Cyber Security: Sockpuppets, Vishing, Snarfing, What does it all mean?

Cyber Security, Cyber Crimes, Cyber Terrorism, those are words that we here on the regular basis now days, but what does it all mean to you or me?

On the news lately we hear about White Hat Hackers v/s Black Hat Hackers, and how one of them is trying to take the other down. Or we hear about BHH’s Using Phishing Scams, or DDoS attacks, to take large corporations down. Unfortunately, after we are done watching the news, most of us sit there staring at each other trying to figure out what they all mean.

For the most part, we are all pretty good at understanding what they all mean. If I tell you a computer got infected by a Virus, you know what that means, you also know that it’s not a good thing. But, if I tell you the computer was infected by a Trojan Keylogger program downloaded via a P2P Network because you fell victim to a Social Engineer using a Sock Puppet, would you know what that means?

Well, Scott Harrell from Pursuit Magazine, a Private Security and Investigations Magazine, compiled a list of what all of this terms mean, he covered everything from A-Z and everything in between. I went ahead and took out some of the items from his list, but if you want to check out the full list go here, you’ll be surprised as to how many names there are on the Cyber world.. did he miss anything?

Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations who send unsolicited bulk e-mail address.

Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software.

Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.

Black Hat: the villain or bad guy, especially in a western movie in which such a character would wear a black hat in contrast to the hero’s white hat. The phrase is often used figuratively, especially in computing slang, where it refers to a hacker that breaks into networks or computers, or creates computer viruses.

Bluebugging: a form of bluetooth attack. A Bluebug program allows the user to “take control” of the victim’s phone. Not only can they make calls, they can send messages, essentially do anything the phone can do. This also means that the Bluebug user can simply listen to any conversation his victim is having in real life.

Bluejacking: the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers,

Bluesnarfing: the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can steal pictures and private videos.

Botnet: a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely.

Click fraud: a type of internet crime that occurs in pay per click online advertising when a person, automated script, or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad’s link. Click fraud is the subject of some controversy and increasing litigation due to the advertising networks being a key beneficiary of the fraud.

Computer Virus: a computer program that can copy itself and infect a computer without permission or knowledge of the user. The term “virus” is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs.

Computer Worm: a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Crapflooding: the practice of disrupting online media such as discussion websites or Usenet newsgroups with nonsensical, inane, and/or repetitive postings (flooding with crap) in order to make it difficult for other users to read other postings. It can also be motivated by a desire to waste the targeted site’s bandwidth and storage space with useless text.

Cyber-stalking: repeatedly sending message that include threats of harm or are highly intimidating; engaging in other online activities that make a person afraid for his or her safety.

Denial-of-Service Attack (DoS attack): or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

E-mail spoofing: a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message.

False flag operations: covert operations conducted by governments, corporations, or other organizations, which are designed to appear like they are being carried out by other entities.

Flaming: online fights using electronic messages with angry and vulgar language.

Griefers: differ from typical players in that they do not play the game in order to achieve objectives defined by the game world. Instead, they seek to harass other players, causing grief. In particular, they may use tools such as stalking, hurling insults, and exploiting unintended game mechanics. Griefing as a gaming play style is not simply any action that may be considered morally incorrect.

Hacker: someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. In the most common general form of this usage, “hacker” refers to a black-hat hacker (a malicious or criminal hacker).

Internet Bots: also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet.

Internet troll (or simply troll in Internet slang): someone who posts controversial and usually irrelevant or off-topic messages in an online community, such as an online discussion forum or chat room, with the intention of baiting other users into an emotional response[1] or to generally disrupt normal on-topic discussion.

Joe Job: a spam attack using spoofed sender data. Aimed at tarnishing the reputation of the apparent sender and/or induce the recipients to take action against him (see also e-mail spoofing).

Keystroke Logging (often called keylogging): a method of capturing and recording user keystrokes. Keylogging can be useful to determine sources of errors in computer systems, to study how users interact and access with systems, and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures.

Lurker: a person who reads discussions on a message board, newsgroup, chatroom, file sharing or other interactive system, but rarely participates.

Malware: software designed to infiltrate or damage a computer system without the owner’s informed consent. The term is a portmanteau of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Nigerian 419 Fraud Scheme (or an advance fee fraud): a confidence trick in which the target is persuaded to advance relatively small sums of money in the hope of realizing a much larger gain.[

Peer to Peer (or “P2P”): computer network that uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. P2P networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is also passed using P2P technology.

Pharming (pronounced farming) is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website.

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets. Phishing is typically carried out by e-mail or instant messaging,[1] and often directs users to enter details at a website, although phone contact has also been used.

Phreaking: a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems, like equipment and systems connected to public telephone networks. The term “phreak” is a portmanteau of the words “phone” and “freak”. It may also refer to the use of various audio frequencies to manipulate a phone system. “Phreak”, “phreaker”, or “phone phreak” are names used for and by individuals who participate in phreaking. Additionally, it is often associated with computer hacking. This is sometimes called the H/P culture (with H standing for Hacking and P standing for Phreaking).

