A B D E H I J L M P R S T V Z


A

Anonymous

Anonymous is a very loosely organized international movement of hacktivists that has no real leadership or structure but organizes around a set of principles or causes. Groups of hackers will come together to work on hacking “operations” against targets that they see as unjust or immoral or in many cases, chosen simply for the lulz. The name Anonymous comes originally from the completely wild and un-moderated /b/ image board on a website called 4chan where almost all users posted comments and engaged in conversations as “Anonymous” rather then using their real names or made up ones. It was on the /b/ board that some of the original operations were organized by 4chan users who referred to themselves as “Anons”. When Anons appear in videos online or in the real world they wear Guy Fawkes masks, which has become the symbol by which most of the general public will recognize Anonymous members.

B

Bot

A bot is a sophisticated piece of malware that can infect your computer and turn it into a robot or zombie that can be controlled by a hacker to perform automated tasks on their behalf. A hacker can use a bot on your computer to send spam, initiate a Dos (denial of service attack) or a brute force attack to crack a password and it will actually be coming from your computer making it hard to trace who is really behind the attack.

Botnet

While a bot can be a powerful tool for a hacker, controlling hundreds or thousands of bots in a network called a botnet is the ultimate hacking machine. Think of a bot as a single computer soldier who will follow the hacker’s orders without question. Think of a botnet as an entire army of these computer soldiers. By controlling a botnet, a hacker can run the same automated tasks on multiple machines to crack passwords faster or create huge amounts of DoS traffic that can take down websites in seconds.

Brute force attack

A brute force attack is a means of breaking into a user account. While it might take a human being years to randomly guess a user name and password to gain access to a website or an email account, computers can do the job much faster and usually within a few minutes or hours. For example if a hacker wants to gain access to your WordPress website he knows that the default admin username is simply “admin”. Using a password dictionary that contains tens of thousands of common passwords he can run a program that will try each and every one on the list, one after another, at lightening speeds, until it finds a match. While this method is highly effective, it is not really the most elegant way to hack an account, hence the name “brute force”.

D

DoS attack

DoS is short for Denial of Service. This is a common attack meant to take down a website by flooding it with useless requests until there are so many they can no longer be processed by the webserver and the site goes down. A good analogy is your front door mailbox. When you receive regular mail it may get fairly full from time to time but it still functions and does it’s job. With a DoS attack, hackers back up a mail truck and dump the entire contents at once on your doorstep making the mailbox unavailable.

DDoS attack

DDoS is short for Distributed Denial of Service. A DDoS attack is simply a larger DoS attack but in this case instead of a single hacker it is multiple hackers or even a botnet of thousands of computers controlled by hackers initiating the attack. Extending the analogy above in the DoS entry of the mail box, rather than simply backing up a mail truck and dumping the contents on your front doorstep, a DDoS attack would be the equivalent of dropping an entire post office on your house for the purpose of overfilling your mailbox.

Doxing

Doxing is the term used for finding private and identifying information about a person and then publishing it on the Internet to expose them, humiliate them or even endanger them in some way. Examples could include publishing the home address and private phone number of a celebrity, publishing the entire hacked email inbox of a politician or business executive or even the real identity of an undercover police officer.

E

Exploit

An exploit is a tool, piece of code or set of commands that takes advantage of a vulnerability e.g. a bug or glitch in a system or piece of software to produce an unintended or unanticipated behaviour that can some how be used to the hacker’s advantage. While there are many interpretations and definitions of what an exploit is and how it is different from a vulnerability, I tend to think of the exploit as the verb and the vulnerability as the noun that the verb is taking action against. For example, remember when the Fonz would bang his fist on the jukebox in a certain way and it would start without him having to put in a quarter… or even picking a song? The Fonz used his fist to “exploit” a “vulnerability” in the jukebox.

H

Hacker

Everyone thinks they know what the word “hacker” means, but most people are actually using it incorrectly. So many are in fact that it has completely changed the nature of the word. Back in the dawn of the digital age when we still used punch cards, circuit boards and soldering irons to make computers do what we wanted rather than keyboards and graphical interfaces, computer hobbyists who wanted to understand how things worked and find clever and interesting ways to make the technology do things faster, better or by new methods were called hackers. Originally hacker culture included the idea of open sharing of these “hacks” with the intention that it would seed the community with even more ideas which would in turn drive the over all technologies forward at a faster pace. Unfortunately these techniques can also be used for evil and many hackers went dark side or “black hat” and the word eventually became equated with those who exploit vulnerabilities in computer systems and networks to gain unauthorized access.

Hacktivist

A hacktivist (hacker + activist) is someone who uses his or her hacking skills to further a specific political or moral cause.

I

IP Address

An IP address is the group of numbers that represents a device on the Internet or local area network. For example Google uses multiple webservers to run www.google.com which is actually the user friendly name for it’s IP addresses one of which is 74.125.224.72. When you connect to the Internet, your computer is given an IP address too which can be tracked by any webpage you visit. If you want to find out what your IP address is, just Google “what is my ip” to find out.

Interdiction

Originally a military term for messing with the enemy’s supplies on route to the battlefield, interdiction is often used to describe installation CD’s or other media that are intercepted during shipping and altered to include malware or spyware of some sort.

J

Jail Broken

Jail breaking an iOS device such as an iPhone, iPad or Apple TV is a process that removes the hardware restrictions that Apple puts in place on the device so that you can’t install your own applications or modify existing ones. Once a device is Jail Broken, you have much more freedom over what you can do with it, however you will not be able to get new updates from Apple. With a Jail Broken device you also run the risk that while you can now install stuff that Apple doesn’t want on your device, so can hackers.

