Illustration: Aïda Amer/Axios

On Tuesday, the U.K.'s Labour Party became the latest in a decade-long line of victims to claim they were targeted by a "sophisticated" cyberattack that wasn't, actually, very sophisticated.

The big picture: It's the latest lexical stretch for an adjective that's widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

Driving the news: Labour ultimately faced what's known as a denial of service attack, a way of overwhelming servers with a ton of traffic. It's a digital blunt force attack — harmful, yes, but hardly sophisticated. Labour was not alone.

In the last year or so, victims blamed "sophisticated" hackers for breaches at the Australian Parliament; a hamburger chain; a bank; another bank; yet more banks and universities in Australia, the U.S. and UK; a 1,200-student high school; newspapers; Amnesty International; WhatsApp users; a medical center; an electronics supplier; an embassy; and a community college, among others.

Be smart: Some of those hackers were, in fact, sophisticated. Others weren't. But overusing the word dilutes its meaning.

The sophisticate who cried wolf: For network defenders trying to follow what's going on across the industry, it's important to know when actual sophisticated hackers emerge. "There's a boy who cried wolf situation," said Dylan Owen, senior manager for cyber services at Raytheon.

Sophistication's siren song: As soon as a breach is announced, companies are on the defensive, left to justify to users, investors and employees how data that was supposed to be kept secret suddenly wasn't.

  • "No one is going to say they were breached by average hackers," said Chris Scott of IBM's X-Force IRIS incident response team.
  • Sophisticated often gets used as a synonym for "our organization shouldn't be blamed for missing this."

But, but, but: Sophistication isn't the only way to breach even high-tech defenses. Persistence is just as powerful as technical acumen.

  • "We see relatively simple attacks able to get by good defenses all the time," said Owen.
  • Some of the most effective hacking groups in history — including all but the most recent of Iran's efforts in hacking — were not considered particularly technically skilled.

When experts say "sophistication," they use it very differently from average people.

  • For experts, a sophisticated attack is one that's layered, bespoke and studied — one that cleverly and efficiently achieves its goals. It can refer to work before or after a breach, how an attacker maneuvers inside a network, speed or stealth.
  • For the public, sophistication sounds like someone is simply using unbeatable technology, one part wizardry and another part ninjutsu.

Those aren't the same thing. Just consider the first steps in hacking a computer.

  • The most sophisticated attackers almost always start with methods the public doesn't think of as sophisticated. The U.S., China and Russia — the most advanced hackers in the world — typically start an attack with phishing or exploiting security flaws vendors have already released a patch for.
  • Even so-called zero-days, previously undiscovered vulnerabilities that can't yet be patched, are not always the sign of a sophisticated attacker. "You can have a group that uses a lot of zero-days that isn't technically skilled, just willing to spend a lot of money to purchase them from the black market," said Ben Read of FireEye.

The bottom line: Unless the hackers are known to wear cufflinks, you can usually take "sophisticated" with a grain of salt.

Go deeper:

Go deeper

Trump threatens to post "60 Minutes" interview early after reportedly walking out

Trump speaks to reporters aboard Air Force One, Oct. 19. Photo: Mandel Ngan/AFP via Getty Images

President Trump tweeted on Tuesday that he was considering posting his interview with CBS' "60 Minutes" prior to airtime in order to show "what a FAKE and BIASED interview" it was, following reports that he abruptly ended the interview after 45 minutes of taping.

Why it matters: Trump has escalated his war on the media in the final stretch of his re-election campaign, calling a Reuters reporter a "criminal" this week for not reporting on corruption allegations about Hunter Biden and disparaging CNN as "dumb b*stards" for the network's ongoing coronavirus coverage.

McConnell urges White House not to strike stimulus deal before election

Senate Majority Leader Mitch McConnell. Photo: Stefani Reynolds/Getty Images

Senate Majority Leader Mitch McConnell (R-Ky.) has urged White House negotiators not to cut a deal with Democrats on new coronavirus stimulus before the election.

Driving the news: McConnell informed Senate Republicans of the move at a closed-door lunch on Tuesday, two people familiar with his remarks tell Axios. McConnell's remarks were first reported by the Washington Post.

Most arrested in protests are not associated with antifa

Protesters demonstrate as a Salt Lake City police vehicle burns on May 30. Photo: Rick Bowmer/AP

Antifa may be a focus on the right, but it's hard to find in the court system.

Why it matters: Very few of the people charged in this summer's protests and riots appear to be affiliated with highly organized extremist groups, reports AP.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!