Mathematical Model Helps Estimate Optimal Timing of Cyber Attack

← Back to Stories (view on slashdot.org)

Mathematical Model Helps Estimate Optimal Timing of Cyber Attack

Posted by Unknown on Monday January 13, 2014 @10:03PM from the hack-the-gibson-when-it's-ripe dept.

sciencehabit writes "Have you been missing the grim mathematical war games that strategists once used to map out possible nuclear confrontations? Don't worry, the games are back — this time applied to computer security. Researchers have now mathematically formalized the strategy of computer hacking, potentially enabling anyone — governments, activist hackers, cybermafia — to determine the optimal timing of attacks."

31 comments

Min score:

Reason:

Sort:

Now by Anonymous Coward · 2014-01-13 22:05 · Score: 1

If you don't do it now, *they* will.
Optimal attack time by fatphil · 2014-01-13 23:39 · Score: 1

I've worked out the optimal time to pull down their coffee machine.
Where will these strategists be without their coffee, eh?

--
Also FatPhil on SoylentNews, id 863
Obligatory by Anonymous Coward · 2014-01-13 23:54 · Score: 2, Funny

What a strange game. The only winning move is not to play.
What about a nice game of chess?
1. Re:Obligatory by iamnotasmurf · 2014-01-14 00:01 · Score: 0
  
  What a strange game. The only winning move is not to play.
  What about a nice game of chess?
  Sir, with an attitude like that you will never get out of your mom's basement!
  
  --
  My sig has no nature
2. Re:Obligatory by hcs_$reboot · 2014-01-14 00:59 · Score: 1
  
  What about a nice game of chess?
  With this, you won't be disappointed.
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
3. Re:Obligatory by Anonymous Coward · 2014-01-14 02:53 · Score: 0
  
  I just saw that movie on TV a couple of nights ago. Brings back fond memories of taking my high school girlfriend out to see it on our first date. God, I hate this getting old shit.
Hmmm... let me guess? by Anonymous Coward · 2014-01-13 23:59 · Score: 0

Hmm, the best time to attack is in the early morning local time?
1. Re:Hmmm... let me guess? by drainbramage · 2014-01-14 01:49 · Score: 1
  
  For more detail check the newspaper, perhaps the Perl Harbor Gazette.
  
  --
  No brain, no pain.
2. Re:Hmmm... let me guess? by sunderland56 · 2014-01-14 02:12 · Score: 1
  
  Hmm, the best time to attack is in the early morning local time?
  No. Best time is about 6 PM on Friday - all of your *good* IT guys have left for the weekend, with only the newbies on the night shift left in the building; and all of your really good security people are getting drunk in a bar somewhere.
3. Re:Hmmm... let me guess? by fatphil · 2014-01-14 03:20 · Score: 1
  
  Nope, saying "6" is an arithmetic solution, we need a mathematical one.
  
  6 + Min[t>=0]:(Max[i]:(competence(staff_member_{i}, time 6+t)) <= target_competence)
  
  --
  Also FatPhil on SoylentNews, id 863
Brought it upon ourselves by pcwhalen · 2014-01-14 00:04 · Score: 1

The NSA encouraged weakening of number randomizers and randomization algorithms which weaken encryption. They don't report vulnerabilities in software.
We brought a world of less secure computer networks and electronic banking and commerce upon ourselves.
Hell we even gave hackers a damn fine model on how to attack.
From the article:"The Stuxnet worm, for instance, was supposed to quietly delete itself after doing its harm, but it was unintentionally released âoeinto the wild, where it is no doubt being tweaked, reverse-engineered, and readied for fresh exploits by others."

