Stolfo, the Columbia
> University computer science professor who coined the Fog Computing term.
> b
Then anybody who steals the set of documents would have to test each formula
> to see which one actually works. It raises the bar against the adversary.
> They may not really get what theybre trying to steal.b


So they try each one until they get a success? This doesn't raise the bar 
by much!


> The next step: Track those decoy docs as they cross the firewall. For that,
> Stolfo and his colleagues embed documents with covert beacons called b
web
> bugs,b


Web bugs? Really???  Sophisticated users don't allow HTML rendering 
casually - web bugs make the entirely assinine assumption that the entire 
universe is using outlook or it's equivalent.  Bad assumption!  Add to 
that the fact that deep packet inspection systems can and are set up 
specifically to catch these "tricks", and it should be obvious that secure 
(really secure, not just *labelled* "secure*) installations won't even 
allow that web bugged document to cross a monitored wire.


> includes some standard network security tools, like an intrusion detection
> system that watches out for unauthorized exfiltration of data. And it has
> some rather non-standard components b like an alert if a person searches his
> computer for something surprising.

"Surprising"?  That's a contextual question unlikely to be successfully 
modeled on a machine.

> In their initial experiments, the researchers claim, they were about to
> b
model all search actions of a userb
 in a mere 10 seconds.  They then gave 14
> students unlimited access to the same file system for 15 minutes each. The
> students were told to comb the machine for anything that might be used to
> financial gain. The researchers say they caught all 14 searchers. b
We can
> detect all masquerader activity with 100 percent accuracy, with a false
> positive rate of 0.1 percent.b


A *** 100% *** accuracy rate that also has an ERROR rate?  Someone needs 
to go back to school.


> The following month, a Pentagon-funded research paper (.pdf) noted the 
> promise of b
keystroke dynamics b technology to distinguish people 
> based on their typing rhythms b [which] could revolutionize 
> insider-threat detection. b
 Well, in theory. In practice, such 
> systemsb b
error rates vary from 0 percent to 63 percent, depending on 
> the user. Impostors triple their chance of evading detection if they 
> touch type.b


Ahhhh.... "When Harley Was One" returns for a repeat engagement!  Really, 
this was a an idea that had statistically significant accuracy in the 
70's, when users were extremely limited in numbers, and access to 
particular machines were known in advance.  In today's dektop laden world 
the chance of it being useful to anyone other than the vendor who is paid 
to reimplement it is close to nil.


> the decoy documents and with other so-called b
enticing information.b
 Stolfo
> and his colleagues also use b
honeytokensb
 b small strings of tempting
> information, like online bank accounts or server passwords b as bait. Theybll
> get a one-time credit card number, link it to a PayPal account, and see if
> any charges are mysteriously rung up. Theybll generate a Gmail account, and
> see who starts spamming.

This has been in place for years now - how well has it done so far? Why 
does nyone believe the numbers will change?

> Most intriguingly, perhaps, is Stolfobs suggestion in a separate paper (.pdf)
> to fill up social networks with decoy accounts b and inject poisonous
> information into peoplebs otherwise benign social network profiles.

> b
Think of advanced privacy settings [in sites like Facebook] where I choose
> to include my real data to my closest friends [but] everybody else gets
> access to a different profile with  information that is bogus. And I would be
> alerted when bad guys try to get that info about me,b
 Stolfo tells Danger
> Room. b
This is a way to create fog so that now you no longer know the truth
> abut a person through this artificial avatars or artificial profiles.b


The real question is why do "social networking" sites get access to secure
environments in the first place?  Does the USG Dept. of Hall Monitors
really need a Facebook page?  Really?

Lastly, re: Stuxnet "leaks" - are they serious?  Stuxnet's ancestry goes 
all the way back to the 80's Air Force contracts handed out through 
Battelle.  Hardly a secret: at one point they were actually advertising 
for writers on early Prodigy!

The single rational point is that there is incredible overclassification, 
and virtually no declassification - unless politically expedient, in which 
case "super-duper-above tippy-top secret" secrets get suddenly 
declassified the day before a politically convenient press conference.  

//Alif

-- 
"What kind of world do we live in when the views of the oppressed are
expressed at the convenience of their oppressors?"

Alik Shahadah