|
This article series is intended to help
you understand some of the terms and technologies employed by
hackers. With this knowledge, you will be better able to
ensure that your computer system (or network if you are a
system administrator) is adequately protected and safe from
prying eyes and unknown fingers.
Hacking Terms
- Back Door
- Programmers and system managers will often code special
hidden ways to get into a system into their programs.
Oftentimes these are done simply to make it easier to log
in; for example, a systems operator might find it tiring to
enter two passwords every time he needs to log in so he
might create a simpler way. Sometimes they are done to allow
people to log in after leaving a job (consultants may do
this so they can gain access later), and a hacker might
crack into your system and then create a special way in so
he can come back later. The main point here is a back door
always short-circuits the front line security.
- Cracking
- Cracking is illegally breaking into systems for whatever
reasons, or using a computer illegally. In general, much of
what the public refers to as "hacking" should really be
called "cracking".
- Data Diddling
- Modifying data. For example, changing credit card
numbers or modifying social security information.
- Denial Of Service Attack
- Attacks which attempt to overwhelm a computer system.
These often take advantage of bugs or send data so quickly
that a computer can do nothing else but serve the request.
One typical denial of service attack is to send malformed
packets as fast as possible. The receiving computer finds it
can do nothing else but handles these packets. (See "Hacker
Notes - Denial Of Service Attacks" for more
information).
- Distributed Denial Of Service Attack
- In order to make it more difficult to track down the
source of a denial of service attack, it can be launched
from two or more different machines. Attacks of this sort
are often spread via email trojan horses, and quite often
the attacking machine's owner is totally unaware of what's
going on.
- Dumpster Diving
- Many system managers (at least those who don't know any
better) throw away computer printouts and other information
into their normal trash. The term Dumpster Diving comes from
the habit of literally getting into trash containers,
looking for these listings. This is essentially a way to get
information about the computer systems of the company who
threw out the trash.
- Easter Egg
- A special kind of trojan horse, generally added to a
program by the developers. These are undocumented functions
which are usually intended to be funny in some way.
- Email Bomb
- An attempt to send so many email messages to an email
server or inbox that it becomes overwhelmed. See "Hacker
Notes - Email Bombs" for more information.
- Hacking
- Much of what the media covers is actually cracking, not
hacking. In the "old days" hacking referred to learning
about computers by hands on study and analysis. Today
hacking generally means any illegal use of a computer
system.
- Hacktivism
- Hacking which is motivated by political or ideological
reasons. For example, defacing a web site in order to
promote political freedom for someone.
- Impersonation
- Simply put, pretending to be something that someone is
not. In social engineering, this might be as obvious as
pretending to be the phone repairman in order to tap into
the phone lines.
- Latency
- The amount of time that must pass before a time bomb or
logic bomb triggers the payload.
- Logic Bomb
- This is a piece of code inserted by a hacker (or a
trojan horse) which is triggered by an event. It may be as
simple as a date passing or as complicated as the
termination of an employee. The point is the damage does not
occur until a specific thing (or things) has occurred.
- Malware
- Malicious software, including viruses, email bombs,
trojan horses, worms, logic bombs, time bombs, back doors
and so on.
- Master Program
- A program run by a hacker or hackers which allows
zombies to be controlled. The master program is used to
transmit instructions to the zombies, usually to direct
distributed denial of service attacks.
- Payload
- The part of a virus, trojan horse or other malicious
code which actually performs the intended task.
- Root Kit
- A set of tools available to hackers to allow them to
gain access to root (privileged) functions on a server.
- Social Engineering
- Using various social skills (such as lying or conning)
to attempt to get someone to hand over a password, access
code or simply access to a computer.
- Spam
- Spam is the sending of unsolicited, undesired email
messages in mass, usually for advertising purposes (although
occasionally for political or religious ends). Often the
email addresses are obtained involuntarily and without the
knowledge of the owners by scanning web pages (this is known
as email harvesting), purchasing email lists or just plain
making them up.
- Spoofing
- Quite simply, lying. This often refers to the changing
of the TCP/IP address in a packet in order to hide the
originating computer, or the modification of the return
address in an email in order to mask the sender.
- Time Bomb
- This is simply some code on a computer which is does not
immediately trigger. Instead, it is set to cause it's damage
at some point in the future.
- Trojan Horse
- Similarly to the legend, a Trojan Horse is a malicious
piece of code which appears to be something useful or
desirable.
- Virus
- A destructive piece of code which infects or inserts
itself into normal code on a computer. Many viruses install
themselves into the boot sector of a disk so as to reload
each time a computer boots, or add themselves to privileged
programs on the computer. Many of the things which most
people refer to as viruses are actually worms.
- Worm
- A
worm is similar to a virus in that it sends itself from
system to system. However, a
worm does not integrate itself into code on the target
system. Instead, it just executes and does it's damage.
Virtually all of the things that the public thinks of as
viruses are actually worms.
- Zombie
- A
Zombie is a program or piece of code which is injected
into a system. These zombies then wait for commands from
hackers, and perform their bidding. Generally, zombies are
used in distributed denial of service attacks, and are often
spread as worms through newsgroups, IRC chats and email
messages. It is quite common for systems to be infected with
zombies without their users knowledge, and since no damage
results to their system they may never know they are
infected.
|
|
 |
|