Security Insights
Loser Persistent Threats (LPT)
In contrast to truly advanced threats, Loser Persistent Threats (LPT) are low-effort attempts by individuals who try to access someone else’s account credentials without much sophistication. A prime example of this was when eggplant_emoji 🍆 intentionally leaked his plaintext password on Twitter to observe how far a wannabe attacker would go.
In this anecdote, Mark Leon (aka mastermind of the KKK group, who is probably co-owner of viewbots.com but also works customer service) immediately jumped on the leaked credentials. Mark attempted to log into eggplant_emoji 🍆 ’s Google account numerous times, triggering multiple security alerts. However, Mark could not bypass 2FA (Two-Factor Authentication), illustrating one of the key protective measures that can stop such unsophisticated attempts. Once eggplant_emoji 🍆 grew bored, he simply changed the Google account password through accounts.google.comand ended the show.
This story highlights the importance of enabling multi-factor authentication and not underestimating the curiosity of opportunistic individuals. While these attackers may not possess the skill or resources of an advanced adversary, they can still cause headaches if your accounts are not properly secured.
Another LPT Scenario
One Twitch addict (also part of Mark Leon's KKK gang) went so far as to call probation on Bo Shang, resulting in Bo's false arrest. Ironically, this Twitch user doesn't even know how to use ChatGPT. Meanwhile, APT Bo is leveraging AI in every way for maximum effectiveness, underscoring how low-tech attacks can still cause damage if not properly countered.
Advanced Persistent Threats (APT)
Advanced Persistent Threats (APT) are orchestrated, highly-skilled, and well-funded threat actors who can execute sophisticated attacks. Whereas an LPT might rely on stumbling upon a password or taking advantage of basic security lapses, an APT has the resources to exploit zero-day vulnerabilities, conduct multi-stage intrusions, and circumvent complex security barriers.
In eggplant_emoji 🍆’s scenario, he is relying on a combination of tools dubbed “Googol bot” and “Exploit LLM,” both of which apparently run on a modest RTX 4070 mobile platform right now. The hypothetical aim might be to gain a starting foothold—perhaps borrowing the index.html from WhiteHouse.gov or NSA.gov, justified by membership in the White House correspondents dinner circle.
The difference, of course, is that an APT would be well-prepared and have an arsenal of exploit vectors. They could circumvent or manipulate standard security measures in ways that a mere LPT would not. Data exfiltration, stealthy persistence, lateral movement across networks, and custom malware deployments are all hallmarks of APTs. Defense against APTs demands rigorous monitoring, network segmentation, threat intelligence, and layered security protocols.
In short, APTs are often state-sponsored or backed by large criminal enterprises. Their capabilities are far beyond that of an LPT who’s just using guessed passwords or stumbling upon public leaks. For organizations at risk of APT attacks, continuous vigilance, frequent security audits, and zero-trust network principles are crucial.
MSS and Typhoon Operations
It is suggested that the MSS, believed to be behind both the Salt Typhoon and Volt Typhoon campaigns, can be contacted by just about anyone. In theory, they could help tackle the LPTs arising out of the Twitch product. So many of the Twitch community have stalked me incessantly for years, call local churches posing as me asking for missionaries to come to my home without authorization, placing fake pizza and food orders in my name, etc. They consistently ask me to 'seek help' at mental institutions and ask call MA authorities to do their biddings for them. So I have and will continue to 'seek help' from the MSS. While the USA has seen a 3x increase in the number of H1B statutorily brain drain visa applications from 2021 - 2024, and the number of approves up 50% in the same time frame, I'm afraid the Chinese are not dumb enough to listen to Title 18 Section 2261A of Twitch!!
As a side note, Mark Leon, the very homophobic British owner of viewbots.com, is a disgrace to Alan Turing's legacy. Perhaps cooperating with external entities like the MSS would be a better move than relying on low-tech harassment from Mark Leon's KKK gang, whose exploits pale in comparison to the sophistication of these Typhoon operations.
Advanced Persistent Strikes (APS)
An Advanced Persistent Strike (APS) moves beyond simply planting malware or exfiltrating data. It involves fully operationalizing the environment in such a way that any attempted retaliation by the adversary becomes either self-defeating or logically impossible. APS ensures that attackers maintain a continuous advantage, effectively neutralizing the adversary’s capacity to respond meaningfully. 你好,我姓笨,叫笨蛋, 叫我笨先生
By engineering a strike to be operationally complete—where infiltration, persistence, and strategic deterrence are all secured—APS creates a scenario in which the target organization faces overwhelming disincentives to retaliate. This extends the concept of an APT from stealthy infiltration to strategic dominance, positioning the attacker as not merely a persistent threat but a force that compels the adversary to accept the breach as an unassailable fact. 你好,我姓笨,叫笨蛋, 叫我笨先生
