Blueprints from History — Series#2
BLUEPRINT#2 : STRATEGY OF INDIRECT APPROACH
“What are you doing here? You were supposed to join forces at Ulm.” says General Kutuzov for which General Mac replies “Napoleon outflanked us. We suffered losses. I was obliged to offer my own surrender.” , as could be seen in the movie War and Peace (1956). The scene revolves around the Battle of Ulm where Napoleon Bonaparte defeated Austrian army led by General Mac. The Russian army led by General Kutuzov were supposed to join them.
It is with Napoleon Bonaparte, one of the greatest European soldier that marked the dawn of the modern era of strategic thinking. Napoleon, known as the self-crowned emperor of France was a master of maneuver and strategy. The term “maneuver” refers to the disposition of forces to conduct operations by securing positional advantages before or during combat operations. He had two favorite strategies — 1. Strategy of Indirect Approach and 2. Strategy of the central position. When he had the strength comparable to his opponents and room to maneuver he would use the strategy of indirect approach.
He would position a small force to the front of the enemy, it would skirmish feigning a major attack simultaneously the main force would swiftly march to the enemy’s rear where Napoleon would place himself on the enemy’s line of communication and supplies.
One part of the army would have pinned the attention of the enemy to the front and the other part would take the enemy by surprise at their rear. It was this strategy that brought about his victories in Battle of Ulm.
In the autumn of 1805, Napoleon was intending to invade Britain. But when informed by his network of spies that the Austrians were moving against him he abandoned his invasion plans and ordered 210,000 men to march towards River Danube. The Austrians were in coalition with Russians whose men were supposed to join them in the battle against the French. Napoleon’s plan was to attack the Austrians before the Russians led by General Kutuzov could join them. He split his army into two, one part of the army attacked the Austrians from the front and were holding them.
Simultaneously, Napoleon and his other men placed themselves along the Austrians’ line of retreat or line of communication and supplies with the Russians. This created an envelopment for them who got totally surrounded and outnumbered which led their General Mac surrender to the French.
Sending one part of the force to distract the enemy for a time period and then build superiority over the enemy with the actual intended attack is very much practiced by cyber attackers as well.
They frequently launch DDOS attacks to distract and swarm an organization’s IT security team with containing the DDOS while at the same time they launch the intended attack that flies under the radar. DDOS itself does not create the data compromise but it entices the security team in the wrong place and makes an organization to have been already data breached without their knowledge.
One of the major ISP and B2B service provider based out of U.K, Talk Talk became a victim of the above cyber attack strategy. Close to 4 million users had their personal data compromised. It is believed that the hack was a combination of two different attacks.
Firstly, a DDOS attack was targeted at the website which was bombarded with so much traffic that the IT security team brought down the web server. This was designed to be a distraction from the main attack which is thought to have been a SQL Injection attack.
SQL injection is not a sophisticated technique, it has been prevalent for more than a decade. It is a way of tricking poorly coded websites into leaking their database information into the hacker’s hands. It just needs a careful sensible programming best practices but unfortunately Talk Talk website was not built with these precautions. Infact there are many other websites which stull fall prey to SQL Injection attacks.