"The system is down. Got infected by a virus. The admin guy is looking at it, but he says some files may be lost."
These are the realities of today's business and prevention is better than cure. But one needs to know what to protect oneself from in the first place. Can you tell a virus from a Trojan? What about a rootkit, or a key logger or spyware? Yes the world of computer security can be confusing with all these terms thrown at you every day. So here's an article to help you out.
Hacking is a generic term for computer crime in which a hacker bypasses (or tries to bypass) the security mechanisms of a computer system to gain unauthorized access to the system.
Some hackers insist that there is a concept of "ethical hacking", just messing around the network with no malicious intentions, and "unethical hacking", something done with the intention of causing harm or fraud. But in popular media the term hacking is generally referred to in its negative context.
Hacking is conducted generally in two steps. First, a vulnerability analysis is conducted on the target machine to find out the possible security flaws. In step two these security flaws are exploited to gain full/partial control of the target machine.
Social engineering is an activity in which the hacker impersonates somebody whom the victim trusts; say for example, a bank representative or a police officer or one of the technical support personnel. Then by using his/her communication skills, the hacker obtains sensitive security data such as login credentials from the victim.
Social engineering is one of the most basic and the most effective techniques of hacking. If done right, the hacker gets the exact login credentials using which he/she can access the system through the official interface without resorting to any code breaking.
Malware stands for malicious software. It represents the family of harmful software programs such as viruses, worms, Trojan horses, rootkits, etc. which are created to hack or damage the victims' computers.
Rootkit is a malicious software that is used to gain the administrator access to the operating system of the target computer.
Traditionally, on the Unix systems, the main administrator account has a username called 'root'. This root user has all the privileges on the operating system. This is how rootkits got their name, since their basic task is to obtain root-level access to the system.
The first known rootkit was written by Lane Davis and Riley Dake for SunOS 4.1.1 in 1990.
Often rootkits hide their installation by replacing the standard operating system executables and libraries (dlls). Because of this, even if somebody scans the process table of the operating system he/she cannot detect the presence of a rootkit since all that he/she sees are the regular operating system processes.
This is one of the most commonly known types of malicious software. A virus is a self-replicating program that attaches itself to executables and other files. And whenever these executables are accessed, using the privileges of its host process, the virus infects even more files.
Like a virus, a worm is also a self-replicating program but an important difference between a worm and virus is that a virus attaches itself to an executable while a worm does not. A worm uses the network to send its copies to other computers. Most of the time, this activity is carried out through an inconspicuous process without any user intervention.
It is believed that the term 'worm' was first used in a 1975 science fiction novel named 'The Shockwave Rider', by John Brunner.
A Trojan horse is a computer program that under the pretence of normal functioning, actually performs malicious functions. The aim of a Trojan horse is to create a security hole in the victim machine which can later be used to steal vital information or to mount a more vicious attack on the victim machine.
A spyware is a software program which installs itself on a victim machine without any knowledge or consent of the user. Spywares are used by their creators for various reasons, such as monitoring online behavior of people, changing the computer settings (for example the homepage of the browser), installing additional software or viruses, displaying unwanted advertisements, etc.
The credit of popularizing the use of the term spyware in its current context is given to Gregor Freund, founder of the widely known security software maker Zone Labs.
Adware is a software program which displays advertisements to the user while using the program. The motivation behind this is to keep the program free and yet recover the development costs of the software. Some adwares allow you to pay a small fee to disable the advertisements.
A key logger is a software program that records every key pressed on the victim machine. Key loggers are generally distributed as Trojan horses or viruses. The logs are then sent to the hacker who looks for popular patterns (such as typing a website address, then typing a username, pressing the Tab key and typing a password) to steal the login credentials of other people.
When using the internet on public machines, one should always be wary of key loggers. One method to confuse the hacker is not using the regular patterns while accessing websites, for example while entering password, first enter four random characters from the password, then use mouse to enter the remaining letters at their proper positions.
A backdoor is creating a way to bypass the normal security and the authentication mechanisms of a computer system to allow a hacker to login to the machine remotely and perpetrate computer crime.
