Now, the reason that the enlightened sovereign and the wise general conquer the enemy whenever they move and their achievements surpass those of ordinary men is that they have foreknowledge. This “ foreknowledge ” cannot be elicited from spirits, nor from gods, nor by analogy with the past events, nor by any deductive calculations. It must be obtained from the men who know the enemy situation. -Sun Tzu
If you’ve ever experienced this then you’ll know exactly where I’m coming from. If not, let me be the first to wish it upon the entire human population. It’s called: One Of Those Moments!
So I’m at the local bowling alley and this guy we’ll call – Diablo, to protect the innocent. Remember: We never snitch.
Out of no where, the guy starts rattling off pieces of my blog. VERBATIM. Telling me how much he reads and looks forward to my post.
So like I said…if you’ve experienced that..then you know where I’m coming from. However….
This is…Not A Game; This is…Not why we Came!
On behalf of all ethical hacking students; here’s a lesson that hasn’t been stressed enough in our training, guys:
- What they are not teaching you. “ The enemy is not homogenous. Just like there is not just one foreign language, there is not one type of enemy. And among those enemy attackers, not all think alike. Even those joined together under a common mission or goal, there is often division in how to accomplish that goal. http://arstechnica.com/tech-policy/news/2012/03/inside-the-hacking-of-stratfor-the-fbis-case-against-antisec-member-anarchaos.ars
So which type of enemy are you learning to think like? The fanatic? The prankster? The desperate? The lonely? The zealous? The frustrated? The crazy? The poor? And even then, can you really think like them when they embody a mindset built from years of thinking and living a certain way? Can you really understand the motives of an attacker when your large take-out coffee might equal a day of their wages?We like to think we can because movies tell us it’s possible. But it’s not.For a little perspective, consider how many times have you heard from a friend/neighbor that they don’t worry about intruders because they have a dog? And criminals don’t have dogs? Some types of criminals have dog rings where the meanest dogs fight each other and these criminals have no problem handling those dogs. Just because you or your neighbors find a big, barking dog alarming or intimidating doesn’t mean the attacker will. To not understand that is to already admit you might not be in their mindset. But if you can, let’s try something harder: now try to think in the mindset that it’s a morally correct and civilized thing to blow up a crowded market or a federal building. I can get even harsher, but it’ll likely get censored here… so catch me at a seminar to discuss this further. ” http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-Thinking-Like-the-Enemy-Classes.html
So what’s the code and how do we crack it? The code is The Ormeta. The code of silence.-
Omertà is a code of silence, according to one of the first Mafia researchers Antonio Cutrera, a former officer of public security, that seals lips of men even in their own defense and even when the accused is innocent of charged crimes. Cutrera quoted a native saying first uttered (so goes the legend) by a wounded man to his assailant: “If I live, I’ll kill you. If I die, I forgive you.” http://en.wikipedia.org/wiki/Omert%C3%A0
So..being a ethical problem solving student myself, I see the Omerta code from a scientific point of view. Why not, as programmers, creators, problem solvers, protectors, write an Ormeta code for security? Don’t know how to program? How could you even dream of being a security professional? http://www.udacity.com/ Here’s one place to start. Hmm’…let’s see- http://www.hackerhighschool.org/ There’s another. But the list goes on. And so does security breaches!
“It’s very likely you trust way too much for far too little reason. And you likely trust in the wrong way. People generally don’t discriminate what they trust where so that they will take financial advice from their dentist and dental advice from a close friend. Just because they trust them. Some people will trust corporations with their private lives and private info. Others even trust their politicians to actually represent them and have their best interests at heart. But in reality we need to have reasons to trust someone or something and having these reasons makes it very hard to be duped. In an ISECOM research project, 10 criteria were classified for trusting someone or something. And we find in practice most people are satisfied with just one of those criteria being met. Usually it’s consistency, the trust criteria that shows this has happened to us before. Even the truly cynical however are still often satisfied with just 3 of the 10. We can blame society! ”
Generally, whether it be armies that you wish to strike, cities that you wish to attack, or individuals whom you wish to assassinate, it is necessary to find out the names of the garrison commander, the aides-de-camp, the ushers, the gatekeepers, and the bodyguards. You must instruct your spies to ascertain these matters in minute detail. – Sun Tzu
- Sabu the Betrayer: Hacker Tweets Outrage While Conspiring With FBI (readwriteweb.com)
- Living With Lies and Liars (petalocsta.com)
- Spy Agency To Hackers: Crack This Code, Win A Job (huffingtonpost.com)
- Cracked CAPTCHAs and lost ISS codes (netsecurityit.wordpress.com)