L

Lulz

Likely lulz was originally the plural version of “lol” but now it is generally used as a term for having fun and laughter at someone else’s expense. A hacker that plays a malicious or even vicious prank on someone in order to harass, embarrass, or humiliate where there is clearly no reason for doing so will say he “did it for the lulz”.

P

Phishing

A phishing email is one that looks like it comes from a legitimate source such as your bank, IT department or even a personal friend that asks you to do something, click on something or reply with private and personal information such as your credit card details, network password or even money. Phishing is usually a bulk attempt to lure in people by sending thousands of emails and hoping that a small portion of recipients will fall for the ruse. “Spear phishing” in contrast is a highly specific and customized attack targeting one or more individuals. And just to beat the analogy to death, “whale phishing” is the term used for an attack targeting an extremely important government official or business executive.

Phreaking

Before there were computers to hack, we “hacked” the phone systems of the world and it was called phreaking. Phreakers would find ways to exploit weaknesses and security holes in the phone system to get free services, listen in on other people’s conversations or perhaps make long distance calls to their girlfriend who was going to a University in another city.

Pwned

The story goes that some Word of Warcraft programmer misspelled “owned” as “pwned” in the original code. When the computer beat you, it would say “you have been pwned” and it just kinda stuck. Now it’s the universal term for being outsmarted, dominated or humiliated in some way or simply that you’ve been hacked e.g. “some hacker totally pwned my website”.

M

Malware

A catch all term for bad software made by bad people which does bad things when it gets on your computer.

R

Ransomware

Ransomware is malware that infects your computer and encrypts all of your files until you pay a ransom to unlock it. This is an incredibly devastating personal attack because it literally holds ransom and threatens to take away from you forever all of your family pictures, documents, emails and everything else you have saved on your computer. Often there is a timer on your screen that counts down to a point where the files will no longer be recoverable and the longer you wait the more money it will cost you as well. Running out of time and seeing the price increase with each passing minute is a trick that is meant to make you panic and pay the ransom before it’s too late rather than investigate other means of retrieving your files. Paying the ransom however does not always mean your files will be unlocked. You are after all dealing with some unquestionably unethical folks in these situations.

Root

In days of old when UNIX ran the world the ultimate superuser, account number zero, was known as “root”. If you had root, you were a god among geeks.

Rooted

If a computer or device is “rooted” it means that a hacker has gained unrestricted access to it.

Root Kit

A root kit is a malicious piece of software that hides undetected on a hacked computer and provides “root level” or unrestricted access for a hacker to the machine. This means that the hacker can remotely control your computer and use it to do whatever he wants to do including steal information, turn on your webcam and spy on you or even use your computer to hack other systems.

RTFM

Short for “Read the f***ing manual”. A surly look and eye-roll, while optional, usually accompanies this directive.

S

Script Kiddie

The derogatory term for a wannabe hacker who doesn’t have very sophisticated skills of their own but instead uses tools and scripts developed by others to generally do annoying things like take down websites with DoS attacks.

Social Engineering

Most of the time it’s easier to just trick someone into telling you their password then it is to try and actually hack it. In fact, many of the world’s greatest hackers, while they may have elite tech skills, simply use simple cons, tricks and persuasion to obtain the information they need from people who are usually more than willing to be helpful and provide it. Arguably the world’s greatest social engineer is Kevin Mitnick, who literally wrote the book on the subject called the Art of Deception. FREE KEVIN!

SQL Injection Attack

You know all of those entry forms on your website like the contact page, news letter subscription form etc.? Well if your site isn’t properly protected a hacker can paste some code written in a programming language called SQL into one of those boxes and hit submit and it will execute it directly into your site’s database. With SQL a hacker can insert something, delete something, update something or even display something on the screen that is contained in your database such as user account passwords or credit cards numbers.

T

Two Factor Authentication

When you enter a password on a website you are in effect using only one factor of authentication. If that password is guessed or cracked a hacker can impersonate you and gain access to that website. That’s why more and more websites, applications and devices are requiring two factors of authentication. A great example is your bank card. When you want to get money out of your account at an ATM you insert your bankcard (something you have that is unique to you) and pair it with your PIN number (something you know that is unique to you). Many websites like Twitter and LinkedIn are implementing it as well. When you login to Twitter with two factor authentication enabled you use your password (something you know that is unique to you) and then Twitter sends a one time PIN number to your cell phone (something you have that is unique to you). While not impossible to hack, two factor authentication makes it so much more difficult that standard attacks will likely be foiled immediately.

V

VPN

Short for Virtual Private Network a VPN is software that you run on your computer, laptop or tablet that creates an encrypted “tunnel” across the Internet connecting you directly and securely back to your office, your Internet Service Provider or somewhere you trust. For example while you’re enjoying your venti-tipple-non-fat-extra-foam-mega-five-pump-vanilla-latte in a coffee shop and you connect to the WiFi, how do you know that it’s really the coffee shop’s WiFi? And if it is really their WiFi is it secure and not completely wide open? The answer is always “you don’t know” so if  you’re going to be promiscuous with your web surfing and have multiple WiFi partners then you need to use some protection to ensure all of your traffic is safely encrypted and that’s called a VPN.

Z

Zero Day

A zero day attack is any attack where a hacker finds and uses an exploit in a piece of software that no one knew about before the attack. It’s called a “zero day” because the developers of the software being exploited didn’t know about it and have therefore had zero days to work on fixing it when the attack occurred. Zero day attacks are extremely dangerous because they are, by their nature, unknown and therefore can not be anticipated leaving defenders in an reactionary mode and systems exposed until a fix or patch is created.


If I haven’t included a word or term you would like to know the meaning of, or if you’re inclined to politely correct, nit-pick or call bullshit on any of the following definitions, just send a quick note via the contact page!