Terms related to Computer Security Threats and Online Frauds

“Hey, what happened? Why do you look so tense?”

“The system is down. Got infected by a virus. The admin guy is looking at it, but he says some files may be lost.”

Almost all of us dread this kind of a dialog. We all fear that our systems may get infected. We are all paranoid about our data, since this data is vital to our business and for some, data is the business. We take back ups. We take double back ups and we take triple back ups and store it at multiple locations outside our office, our city or even in a different country!!! And then there is the worst of the nightmares. What if our systems get hacked?

These are realities of today’s business and as it said that prevention is better than cure, but to prevent from something, you first need to know what that something is. Can you tell a virus from a Trojan? What about a rootkit, or a key logger or a spyware? Yes the world of computer security can feel terrifying with all these terms thrown at you every day. So to help you out, in this article, we have collected terms commonly found in computer security jargon which seem incomprehensible and have tried to explained them in easy to understand language so they do not seem… well… incomprehensible!

Hacking

Hacking is a generic term for computer crime in which a hacker bypasses (or tries to bypass) security mechanisms of a computer system to gain unauthorized access to the system.

Some hackers insist that there is ethical hacking, just messing around the network with no malicious intentions, and unethical hacking, something done with intention of causing harm or fraud.  But in popular media the term hacking is generally referred to in its negative context.

Hacking is conducted generally in two steps. First, a vulnerability analysis is conducted on the target machine to find out the possible security flaws. In step two these security flaws are exploited to gain full/partial control of the target machine.

Social Engineering

Social engineering is an activity in which the hacker impersonates somebody whom the victim trusts; say for example, a bank representative or a police officer or one of the technical support personnel. Then by using his communications skills the hacker obtains the sensitive security data such as login credentials from the victim.   

Social engineering is one of the most basic and the most effective techniques of hacking. If done right, the hacker gets the exact login credentials using which he can access the system through the official interface without resorting to any code breaking. 

Malware

Malware stands for malicious software. It represents the family of harmful software programs such as viruses, worms, Trojan horses, rootkits, etc. which are created to hack or damage victim computers.

Rootkits

Rootkit is malicious software which is used to gain the administrator access to the operating system of the target computer.

Traditionally on the Unix systems the main administrator account has a username called ‘root’. This root user has all the privileges on the operating system. This is how rootkits got their name, since their basic task is to obtain root-level access to the system.

The first known rootkit was written by Lane Davis and Riley Dake for SunOS 4.1.1 in about 1990.

Often rootkits hide their installation by replacing the standard operating system executables and libraries (dlls). Because of this even if somebody scans the process table of the operating system he/she cannot detect the presence of a rootkit since all he/she sees are the regular operating system processes. 

Virus

This is one of the most commonly known types of the malicious software. A virus is a self replicating program which attaches itself to executables and other files. And whenever these executables are accessed, using the privileges of its host process, the virus infects even more files.

Worm

Like a virus a worm is also a self replicating program but an important difference between a worm and virus is that a virus attaches itself to an executable while a worm does not. A worm uses the network to send its copies to other computers. Most of the time, this activity is carried out through an inconspicuous process without any user intervention.

It is believed that the term ‘worm’ was first used in a 1975 science fiction novel named ‘The Shockwave Rider’, by John Brunner.

Trojan horse

A Trojan horse is a computer program which in the pretense of normal functioning actually performs malicious functions. The aim of a Trojan horse is to create a security hole in the victim machine which can later be used to steal vital information or to mount a more vicious attack on the victim machine.

Spyware

A spyware is a software program which installs itself on a victim machine without any knowledge or consent of the user. Spywares are used by their creators for various reasons, such as monitoring online behavior of people, changing the computer settings (for example the homepage of the browser), installing additional software or viruses, displaying unwanted advertisements, etc.

The credit of popularizing the use of term spyware in its current context is given to Gregor Freund, founder of the widely known security software maker Zone Labs.

Adware

Adware is a software program which displays advertisements to the user while using the program. The motivation behind this is to keep the program free and yet recover the development costs of the software. Some adwares allow you to pay a small fee to disable the advertisements.

Key logger

A key logger is a software program which records every key pressed on the victim machine. Key loggers are generally distributed as Trojan horses or viruses. The logs are then sent to the hacker who looks for popular patterns (such as typing a website address, then typing a username, pressing the Tab key and typing a password) to steal the login credentials of other people.

When using the internet on public machines, one should always be wary of key loggers. One method to confuse the hacker is not using the regular patterns while accessing websites, for example while entering password, first enter four random characters from the password, then use mouse to enter the remaining letters at their proper positions.

