It is said that the BEST ninja positions their blade where the enemy will walk into it years later.
Cyberinsurgency
Gestating Attacks
It is tempting, when launching an attack, to make it splashy and immediate. There is a rush to be had when you light the fuse and run away from the pipe-bomb and wait for the explosion.
As fun as explosions are, they make it easier to catch you.
It is better to give your enemy cancer than to blow them up, unless your objective with the explosion is to redirect their attention toward the sound and flames.
When performing a cyberinsurgency attack, think in terms of attacks that may do their damage slowly for months before being discovered, so that – when they are – the enemy has to spend time trying to figure out what happened. They have to, because the authoritarian mindset requires it and also they have no way of knowing what the attack was and whether they will be attacked on the same avenue again.
The days when it was an interesting attack to compromise a website and put a silly banner on it: those days are over. Now, if you compromise a website, you can do much greater damage by collecting evidence of the compromise, leaving a calling card behind, and a backdoor, and waiting a year before you sell the backdoor to someone who will make a horrible mess of things. When that happens, you can demonstrate how incompetent the target is/was by outing the calling card.
Slow poison is much much scarier than explosions. The enemy doesn’t realize that because they’ve been mostly being attacked with explosions. So far.