At 5:59 PM -0500 5/6/98, arager@McGraw-Hill.com wrote: > Came across these links on CNN and the May98 issue of Signal Magazine. > > see: > http://www.us.net/signal/CurrentIssue/May98/make-may.html > > Article describes new technology developed by a Quantum Physics > theorist. It's called the Blitzkrieg Server, and seems to be a highly > advanced AI engine and counter-attack engine for network security. > The counter-attack supposedly viraly infects the entire network that a > hacker originates from.....somemhow. Seems to have sparked some > interest from the CIA and such. It just goes to show that the CIA is diligently checking out *anything* they can, no matter how silly it might look. And Signal should never be confused with a refereed journal. It is somewhat difficult to wade through the idiosyncratic terminology, but it really doesn't look as if Blitzkrieg is doing anything unusual. You can probably get comparable or better results with intrusion detection and security systems produced by reputable vendors that use the same terminology as everyone else. It doesn't look to me as if the "viral infection" mechanism is used to attack the hacker's network. Instead, it's an intentionally lurid term used to describe how the system installs itself in the system being *protected*. It "attacks the attackers" only by interfering with their activities on the protected network. It doesn't reach out into outside networks to attack the attackers -- such behavior is arguably illegal, anyway. In plain geek-speak, it looks like the Blitzkrieg server sends kernel patches to all the hosts within a network being protected. This produces a distributed computing system comprised of all the hosts that contain these patches. The overall system can monitor or control the security status of individual "patched" hosts since the kernel patches provide access to host security configuration and status. The patches interact with each other and the server via "encrypted" data links. The patches themselves are evidently "encrypted" themselves whenever a given patch isn't operating (a property of conventional "stealth" viruses). The patch software implements a "state machine" that executes "variable length string transformation rules." These rules are "self programmed," so we're probably looking at intrusion detection based on behavior profiling. I regret to declare that I see no magic here, no emerging machine intelligence that will solve our security problems for us. This "quantum physics theorist" hasn't repealed the laws of computation. The halting problem looks safe for now, anyway. Incidentally, the Web site contained *nothing* about Blitzkrieg. But that's just talking about the basic technology claims. The article also describes a Clancy-esque information warfare attack on the US by "Japanese nationals" that happened some time "recently." Allegedly the attack was predicted, specifically identified, and successfully battled back by the Blitzkrieg system. It seems that this could be deconstructed into the story of the recent NT attacks with various other things added for flavor, as retold by Weekly World News. Rick. smithat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:48 PDT