Good stuff, the Maj. is definitely spot on with regards to the fact that cyber-warfare is indeed asymmetric, established "fortress doctrine"/defense in depth theories do not work here, and he does a great job of driving that home. Thanks for the post RL!
Paper is here:
http://www.sans.org/reading_room/whi...-warfare_33889
It's a good analysis of what the th3j35t3r's past activities, but I am not entirely convinced of his capabilities overall.
When you to understand how much *security* costs vs. the
security that is actually provided, the business culture vs. security: is security an integral part of the business and product development or check the box compliance? you will begin to understand why companies like Sony and STRATFOR and government agencies like the CIA, FBI, (Infragard) were so easily breached.
The definition of asymmetric here isn't a David vs. Goliath: these aren't lucky shots or one off attacks against hard static defenses; the defenses aren't very hard, nor very static and the shots were well aimed at some *hardened*, *secure* COTS black box or software package which turned out to be as secure as 2 1/2 ft. picket fence.
End rant...My .0002
The man definitely knows his stuff, and th3j35t3r may too. My point was that the skill level required to break into major corporations using *secure* COTS software isn't very high. Like Metasploit, these days its point, click, pwn; there aren't many (like the Maj.) who really know what goes on behind the scenes. MSM and "experts" looking for their 15 minutes usually end up attributing more skill than deserved to the likes of Anonymous, Lulzsec etc. I guess it's all subjective though, I have been called "hacker, security expert, researcher etc" by SC, PC World, ZD Net, CNET etc. and I don't even consider myself more than a professional who knows a things or two, but far from expert 
Linear Mode
