Whenever a breach occurs these days, the organization’s management is quick to call it a sophisticated attack. The media’s quick to jump on the Advanced Persistent Threat or APT bandwagon. Then, sooner or later, news leaks that the attack was actually something quite trivial pulled off by regular people.

Take the Comodo attack. The founder is on record as saying "This [attack] was extremely sophisticated and critically executed. It was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate."

Moxie Marlinspike relayed at BlackHat and GrrCon what he learned about the attacker. Turns out the guy surfed into www.thoughtcrime.org and downloaded sslsnif after the breach. Where did the attacker come from? Hak5.

Moxie Marlinspike: "On the one hand, we have the CEO of Comodo. Very well orchestrated. Clinical. Maybe this video was really good. Maybe it turned them into clinical attackers. But, from what I see, on the one hand we have the CEO’s statements and on the other hand we have someone who is literally following video tutorials on the Internet."

Where is the disconnect? The cynical answer is that it is politically expedient to label attacks "sophisticated". Bonus points if you can link the attack to foreign nations. If the attack can be grouped under force majeure, well, who can defend against that? And who can blame the company for falling prey?

That's the cynical answer. Tomorrow, I will share a more pragmatic reason.

For now, I will give the last word to Jack Daniel. "Every breach is sophisticated, just like everyone is special."