Saturday, December 4, 2010

The Perfect Virus principle #11: Prosumption

As indicated in my post of Monday, 11/22/2010, I am extrapolating Jeff Walker's Principles for the Perfect Application into a discussion of The Perfect Virus. Since Jeff's monograph on the subject did not anticipate stealth or suicide mechanisms, any errors or lapses into stupidity are solely my additions and should not reflect poorly on what I consider to be the biggest single contribution to software application design since the invention of computers. And Jeff, thanks for giving me permission to do surgery on your baby.
THE PRINCIPLE OF PROSUMPTION: The Perfect Virus is designed for "professional consumption" or Prosumption (a word coined in 1972 by Marshall McLuhan and Barrington Nevitt in their book Take Today, p. 4), to allow the user to spawn and control their own attack fleets with zero IT support. I hesitate to use the much-overused term "dashboard" to describe this, but The Perfect Virus really must have the ultimate dashboard if it is to be used by a privateer knowledgeable in politics, warfare, and  tactics but not necessarily a computer science prodigy. 


The so-called ultimate dashboard should contain the following aggregating data feeds:

  1. Geographic distribution of compromised systems, with drill-down capability to the Google Maps street level and the ability to pan out to the planetary view.
  2. Weakness summary metrics, which can be sliced and diced by geography, country, organization being attacked, or any other user-enterable factor.
  3. Live transaction feed analytics for points 1 and 2 above, ideally allowing the viewer to track exploits, money flow to financial institutions, etc.
  4. Cataloguing of other dormant viruses unrelated to The Perfect Virus, with macro switch for eradication-on-demand broken down by geography, organization, or any other user-definable rule.
  5. Notification of other instances of The Perfect Virus either managed by this organization or by another organization. If another organization is currently active on the target system, a dialogue must be set up with the control person of that instance to negotiate whether or not coexistence is possible. Where privateers are concerned, they may also invoke the Right of Parley as defined in The Cyber Privateer Code. Since privateers are bound by the condition of their bond and terms set forth by the issuer of their Letter of Marque and Reprisal, conflicts that cannot be resolved by the two parties must be escalated to the issuing authority. Which means that any entity that issues such authorizations should have a fast-track system for such resolutions, since time is usually of the essence. 
  6. Clear development of attack rules covering (a) confiscation of assets; (b) slagging of the computer and all EPROMS connected to the system; (c) ultimatums to respective organizations and governments; (d) misdirection of exploits to appear they originated from entirely separate organizations, governments, geographies, etc.  
  7. After-the-fact attack reporting and Battle Damage Assessment (BDA).
  8. Counter-attack reporting in real-time, with feeds for your mobile devices. Especially important are counter attacks directed at distributed "safe" harbors used by distributed pieces of The Perfect Virus (see principle #3, Seamless Migration), since this means that the defenders are onto your virus and are tracking down the privateer.
  9. Cataloguing of "hardened sites" and reports of kills, suicides, and aggregation of genetic memory of both failed viruses and of novel mutations (see principle #6: Mutation Control), along with rules for taking down those hardened sites with a concerted attack.
  10. An unambiguous report of alien architectures encountered.
  11. An unambiguous report of "super hardened black hole sites" where everything disappears. This will serve to escalate the decision process to the Privateer Management Structure (okay, I couldn't resist PMS, since such black holes might make the management team a bit cranky).
  12. A "kill switch" that will allow for mass virus suicide (see principle #1, Oversight) and verification of execution.
  13. A "dead-man switch" that could be a life insurance policy for the Privateer Management Team (see principle #1, Oversight), with appropriate count-down timer until the virus is allowed to go rogue.
The above functionality is illustrative and not necessarily exhaustive. The political realities of the issuing organization and the bonding authority will probably dictate the "level of proof" required before confiscation of funds or other draconian measures. Cyber war rules of engagement will undoubtedly allow for much more collateral damage than the the rules for mere neutering of cyber criminal organizations.

2 comments:

  1. Did you see the Forbes piece on Stuxnet? It's here: http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.foxnews.com%2Fscitech%2F2010%2F11%2F26%2Fsecret-agent-crippled-irans-nuclear-ambitions%2F&h=69ea9

    ReplyDelete
  2. Larry, wait until Wednesday's post on stealth.

    ReplyDelete

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?