Numerous instances of backdoors have been found in both, open source and proprietary software. One infamous instance is when in 2005 Sony BMG distributed millions of music CDs with spyware to protect its digital rights. This spyware installed itself on a user’s Windows machine when he/she played it on his/her machine. Sony BMG ended up attracting a lot of negative publicity and quite a few lawsuits. Later Sony BMG agreed to have carried out such actions and recalled all the CDs and provided software.
The term botnet is used to refer to a collection of compromised computer machines running various malwares such as Trojan horses, viruses and worms. The hacker who creates the botnet can control it to perform malicious activities such as mass spamming or launching denial-of-service attacks on various websites.
Some popularly known botnets are Kraken, Srizbi, Bobax, Cutwail, Storm, Grum, Onewordsub, Ozdok, Nucrypt, Wopla and Spamthru. According to security experts at www.secureworks.com, these top botnets are capable of collectively sending 100 billion spam messages every day.
A zombie computer is a computer which is infected by a malware and is part of a botnet remotely controlled by a hacker over the Internet. Most of the time, the user of a zombie computer is unaware of the fact that his/her machine is being used to carry out unlawful activities.
A denial-of-service attack is an attempt to choke the computing capacity of a computer system in order to make its services unavailable to its users.
A denial-of-service attack is more common on the Internet where the servers of the victim websites are intentionally overloaded with numerous purposeless requests. Generally these attacks are carried out against high profile websites, DNS (Domain Name System) servers and Government websites.
Known-plaintext attack is a method to breach encrypted communication. In this type of attack the code breaker has access to samples of both the plaintext (message) and its encrypted version. Using this data, the code breaker can find out the secret key which is used to encrypt the communication. This key can be then used to gain access to further communication encrypted with the same key.
This kind of attack was used in World War II by using the samples forcefully obtained from captured German soldiers.
In a chosen-plaintext attack, the code breaker has access to the same encryption mechanism (such as same software/hardware) which was used to encrypt a communication that needs to be accessed.
In this type of attack, by using the same mechanism, the code breaker encrypts samples of his own plaintext messages to obtain the corresponding ciphertexts. Then by comparing these he/she can obtain the secret key used for the communication that needs to be accessed. Once the secret key is revealed the code breaker can then obtain all the original communication in the plaintext form.
Man-in-the-middle attack is another type of attack in cryptography in which the attacker is eavesdropping on the entire communication between two parties, when the two parties believe that they are communicating in private. The eavesdropper intercepts the messages from the sender and then relays them back to the receiver.
Though intercepting all the communication between two parties seems impossible to laymen, it is possible if the attacker is the owner of public wireless access points used for communication.
Identity theft means the impersonation of someone else in order to gain money and/or some other benefits. Identity theft is the basic principle behind the art of social engineering.
Identity theft is considered as a crime in many countries since the person whose identity is being stolen can suffer serious implications as a result of an act that he/she never committed.
Phishing is an act in which a fraudster poses as somebody trustworthy in an electronic communication in order to obtain information, such as login details or credit card details, from the victim.
Typically in phishing the victim gets an email which looks like it has come from some prominent bank asking for the login/credit card details which were lost during some process glitch. The email bears a look that is similar to the look of the website of the bank and even contains logos, trademarks and other insignia of the bank.
If the user falls for this trap and clicks on the link contained in the email, he/she will be taken to a website which exactly mimics the look of the original website of the bank. Also the domain name used for the website is a minor spelling variation of the original. Here falling prey to the trap, the user enters the details in the form presented to him/her.
Vishing is similar to phishing except that is carried over VoIP (Voice over Internet Protocol) instead of email. Here the victim gets a call from somebody who claims that he/she is a PR executive from a prominent bank/company.
Generally people tend to trust telephonic conversation since they believe that generally phone numbers are tied to legitimate people with legitimate billing addresses. What they are unaware of is that with the help of call spoofing systems and VoIP, the fraudster can remain anonymous.
In a lottery scam, the user gets an email stating that he/she has won some lottery and in the email he/she is asked to contact a certain person over email. If the user falls prey to this scam and gets in touch with the said person, he/she is asked to pay some processing fees in order to receive the lottery amount. But after paying the processing fee the user never gets the prize money he/she supposedly had won.
Some other variations of this scam exist. In one of the variations the victim is lured by the prospect of being sole heir to the property of some deceased distant relative, while in another variation the victim is given false hopes of large overseas business contract.