Pigeon Drop: the name of a confidence trick in which a mark or “pigeon” is convinced to give up a sum of money in order to secure the rights to a larger sum of money, or more valuable object. In reality the scammers make off with the money and the mark is left with nothing.

Piggybacking:  a term used to refer to access of a wireless internet connection by bringing one’s own computer within the range of another’s wireless connection, and using that service without the subscriber’s explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary in jurisdictions around the world. While completely outlawed in some jurisdictions, it is permitted in others. Piggybacking is used as a means of hiding illegal activities, such as downloading child pornography or engaging in identity theft. This is one main reason for controversy.

Pod Slurping: the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

Rootkit: a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows terms “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system

Scam Baiting is the practice of pretending interest in a fraudulent scheme in order to manipulate a scammer. The purpose of scam baiting might be to waste the scammers’ time, embarrass him or her, cause him or her to reveal information which can be passed on to legal authorities, get him or her to waste money, or simply to amuse the baiter.

Script kiddie (occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar): a derogatory term used for an inexperienced malicious hacker who uses programs developed by others to attack computer systems, and deface websites.

Shareware: a marketing method for computer software in which the software can be obtained by a user, often by downloading from the Internet or on magazine cover-disks free of charge to try out a program before buying the full version of that program. If the “tryout” program is already the full version, it is available for a short amount of time, or it does not have updates, help, and other extras that buying the added programs has. Shareware has also been known as “try before you buy”. A shareware program is accompanied by a request for payment, and the software’s distribution license often requires such a payment

Smishing: short for “SMS phishing” (SMiShing) is an attempt to get cellular phone and mobile device owners to download a Trojan horse, virus or other malware by clinking on a link included in a SMS text message.  

Sneakernet: a tongue-in-cheek term used to describe the transfer of electronic information, especially computer files, by physically carrying removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another.

Snarfing: information theft or data manipulation in wireless local-area networks (WLAN).

Social engineering: the art of manipulating people into performing actions or divulging confidential information.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Sockpuppet: an online identity used for purposes of deception within an Internet community. In its earliest usage, a sockpuppet was a false identity through which a member of an Internet community speaks while pretending not to, like a puppeteer manipulating a hand puppet.[1]  A sockpuppet-like use of deceptive fake identities is used in stealth marketing. The stealth marketer creates one or more pseudonymous accounts, each one claiming to be owned by a different enthusiastic supporter of the sponsor’s product or book or ideology. A single such sockpuppet is a shill; creating large numbers of them to fake a “grass-roots” upswelling of support is known as astroturfing.

Software cracking: the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key, CD check or software annoyances like nag screens and adware.

Spamming: the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, mobile phone messaging spam, Internet forum spam and junk fax transmissions.

Spear Phishing: Targeted versions of phishing have been termed spear phishing.[19] Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.

Sporgery: the disruptive act of posting a flood of articles to a Usenet newsgroup, with the article headers falsified so that they appear to have been posted by others. The word is a portmanteau of spam and forgery.

Spyware: is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.

Stealware: refers to a type of software that effectively transfers money owed to a website owner to a third party. Specifically, stealware uses an HTTP cookie to redirect the commission ordinarily earned by the site for referring users to another site.

Trojan horse (or simply Trojan):  a piece of software which appears to perform a certain action but in fact performs another such as transmitting a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such malware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user (see Social engineering).

Vishing: is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing. Vishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

VoIP Spam: the proliferation of unwanted, automatically-dialed, pre-recorded phone calls using Voice over Internet Protocol (VoIP). Some pundits have taken to referring to it as SPIT (for “Spam over Internet Telephony”).

War dialing: a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for unknown computers, BBS systems or fax machines. Hackers use the resulting lists for various purposes.

Wardriving: the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using such items as a laptop or a PDA.

Warspying: detecting and viewing wireless video; usually done by driving around with an x10 receiver. Warspying is similar to “Wardriving” only with wireless video instead of wireless networks.

Web crawler (also known as a web spider or web robot or – especially in the FOAF community – web scutter): a program or automated script which browses the World Wide Web in a methodical, automated manner. Other less frequently used names for web crawlers are ants, automatic indexers, bots, and worms. This process is called web crawling or spidering. Many sites, in particular search engines, use spidering as a means of providing up-to-date data.

White Hat: the hero or good guy, especially in computing slang, where it refers to an ethical hacker that focuses on securing and protecting IT systems. Such people are employed by computer security companies where these professionals are sometimes called sneakers.[citation needed] Groups of these people are often called tiger teams.

Zombie computer (often shortened as Zombie): a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a Trojan horse. Generally, a compromised machine is only one of many in a Botnet, and will be used to perform malicious tasks of one sort or another under remote direction.

This article was compiled by L. Scott Harrell and is posted courtesy IRBseach, LLC.