The Myth of the ‘Sophisticated’ Cyber Criminal (BBC)


Among the mistakes journalists sometimes make when covering cyber-security stories is calling an attack “sophisticated” when it’s anything but. And it tends to irritate security professionals.

There’s no real definition of what a sophisticated attack is, but a more elaborate hacking incident might involve gathering intelligence on a specific, complex network before it could be successfully and subtly exploited.

Attacks like that do happen. But more often than not, the hackers and cyber-criminals hitting the headlines aren’t doing anything magical. In fact, they’re often just wily opportunists – like all criminals.

The head of Europol says that the growth of cyber-crime is “relentless”. The agency has identified a range of increasingly common methods used by 21st Century offenders – and these are not sophisticated. These include digital payment attacks, ransomware, selling illicit material on the dark web and stealing people’s personal data to commit fraud or identity theft.