It's really dumb for infosec in general to continue suggesting that it matters whether or not a "sophisticated actor" was involved in a particular cyber security incident.
If there was a security event, then what the f**k does it matter if the "attacker" was sophisticated or not?
It's a bunch of stupid d*ck wagging, hubris, and liability protection for negligent "victim" organizations.
If there is a security compromise, breach, hack, etc... the primary reason you hear all about the attacker's level of "sophistication" is to provide cover for the company.
Because if you were targeted by the best, most advanced, most well funded and complex genius hacker group in the world, then it's just "not your fault". You were "beaten by the best" and "nobody could have avoided that". It was "no real fault of your own". That's why you hear it.
So, stop focusing on whether or not a "sophisticated" bad guy did something. That's worthless obfuscation and misdirection. stfu and focus on the fact that a security event *happened*. Period. That's it.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Chris Vickery

Chris Vickery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VickerySec

25 Feb
Santa Rosa Police Department appears to have no idea what a two-party consent state is. One officer, and one dispatch agent, have each failed to understand how California Penal Code §632 works:…
Allow me to educate anyone else in California law enforcement who might need some remedial training regarding what the phrase "2-party consent" means with regard to wiretapping and eavesdropping laws...
If ANY party to a conversation has a "reasonable expectation of privacy" and that party does *not* consent to the conversation being recorded by an electronic device, then whoever is recording the conversation has committed a crime.
Read 6 tweets
24 Feb
It's really interesting that Chris Wilson's company, WPA Intel, is claiming to just now introduce this "feature" in their voter data warehouse product.
I say that because Wilson's company has had profiled tags like call reliability tied to voters in the US for several years. AggregateIQ (aka Cambridge Analytica) pulled it directly from the GOP Data Trust for use by WPA.
I can still prove this and have testified to that fact.
"Bonfire" is almost certainly a result of WPA's work with Cambridge Analytica and AggregateIQ. So, basically the FTC should ask Mr. Wilson if he ever deleted the data his company received from Cambridge Analytica.
Read 4 tweets
24 Feb
My confidence in the legitimacy of SCOTUS was already at zero. The Chief Justice has today dashed it even lower (excerpt from today's Lange v. California hearing):
Roberts has shown himself to be devoid of any understanding of our system of law, let alone the principles cherished and enshrined by our forefathers.
If Chief Justice John Roberts ever wishes to truly understand the US Constitution, I'm willing to set aside time enough to teach.
Read 4 tweets
24 Feb
The domain name acebooc[.]com is currently unregistered and available ($8). Image
do something crazy.
get people talking about that crazy thing acebooc did.
Read 4 tweets
23 Feb
btw, if Dominion or Smartmatic want to add another deep pocket defendant, I've got the key evidence to hook in the PoliticalMedia[.]com empire of websites.
Courtesy of the company's president, Larry Ward, messaging me directly in November, 2020 (see screenshots).
While I'm not exactly a fan of voting machine vendors, I am more happy to see them devour the spewers of hatred and disinformation.
I'd certainly sign a declaration stating those screenshots show actual, true, real messages that Larry Ward sent to me.
I am sure Dominion and Smartmatic can then proceed to clean his, and his company's, clock(s) in the discovery phase of that impending litigation.
Read 5 tweets
23 Feb
(Replying as separate thread)

I've reviewed the discussion video you linked. @CharlieAngusNDP makes several very good points and it amazes me that RCMP seem to respond as if they have no jurisdiction where a company has chosen to straddle borders and operate in multiple nations.
I do have some tech insight to turn this situation around- Even if a site's "servers" are located in the US, there are almost certainly caching distribution servers located in Canada contracted by the company to quickly serve the most-commonly accessed content to Canadian users.
High definition online streaming video services, such as the one relevant to this situation, do everything they can to minimize things like "lag", "buffering", "loading", etc.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!