gnucitizen.org

Thought Experiment: Impersonating not just people, but entire organisations So, the other thread asked for thought experiments. Here's one. The other day I came across the idea of creating entire shadow communication networks. This was originally done in the military. The military guys used to imitate entire communications networks, and then infiltrate the networks with false information while jamming out the other parts of the radio network (see [this wiki page](https://secure.wikimedia.org/wikipedia/en/wiki/Ghost_Army) for just one example, that goes beyond the electronic realm). Apparently, the counter-intelligence guys did something similar (see COINTELPRO, which most of you would be familiar with). I looked around the 'net to see if anyone else had taken that idea and run with it in the infosec realm. Gnucitizen has a blog post from '08 [here](http://www.gnucitizen.org/blog/social-networks-evil-twin-attacks/), but focuses more on creating fake social networks. At a more general level, take some institution A that interacts among some complex social, economic, or political system. When running a reconnaissance of institution A you typically take note of everything about it (from the tech side of things, all the way up to footprinting the open information you find on the website, linkedin, or other surfaceweb info). The aim of this hypothetical imitative attack is not just to enumerate everything about the company, but to duplicate the control/communications networks so well that others within the complex system mistake it for the real thing. You could do this at a technical level (and people do, see phishing). But I want to duplicate the informal and formal networks that people use in the organisation to make decisions, and then use that network to manipulate the decisions in my favour. For example (again, hypothetical), I spend weeks footprinting a large company. I duplicate it so well, that I can now imitate one of the high-level manager's mannerisms and

Thought Experiment: Impersonating not just people, but entire organisations So, the other thread asked for thought experiments. Here's one. The other day I came across the idea of creating entire shadow communication networks. This was originally done in the military. The military guys used to imitate entire communications networks, and then infiltrate the networks with false information while jamming out the other parts of the radio network (see [this wiki page](https://secure.wikimedia.org/wikipedia/en/wiki/Ghost_Army) for just one example, that goes beyond the electronic realm). Apparently, the counter-intelligence guys did something similar (see COINTELPRO, which most of you would be familiar with). I looked around the 'net to see if anyone else had taken that idea and run with it in the infosec realm. Gnucitizen has a blog post from '08 [here](http://www.gnucitizen.org/blog/social-networks-evil-twin-attacks/), but focuses more on creating fake social networks. At a more general level, take some institution A that interacts among some complex social, economic, or political system. When running a reconnaissance of institution A you typically take note of everything about it (from the tech side of things, all the way up to footprinting the open information you find on the website, linkedin, or other surfaceweb info). The aim of this hypothetical imitative attack is not just to enumerate everything about the company, but to duplicate the control/communications networks so well that others within the complex system mistake it for the real thing. You could do this at a technical level (and people do, see phishing). But I want to duplicate the informal and formal networks that people use in the organisation to make decisions, and then use that network to manipulate the decisions in my favour. For example (again, hypothetical), I spend weeks footprinting a large company. I duplicate it so well, that I can now imitate one of the high-level manager's mannerisms and