Online Reputation Management (or Online Reputation Monitoring) is keeping watch on what is being said about your brand, your company or yourself across various online media and proactively reacting to keep a positive face.
With an abundance of discussion forums, blogs and self-styled journalism on the Internet, it is quite likely that your brand, or you (if you happen to be someone famous) are being discussed somewhere on the Internet. Due to its wide reach and easy accessibility, the Internet has become a powerful communication medium and if something is being said about your brand it is quite likely that it will be read by thousands of people. They are reading it and forming opinions about your brand.
Establishing a brand takes years of hard work and quite a lot of money. But one negative post by some influential blogger can destroy all those years of hard work. By engaging in online reputation management, you monitor what is being written or said about your brand and if you find something that depicts your brand negatively, then you can take early proactive measures to minimize such damage.
Online reputation management is also helpful to get insights from the customers about product satisfaction and improvement of services. It can be used as a relatively cheap marketing tool to reach a wide audience.
With the number of websites growing everyday, users depend more and more on search engines to find information. If somebody can't find a webpage using a search engine, it virtually doesn't exist. Using this philosophy Search Engine Reputation Management (SERM) professionals try to protect your brand from the negative content that shows up for the search queries related your brand and business.
The SERM tactics depend heavily on Search Engine Optimization (SEO) that makes sure that pages from your website show up in the top results for the search queries related to your business.
Gripe websites are websites established with the sole motive of negative depiction of a particular brand, company, government body, place or a person. They are also commonly referred as hate websites or complaint websites.
With gripe websites, the Internet provides a cheap way for unsatisfied customers to 'get even' with big corporations. Obviously the corporations don't take gripe websites lightly and retaliate by filing defamation lawsuits, trademark infringement suits and copyright infringement suits against the owners of such websites, while the owners try to defend their position on the grounds of free speech.
Morphing originally stood for the special effects in which, using animation techniques, one image was changed (or morphed) into another. One early example of morphing was the popular animation in which a man's face slowly changes to that of a wolf's face.
Later with the advent of advanced photo editing applications, it became easy to morph one person's face to other person's body. While it is used mostly for fun (for example a website called morphthing.com lets you combine faces of various popular celebrities), there have been instances when morphing has been used for intentional defamation of a particular person.
Cybersquatting is registering and holding the domain names containing the trademarks of others only to sell them to the trademark owners at an inflated price.
The prices demanded by cybersquatters are generally far higher than the original purchase prices. Some malicious cybersquatters even display defamatory content on these domains only to encourage the trademark owners to buy it quickly.
Internet Corporation for Assigned Names and Numbers (ICANN), the authority which manages the assignment of domain names and IP addresses, has set up a process called Uniform Domain Name Dispute Resolution Policy (UDRP) to resolve disputes regarding cybersquatting and others issues related to registration of domain names.
Typosquatting is a form of cybersquatting in which the cybersquatter registers domain names which are minor spelling variations of a popular domain. When the users type the wrong spelling they are taken to the website owned by the cybersquatter.
These websites can be used for various purposes but are generally used to show cheap pay-per-click advertisements.
Pharming is a hacking technique in which a hacker hacks DNS (Domain Name System) servers so as to send traffic intended for one site to another fake site. On a smaller scale the same effect can be used by altering the 'hosts' file on a victim computer.
Pharming can be used to steal credit card information, so it is a serious threat to websites which provide banking or eCommerce services.
Domain-tasting refers to a practice in which a five day grace period is allotted to the registrant of a domain name at the beginning of the registration to check the marketability of the domain name. During this period the registrant can cancel the domain name registration and claim full refund from the domain registry.
Domain-kiting is the process of cancelling the registration of a domain name within the five day grace period and then again registering it for the next five day period. By repeating this process a number of times, a domain registrant can use a domain name for a prolonged time without actually paying for it.
Cybotage can be described as a hostile act of disruption or destruction of communication and information infrastructure of the Government of a country. The person who perpetrates cybotage is known as cyboteur. This way cybotage is similar to cyber terrorism and a cyboteur is a cyber terrorist.
Keep yourself acquainted with the latest in IP news. Subscribe to our free newsletter to get regular updates.
Copyright © 2019 R. K. Dewan & Co.