Thursday, May 6, 2010


After reading the review by Kasparov on Chess Metaphors I began thinking of a few completely unrelated subjects.

On chess,

In the great game of chess, outright domination is not the goal - unless you outclass your opponent so badly that they have no chance of winning. Winning at chess is a mental game. The game is won through feints, sacrifices, and outsmarting your opponent through the use of strategy and tactics depending on the state of the board. It requires an immense number of calculations per second to be able to not only assess the current situation, but the results of the move you are about to make, and your opponents response. Not simply in the action->result mode of thinking, but in the symbiotic relationship that occurs when two grandmasters are locked in a titanic battle of the mind.

Plays are not made, they are developed. This is a guiding principle. No chess move is made for the sake of making the move. A chess move is made to develop a play that may not occur unless 15 other moves take place. This development comes in the form of moving pieces to positions on the board where they will have a greater overall impact in the middle and endgame.

Yet another guiding principle is that of controlling the center. Controlling the center refers to the squares in the center of the board. Controlling these squares, directly, or through pieces with direct access to them from afar can have a huge impact on the success of your game. Unsurprisingly, controlling the center influences your opponents maneuvers, cramps the available space on the board, and may ultimately provide openings for attack if and when your opponent makes a mistake due to your positional influence.

Paraphrased from the article: It used to be that becoming a chess expert would take years of study and practice. With the advent of computers and chess software, the game has changed in that young children are attaining a very high status in the field. What we now see in the game of chess is that the computer has leveled the playing field. In 2005, a "freestyle" tournament took place where competitors were allowed to use computers and the winners were not grandmasters. They were amateurs using three computers at the same time. It was their skill in manipulating the computers that allowed them to win. He summarizes this nicely with the following: "Weak human + machine + better process was superior to a strong computer alone and, more remarkably, superior to a strong human + machine + inferior process."

Better process wins.

Kasparov also discusses his experiences in using computers when he battled Topalov in a heads up competition.
"[..]With that taken care of for us, we could concentrate on strategic planning instead of spending so much time on calculations. Human creativity was even more paramount under these conditions."

Kasparov's tactical advantages were nullified by the computer and its ability to perform more calculations. Here he suggests that the ability of humans to think on their feet, to adapt to unfolding situations, the ability to innovate is what allows the human-computer combination to prevail.

"[..]Correctly evaluating a small handful of moves is far more important in human chess, and human decision-making in general, than the systematically deeper and deeper search for better moves—the number of moves “seen ahead”—that computers rely on."

Again, here he suggests that our ability to make the correct decision when faced with evaluating a small set of moves is a vital component to our decision making processes. All in all, Kasparov's review of the book is quite possibly just as fascinating as the book itself.

And now I leave Kasparov and the world of chess for a world of six legged pests known as ants.

Where I reside, it's getting warm again. When it gets warm in the house, I open up my windows at night to allow cold air in and warm air out. Unfortunately, this permits bugs to enter my residence. Ants are a fascinating little creature. They are full of a complex set of communication and societal roles and responsibilities. One day this past week I saw one of the forager ants making its way through my hallway. As you might be aware, when foragers are out exploring, they mark a path for others to follow. So as it was making its way through my house it was leaving invisible breadcrumbs for other foragers to follow. I quickly squashed the ant and went on my merry way, before it could continue to forage and perhaps find a food source. How could I know if it had already found a food source? How could I know if it wasn't already on its way back to the food source? How could I know it wasn't leading a more serious infiltration? Was it alone? I couldn't answer these questions, I squished it without bothering. I had work to do and no time to bother with ants. Working my way through the house..I spotted another ant. I squashed that one too, its carapace crunching beneath my shoe! I was victorious, two ants detected and killed in a few minutes. I was the defender of my home and I'd be damned if some ants were going to infiltrate my home!

Of course, having some experience with ants I knew full well that by the time I'd spotted those two, I had already been infiltrated. Over the next few days I spotted and squashed several more of the foragers, knowing there would be more. You see, ants are clever little creatures and the foragers may penetrate the house via different means and locations, they may work together or individually but their goal is a common one. Identify a food source, communicate it back to the colony, and begin exfiltrating in an effort to keep the colony healthy, strong and growing and continue foraging. Based on my experiences I had prepared for the inevitable infiltrators success. I had ant traps at my disposal and a plan to take care of them. The thing to remember about ants is that they need forage to find food sources worthy of taking back to the colony. I, as owner of the residence know where the food sources are, how the food moves throughout my house, how frequently the trash goes out, what windows were open, and based on other experiences what other ways the ants might be getting in. Of course there are ways in to the house that I have not yet identified. Ants are tiny little things and are very adept at crawling through the smallest of spaces! My battle with them persists, though I've deployed bait, traps and other active defensive measures. Here, take my poisoned food back to the colony, feed it to your queen and larvae.

So what does all of this have to do with anything? I'm not talking about chess and ants. I'm talking about the APT.

As it relates to chess, the APT are much like an advanced player thinking several moves ahead. Their process is well thought out. They have developed tactics to not only attack but defend their positions once they've made a move as part of a larger strategy to gain and keep access for extended periods of time. They may use complex moves to attempt to outsmart the opposition, they may use simple moves to lull us in to a sense of over confidence about the state of the board. They have a definitive offensive advantage. They can penetrate defenses pretty easily. They may have studied our culture to learn our biases to use them against us. They may use this to convince you to think that you can't stop them, you can only hope to contain them. They may be amateurs in some cases, but their ability to manipulate computers and follow a strong process creates situations where they can win just about every game they play. Their tactics may not be all that different than that of an ant. It can take an awful lot of effort to defend the home-front against the infiltrators. If, like me you find yourself too busy trying to take care of business by defending against them, you will have already lost, and eventually you may not have a business to attend to. Your product may no longer be yours. Your food will be exfiltrated, and you will continue to suffer infiltrations all season long. A good plan, and strong process for defending what's yours is in order. This is why things like IPB exist. To support decision making and allow your boss to apply appropriate resources to defend the enterprise at critical paths when and how he/she chooses. Nobody should know your environment better than you. If you don't know your own environment, stop and take the time to learn about it, otherwise your environment is not yours. Learn what defenses and resources are available and how to apply each one ahead of time. This is not something you want to learn about while under fire. Given the situation at hand, decide which measures to apply. Developing templates may or may not be the way to go. They can aid you greatly by removing a lot of the judgment calls, and by identifying available resources so you don't have to think about it. I know that in my current environment they have helped greatly, particularly around phishing attacks. Defending against advanced intruders takes an advanced defense, effective manipulation of the systems under your control and human creativity. Remember, it takes People, Ideas, and Hardware. The bad guys work in shifts around the clock to attack you. Are you working nearly as hard to defend?


rwuiuc said...

Great post. As a former recreational chess player (and one that was not that great) I enjoyed this post. I find the game of chess, the process of learning chess, the strategy and tactics as very applicable to digital investigations and forensics.

You have to know what the pieces are and their capabilities.

You have to find a way to assess the board and what the strength and weaknesses of your position are

You take notes on your game play so you can improve in the future

I could go on and on... good stuff