Backdoor

A backdoor is creating a way to bypass the normal security and the authentication mechanisms of a computer system to allow a hacker to login to the machine remotely and perpetrate computer crime.

Numerous instances of backdoors have been found in both, open source and proprietary software. One infamous instance is when in 2005 Sony BMG distributed millions of music CDs with spyware to protect its digital rights. This spyware installed itself on a user’s Windows machine when he/she played it on his/her machine. Sony BMG ended up attracting a lot of negative publicity and a quite a few lawsuits. Later Sony BMG agreed to have carried out such actions and recalled all the CDs and provided software to remove the spyware installed by them.

Botnet

The term botnet is used to refer to a collection of compromised computer machines running various malwares such as Trojan horses, viruses and worms. The hacker who creates the botnet can control it to perform malicious activities such as mass spamming or launching denial-of-service attacks on various websites.

Some popularly known botnets are Kraken, Srizbi, Bobax, Cutwail, Storm, Grum, Onewordsub, Ozdok, Nucrypt, Wopla, Spamthru. According to security experts at www.secureworks.com, these top botnets are capable of collectively sending 100 billion spam messages every day.

Zombie computer

A zombie computer is a computer which is infected by a malware and is part of a botnet remotely controlled by a hacker over the Internet. Most of the time, the user of a zombie computer is unaware of the fact that his/her machine is being used to carry out unlawful activities.

Denial-of-Service (DoS) attack

A denial-of-service attack is an attempt to choke the computing capacity of a computer system in order to make its services unavailable to its users.

A denial-of-service attack is more common on the Internet where the servers of the victim websites are intentionally overloaded with numerous purposeless requests. Generally these attacks are carried out against high profile websites, DNS (Domain Name System) servers and Government websites.

Known-plaintext attack

Known-plaintext attack is a method to breach encrypted communication. In this type of attack the code breaker has access to samples of both the plaintext (message) and its encrypted version. Using this data, the code breaker can find out the secret key which is used to encrypt the communication. This key can be then used to gain access to further communication encrypted with the same key.

This kind of attack was used in World War II by using the samples forcefully obtained from captured German soldiers.

Chosen-plaintext attack

In a chosen-plaintext attack the code breaker has access to same encryption mechanism (such as same software/hardware) which was used to encrypt a communication that needs to be accessed.

In this type of attack, by using the same mechanism, the code breaker encrypts samples of his own plaintext messages to obtain the corresponding ciphertexts. Then by comparing these he/she can obtain the secret key used for the communication that needs to be accessed. Once the secret key is revealed the code breaker can then obtain all the original communication in the plaintext form.

Man-in-the-middle attack

Man-in-the-middle attack is another type of attack in cryptography in which the attacker is eavesdropping the entire communication between two parties, when the two parties believe that they are communicating in private. The eavesdropper intercepts the messages from the sender and then relays them back to the receiver.

Though intercepting all the communication between two parties seems impossible to laymen, it is possible if the attacker is the owner of public wireless access points used for communication.

Identity Theft

Identity theft means the impersonation of someone else in order to gain money and/or some other benefits. Identity theft is the basic principle behind the art of social engineering.

Identity theft is considered as crime in many countries since the person whose identity is being stolen can suffer serious implications as a result of an act he/she never committed.

Phishing

Phishing is an act in which a fraudster poses as somebody trustworthy in an electronic communication in order to obtain information, such as login details or credit card details, from the victim.

Typically in phishing the victim gets an email which looks like it has come from some prominent bank asking for the login/credit card details which were lost during some process glitch. The email bears the look that is similar to the look of the website of the bank and even contains logos, trademarks and other insignia of the bank.

If the user falls for this trap and clicks on the link contained in the email, he/she will be taken to a website which exactly mimics the look of the original website of the bank. Also the domain name used for the website is a minor spelling variation of the original. Here falling pray to the trap, the user enters the details in the form presented to him/her.

Vishing

Vishing is similar to phishing except that is carried over VoIP (Voice over Internet Protocol) instead of email. Here the victim gets a call from somebody who claims that he/she is a PR executive from a prominent bank/company.

Generally people tend to trust telephonic conversation since they believe that generally phone numbers are tied to legitimate people with legitimate billing addresses. What they are unaware of is that with the help of call spoofing systems and VoIP the fraudster can remain anonymous.

Lottery scam

In a lottery scam the user gets an email stating that he/she has won some lottery and in the email he/she is asked to contact a certain person over email. If the user falls pray to this scam and gets in touch with the said person, he/she is asked to pay some processing fees in order to receive the lottery amount. But after paying the processing fee the user never gets the prize money he/she supposedly had won.

