Information Technology Reference
In-Depth Information
situation where a decentralised distributed organisation can exist within NATO countries,
using NATO countries' infrastructure? And communications and activities there are
using cryptography and those countries and even NATO itself does not have any
capability to closely monitor such activities and to stop organisations from continuing to
communicate and use NATO countries' infrastructure?
Handy
: Actually I think if we go by what the press has said, there seem to be other
measures but they usually involves law enforcement agencies. Once some type of
suspicious activity is picked up, it takes core orders to go back and monitor those sources
and eventually track them down. It does not necessarily matter whether or not the
information is decipherable or not. If you see suspicious activity coming from the same
sources, now you can use other methods to actually really track them down. So, we are
not totally impotent. I am really just going by what I have heard in CNN. It seems to me
if they can catch it, our law enforcement and our intelligence agencies should be able to
catch it too.
Stanley
: Just give to give you a specific example from the US. The law enforcement
agencies tend to not go after encryption by brute force. They tend to try to capture the
private key or the pass-phrase that protects the private key, so in some of the cases I have
read about in the papers about going after Mafia bosses, they actually get a search
warrant, put a Trojan horse monitor on the keyboard and just capture the pass-phrase.
They then go in afterwards and use this private key. But this is not NSA, it is more like
the FBI. They do not seem to have the capability for encryption, so they want to go after
the key.
Handy
: On a totally different subject, I want to take into consideration the different
CERTs that we have across NATO, the fact of starting a NATO CERT, but more
importantly, I want to build a scenario. Let us say there is a rogue CERT out there in a
non-NATO, non-PfP country. Supposing it is some type of activity that hacks into some
of the networks. Let us say in Germany it actually causes a massive collision on our
trains on icy tracks, causing lots of deaths. Let us imagine it hits an oil pipeline and
actually cuts off the gas and oil to a number of NATO countries at a critical time in
winter when people actually need that oil, and so many freeze to death. Let us think of it
causing the air traffic control system to break down with resultant mid-air collisions. Are
we able to actually attribute the source of that to one nation outside of NATO, outside of
PFP? How will we respond?
Stanley
: I would like to go back to a comment yesterday about all attacks coming
from Pakistan or wherever. Unless you have the cooperation of the Pakistani government
to actually look at the logs and other things on their computers, you do not know they are
coming from Pakistan. So if you are talking about a rogue nation, is not necessarily
coming from that rogue nation. It could be used to explain in detail how it happened, but
you need the cooperation of everybody to actually know the source. What happens if a
country refuses to cooperate? How much blame do you put on that country?
Handy
: I am saying that with CERTs you are able to get the cooperation of each
computer emergency response team to actually trace it back each step to the source. It
Search WWH ::
Custom Search