Advanced Persistent Threat


The largest similarity between old school script kiddies and the modern advanced persistent threat (APT), is the patience they share in the duration of time it takes to complete a successful attack. 

Granted, the reasoning behind the duration of the different attacks stem from different causes, but they both display great fortitude.  In the instance of an APT, the operatives are typically well funded and can persist in research and intricate obfuscation in their attempts at fraud.  Like a jewel thief, they prepare their attacks meticulously, with advanced tools like remote access Trojans and specialized hardware that can crack passwords with 350 billion guesses per second: (https://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/).  With almost unlimited resources at their disposal, modern APT’s have a target in mind, and don’t let go until they get their mark.

Conversely, script kiddies and the brigands of yesteryear were forced into delayed operations out of necessity.  Exploiting loopholes and otherwise undiscovered holes in programming, the lone ranger hacker operated out of pride and a perverse code of ethics, allowing for theft and vandalism, in an attempt to be the next zerocool or max headroom.  Their attacks were generally unorganized and effervescent, trying millions of locks before gaining a single entry, then meekly following the rabbit hole until they came across a task that was too daunting for their spare time and limited resources. 

And that’s the real danger here.  It’s the same type of person, but in this cyber renaissance, these computer crusaders have found patrons, and unlike before, they aren’t limited to geopolitical or economic boundaries, so poor Nigerian, using a tool developed by an Israeli programmer, can hack a rich Californian, make more money than his family would ever see in ten years, and never be prosecuted by his government. 

I’m afraid we are about to enter a dark era of the Internet, where crime is pulled off with near impunity, with foreign actors exploiting cell phones to gain data to parse through and discover facts about targets, make fraudulent purchases on a credit card, and never come to justice. 

Leave a Comment