Attack costs

listo factor listofactor at
Tue Oct 10 08:41:08 CEST 2017

> Firstly, I think it's really easy to get carried away here with
> security measures one probably doesn't really need.  If you do have a
> need for air-gapped computers then you also have a need for a lot of
> other security measures.
> 1) How good are the locks on the doors to your house?
> 2) What about your windows?
> Just my opinion and it's not meant as criticism just as "food for thought"

Well, here goes:

A competent adversary can spend $100K to develop and deploy a software 
tool that will compromise computers of one thousand of its opponents. 
Thus the cost per compromised computer is $100.- If it costs $1000.- per 
opponent to send an operative (or, more likely, a team of operatives) to 
physically enter the computer location in order to compromise it, the 
total cost to the attacker is one million.

The numbers are, obviously, for illustrative purposes only. But my 
thoughts is this: when it comes to mass surveillance, over-the-net 
attacks may indeed be of significantly greater concern than physical 

(Another, perhaps tangential, thought: in the era of mass surveillance, 
money is the principal limiting factor for a whole class of large 
institutional attackers - both ethical and legal limitations are long gone).

More information about the Gnupg-users mailing list