State of Emergency … the strategies

Strategy

One can hit your information by accident he won’t make much damage.
Whatever the attacker’s profile (and you can imagine other profiles combining two or three of the basic ones) be sure no one act rashly and without preparation. No one start using his tolls and techniques haphazardly.

Each calls a well-designed strategy and a method. Let’s look at that.

Strategy

A strategy is the art of fixing objectives and organizing one’s resources and actions to reach them.

Don’t panic! I bring here nothing new. I simply write down what we all do every day… without even thinking about it.

Study of the situation

Who am I and in which context do I live?

We analyse our past and our skills along with the requirements and the constraints of the society around us. We identify what we want, who we want to become.

Definition of the needs

What am I lacking and where can I find it?

Comparing the present and the objective we identify the gap and what it will cost to fill it.

It’s from here that the attacker takes his position: he doesn’t care with the constraints of the society; respecting the law isn’t part of his thinking.

Expression of the wish

Where can I get what I want, without building or acquiring it?

We look for the least cost, the least risk, and the most immediate result.

We can identify several targets with various aims: destruction, robbery or conquest.

Planning

What are the tools, weapons and resources I need to go and take, destroy or conquer?

When should I act to have the best success rate?

How should I move towards my target? How shall I attack? How will I withdraw (if wanted) without leaving tracks so that no one can follow me?

Execution

Once we are ready and the conditions are met, we move, attack and withdraw according to the defined methods.

We are sometimes forced to a ‘Plan B’.

Evaluation

Once back to our safe position, we analyse what we have lost in action and what we have gained.
If the result is positive, we know we can do it again and improve what didn’t work well.
If the results are negative, we look for other ways and we hope doing better next time.

You see that it’s not complicated.

Method

A method – you can call it a ‘tactic’ – is the art to implement the strategy to transform it in a success.

Without going to tiny details, the method – that is deployed across the Planning and Execution phases – can be split in seven steps:

Reconnaissance

We look for information, we visit, and we do what’s called “intelligence”; e.g. by studying social networks.

Weaponization

We build and acquire the tools needed to attack: all malware and human actions to monitor, spy and act.

Deployment

We install the monitoring tools by the target.

Exploitation

We analyse the gathered information and look for the weaknesses we can use.

Installation

We install ‘bombs’ and tools that will bring the final result.

Control

We attack and take control of the target.

Action

We take (steal), destroy or conquer, as per our objective.

 

If you want to go further, ask Google using the key words ‘Kill Chain’
According to his profile, resources and skills, the attacker will simplify and merge the five last steps into two.

 

If the attacker takes the time to consciously plan and act why should we defend and respond with surprise (ad-hoc)? We also need to be organized to resist the attack and be resilient (recover from our wounds). We’ll address that next time.

See you soon, safer with your information

Jean-Luc

Leave a Reply

Your email address will not be published. Required fields are marked *