--
Pay no attention to the man behind the curtain with all your metadata.
1. Re:Brought it upon ourselves by Anonymous Coward · 2014-01-14 00:19 · Score: 0
  
  Hell we even gave hackers a damn fine model on how to attack.
  On top of that: people with enough money to spend on sponsoring research nowadays seem to be also the ones insecure enough to be aggressive.
Thanks by Anonymous Coward · 2014-01-14 00:22 · Score: 0

Good website. Welcome back mey blog page. Health
e-tedavi.gen.tr
Obvious by Akratist · 2014-01-14 00:23 · Score: 4, Interesting

While this is not quite what the article is talking about, right around the holidays is probably the best time to stage an attack, as I think the BBC (?) found out already. Where I work, the place was running on a skeleton crew, with the IT staff at a bare minimum and handling service calls instead of doing any network monitoring or maintenance (what do you deal with first -- system maintenance or someone in sales who can't connect to the server and is making a big stink about it?). Social engineering probably works great in the week or so before the holidays...figure out where the company Christmas party is going to be, then crash it. Find someone who's sloshed and start talking them up. If not that, people are still busy and distracted, gifts are often delivered, and so on. Everyone in a company, and especially IT managers, really need to step up their awareness during this time of year, not get lax about it.
1. Re:Obvious by Anonymous Coward · 2014-01-14 00:39 · Score: 1
  
  While this is not quite what the article is talking about, right around the holidays is probably the best time to stage an attack, as I think the BBC (?) found out already.
  BBC? Other Targets will more more profitable to attack for sure.
2. Re:Obvious by transporter_ii · 2014-01-14 00:41 · Score: 1
  
  Yes, this. Someone had some taxpayer money to spend to come up with this crap. When the law and the NSA are playing S.H.I.E.L.D, this will look really cool on the monitors. And then they will time it for a holiday or other important day and release the DDoS.
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
3. Re:Obvious by Anonymous Coward · 2014-01-14 00:45 · Score: 0
  
  Or timed it during the big freeze to further cripple the infrastructure and make it more difficult for operators to manually fix things.
  Watch cascade failures during peak power demand as critical nodes are taken offline and the power demands overload the system.
  Pretty luck that it hasn't happened.
4. Re:Obvious by Akratist · 2014-01-14 01:37 · Score: 1
  
  Probably, but someone thought it was valuable enough to: http://www.huffingtonpost.com/2013/12/29/bbc-hacked-christmas-access-britain_n_4515229.html
The Rational Timing of Surprise .. by DTentilhao · 2014-01-14 00:42 · Score: 1

"A classic example is the British decision in World War II to allow German spies to continue gathering damaging intelligence for Hitler years after the spies’ identities were discovered" link

There were no spys allowed to freely operate prior to D-Day, they were all captured and utilized to feed the enemy false information. Reason being the British were reading the encrypted communications to the spies from Bletchley Park. link
This is like Quantum Physics.... by 3seas · 2014-01-14 01:10 · Score: 2

once you look at it.... and TELL EVERYONE....... it changes.
Seems unnecessary by Anonymous Coward · 2014-01-14 01:13 · Score: 0

Should be pretty easy to deduce without a computer, right? Any time before and after school, on holidays and weekends... Pretty sure I saw this in Death Note.
We already know the best time to attack by Anonymous Coward · 2014-01-14 01:24 · Score: 0

It isn't called a lunchtime attack for nothing.
Mathematical Models? by ruir · 2014-01-14 01:31 · Score: 1

Captain obvious called. Extended weekends, Xmas and summer holidays.
1. Re:Mathematical Models? by rmdingler · 2014-01-14 01:51 · Score: 2
  
  Major Obvious called.
  Apparently, a penchant for the apparent is a promotable offense at his office.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:Mathematical Models? by BonThomme · 2014-01-14 02:16 · Score: 1
  
  he's just bitter because he's still only a Captain.
3. Re:Mathematical Models? by aaronb1138 · 2014-01-14 07:07 · Score: 1
  
  I suspect lunchtime and towards the end of the day during M-F workdays are the best times. Nearby time zones still have enough late work day traffic that a minor issue might be dismissed as general internet congestion and at the same time, the target support people are more exhausted and likely to miss something / want to get out the door and go home.
30 Minutes After ... by Anonymous Coward · 2014-01-14 09:28 · Score: 0

Dominos Pizza delivery!
Back in the '90s the FBI warned an "Above Top Secret" Defense Agency to curtail their habit of Dominos Pizza deliveries after tasked with a secure operation because a steady flow of Dominos Pizza cars/trucks was a dead giveaway that something BIG was up. True story!