The power to engage in malicious cyberactivity is becoming increasingly democratized and symmetrical, according to experts. For proof, look no further than a string of high-profile attacks perpetrated by teenagers.
"Even relatively non-technical hackers can carry out sophisticated attacks using 'off the shelf kits' that can easily be purchased on underground forums," Andrew Browne, malware labs director at software company Lavasoft, told the Washington Examiner. "This is especially true for social engineering attacks, which are not aimed at a company, but rather an individual."
Since the beginning of October, social engineering attacks by hackers who are believed to be teenagers have breached personal accounts belonging to Central Intelligence Agency Director John Brennan, Secretary of Homeland Security Jeh Johnson, and Federal Bureau of Investigation Deputy Director Mark Giuliano. Authorities have yet to locate the perpetrators. According to Browne, they may never be able to do so relying on technical means.
"Hackers employ myriad tactics to avoid being discovered, such as proxy chaining, where an attack is mounted from a computer that is many computers and probably several countries removed from the origin," Browne said. "This is only one of very many steps a determined hacker can take to conceal themselves. If the hacker has taken enough steps, it's very possible their identity may never be discovered."
Authorities on the other side of the Atlantic have been slightly more successful this month after arresting several teens for hacking British telecom company TalkTalk. The teens attempted to blackmail the company using stolen data on 157,000 customers. In spite of their capture, TalkTalk estimates that costs resulting from the attack could reach as high as $53 million, and those customers could still be vulnerable to phishing attempts in the future.