Comment by acdha
I’d be shocked if that was still true after the first time someone tried it. If you’re running an undercover operation, you’re going to give your agents backing to say whatever they need to say to maintain their cover.
I’d be shocked if that was still true after the first time someone tried it. If you’re running an undercover operation, you’re going to give your agents backing to say whatever they need to say to maintain their cover.
That’s why it’s important to remember that not all state-level attacks are created equal. Intelligence agencies can create fake personas at varying levels of cost and realism, but if North Korea is doing that for revenue they’re not going to spend the same kind of resources they would trying to get, say, nuclear weapons data.
The situation here is significantly asymmetric: the attacker has to do a lot of work to build a realistic persona but the defense can make that much harder with a few basic checks. It’s been cost-effective in the past because companies were skimping on their hiring and internal security, similar to how the identity theft crisis was mostly a crisis in companies doing due diligence.
It's very naive to think you can win against any state-level advanced persistent threat.