[spectre] tactical.virii

Atle Barcley atle.barcley@anart.no
Mon, 10 Sep 2001 12:54:27 +0200 

Dear SPECTRE


	think("virus");
	add("politics");
	unthink("virus");
	return;


1-3-5 (REPEATED) STEPS
concept <--> concept testing
--> beta programming <--> beta testing
--> completion


STEP 1


2 ROLES

1. In cold conflicts, gathering intelligence is the primary objective. 
Customized applications can be used to gather technical data on network 
structures, as well as grabbing pieces of classified information - 
strategic documents, budget reports, et cetera.

2. In hot conflicts, impairing the operative range and agility of the 
adversary becomes a critical objective. Offensive software applications 
can be deployed to add an edge to offensive actions - by seeding confusion 
within an enemy organization, thereby spreading doubts regarding the 
stability of the organization, and by paralyzing internal and external 
communications.


4 RULES

1. Offensive applications must be capable of identifying and striking 
specific targets - single corporations and isolated networks. In this 
respect, the offensive application is different from common computer virii,
  which tend to attack indiscriminately.

2. Offensive applications must be capable of striking with accurately 
predictable effects. This requires software which can administer damage on 
a scale of severity, from a gentle nudge to a full scale attack.

3. Autonomous offensive applications must be alterable after their 
deployment, in order to adapt to constant and rapid developments in 
tactical situations. For example, they must be capable of entering "sleep"
  or "stealth" modes.

4. The applications must be deployable without demanding technical 
knowledge on an expert level. Effective deployment of this class of 
offensive software already requires political expertise.


3 PARTS

Corresponding to the 4 rules above, we can divide the process of producing 
and deploying offensive software into three parts; the Autonomous 
Application, the Editor, and the Command Centre.

1. The Autonomous Application is the executive part - this is the element 
which deletes the adversary's data, makes copies of their e-mail, and so 
forth. The Autonomous Application must incorporate mechanisms for 
self-destruction, in order to destroy all vital data in the event of 
compromised security. Such data could be the location of the command 
centre (see below) or configuration specs which may reveal tactical info.

2. The Editor is used to compile the Autonomous Apps. All operative 
instructions for the deployed Application are defined within the working 
space of the Editor. Examples of such instructions include which network 
areas to patrol, how long the Application should be active, et cetera. To 
simplify this process, a set of archetypal configuration presets will be 
available (see templates below).

3. The Command Centre feeds the Autonomous Applications altered 
instruction sets. The Command Centre can be located anywhere in the Net; 
in an anonymous ftp account, hidden in an article on a news site, et 
cetera. The location of the Command Centre is defined in the Editor while 
the Autonomous Application is being compiled. Applications scan the 
Command Centre at regular intervals to check for altered instructions.


6 TEMPLATES

1. Sniffer: harvests username and password combinations and sends these to 
a specified address.

2. Mapper: maps the inventory of host harddisks and sends the data to a 
specified address.

3. Eraser: deletes data on the adversary computer. The types or classes of 
data targeted for deletion are defined in the Editor and can be altered 
later with new instruction sets in the Command Centre.

4. Snapper: scans host computers for documents of a predefined type or 
characteristic and sends these to a specified address. Obvious applied 
tasks for this class of Application is to smuggle out financial budgets 
and other pieces of classified information held by the adversary 
corporation.

5. Replacer: replaces a document with a new, identically named document. 
The contents of the new document is defined in the Editor when the 
Application is compiled, or supplied through the Command Centre. The 
replacement operation can be limited to documents carrying a given name. 
For example, the Application may be instructed to only replace files with 
the name "strategy2002.doc"

6. Blocker: floods the adversary computer with a large amount of requests,
  blocking out normal traffic. Several clones of the Blocker App can attack 
in formation, and several machines within a network neighbourhood can be 
attacked simultaneously. Potentially, this can result in the blocking of 
an entire corporate network.


STEP 1