Some other variations of this scam exist. In one of the variations the victim is lured by the prospect of being sole heir to the property of some deceased distant relative, while in another variation the victim is given false hopes of large overseas business contract.

Online Reputation Management

Online Reputation Management (or Online Reputation Monitoring) is keeping watch on what is being said about your brand, your company or yourself across various online media and proactively reacting to keep a positive face.

With abundance of discussion forums, blogs and self-styled journalism on the Internet, it is quite likely that your brand, or you (if you happen to be someone famous) is being discussed somewhere on the Internet. Due to wide reach and easy accessibility the Internet has become a powerful communication medium and if something is being said about your brand it is quite likely that it will be read by thousands of people. They are reading it and forming opinions about your brand.

Establishing a brand takes years of hard work and quite a lot of money. But one negative post by some influential blogger can destroy all those years of hard work. By engaging in online reputation management, you monitor what is being written or said about your brand and if you find something that depicts your brand negatively, then you can take early proactive measures to minimize such damage.

Online reputation management is also helpful to get insights from the customers about product satisfaction and improvement of services. It can be used as a relatively cheap marketing tool to reach a wide audience.

Search Engine Reputation Management

With the number of websites growing everyday user depend more and more on search engines to find information. If somebody can’t find a webpage using search engine, it virtually doesn’t exist. Using this philosophy Search Engine Reputation Management (SERM) professionals try to protect your brand from the negative content that shows up for the search queries related your brand and business.

The SERM tactics depend heavily on Search Engine Optimization (SEO). SEO is making sure that pages from your website show up in the top results for the search queries related to your business.

Gripe Websites

Gripe website is a website established with the sole motive of negative depiction of a particular brand, company, government body, place or a person. They are also commonly referred as hate websites, ‘sucks’ websites or complaint websites.

With gripe website, the Internet provides a cheap way for unsatisfied customers to “get even” with big corporations. Obviously the corporations don’t take gripe websites lightly and retaliate by filing defamation lawsuits, trademark infringement suits and copyright infringement suits against the owners of such websites, while the owners try to defend their position on the grounds of free speech.

Morphing

Morphing originally stood for the special effect in which using animation techniques, one image was changed (or morphed) into another. One early example of morphing was the popular animation in which a man’s face slowly changes to that of a wolf’s.

Later with the advent of advanced photo editing applications it became easy to morph one person’s face to other person’s body. While it is used mostly for fun (for example a website called morphthing.com let’s you combine faces of various popular celebrities), there have been instances when morphing has been used for intentional defamation of a particular person.

Cybersquatting

Cybersquatting is registering and holding the domain names containing the trademarks of others only to sell them to the trademark owners at inflated price.

The prices demanded by cybersquatters are generally far higher than the original purchase prices. Some malicious cybersquatters even display defamatory content on these domains only to encourage the trademark owners to buy it quickly.

Internet Corporation for Assigned Names and Numbers (ICANN), the authority which manages the assignment of domain names and IP addresses, has set up a process called Uniform Domain Name Dispute Resolution Policy (UDRP) to resolve disputes regarding cybersquatting and others issues related to registration of domain names.

Typosquatting

Typosquatting is a from of cybersquatting, in which the cybersquatter registers domain names which are minor spelling variations of a popular domain. When the users type the wrong spelling they are taken to the website owned by the cybersquatter.

These websites can be used for various purposes but are generally used to show cheap pay per click advertisements.

Pharming

Pharming is a hacking technique in which a hacker hacks DNS (Domain Name System) servers so as to send traffic intended for one site to another fake site. On a smaller scale the same effect can be used by altering the ‘hosts’ file on a victim computer.

Pharming can be used to steal credit card information, so it is a serious threat to websites which provide banking or eCommerce services.

Domain tasting and Domain kiting

Domain tasting refers to a practice in which a five day grace period is allotted to the registrant of a domain name at the beginning of the registration to check the marketability of the domain name. During this period the registrant can cancel the domain name registration and claim full refund from the domain registry.

Domain kiting is the process of cancelling registration of a domain name within the five day grace period and then again registering it again for the five day period. By repeating this process for a number of times a domain registrant can use a domain name for a prolonged time without actually paying for it.

Cybotage

Cybotage can be described as a hostile act of disruption or destruction of communication and information infrastructure of the Government of a country. The person who perpetrates cybotage is known as cyboteur.

This way cybotage is similar to cyber terrorism and a cyboteur is a cyber terrorist.

In today’s time, arguably terrorism is the worst enemy of civilised society. Modern businesses depend heavily on communication infrastructure such as the Internet and email for day to day activities. Hence the danger of terrorists resorting to cybotage is very much likely.