Daisy-Chaining, Wardriving and Logic Bombs - 10 computer hacker terms
Reported instances of cybercrime, with the objective of financial gain or some subversive political motive, are becoming increasingly common.
Recent examples of this crime which have been reported in the media are the WannaCry attack on the NHS in mid-2017 and, more recently, on Hamilton Academical Football Club.
Here are 10 common terms to add to your vocabulary.
1. Blue hat
These are specialists who are engaged by an organisation to test a new computer system, prior to it going live, with the remit to identify any potentially vulnerable areas (bugs) which can then be eliminated (what is referred to as being debugged). Their activity is clearly beneficial to the organisation and is an example of ethical hacking.
2. Botnet
This is a portmanteau word (created from the words robot and network). It consists of a collection of internet-connected computers and peripherals over which illegal access and control has been seized on a systematic basis by hackers. Each device which has had its security penetrated is now under the control of the hacker. Botnets can be used for sending spam, to steal data and carry out denial of service attacks i.e. disrupting access to devices or networks.
3. Daisy-chaining
This is the seemingly innocuous term for an illegal activity whereby a hacker gains access to one computer system and its networks and then uses it to 'piggyback' on to other systems in the organisation causing further damage.
4. Hacktivist
A hacktivist is a person or persons (e.g. the group Anonymous) who make illegal use of computers and computer networks to advance their political beliefs.
5. Logic bombs
This is a set of instructions illegally and secretly inserted by hackers (possibly a disgruntled employee) into a software package so that when a specific condition or event occurs these illegally embedded instructions will then activate a malicious event. An example is a logic bomb which starts deleting files if the hacker is later dismissed, for any reason, from employment with the organisation.
6. Red team
This is a term originating from military wargaming and involves using an organised team of IT experts to simulate a major hacking attack on the organisation’s IT systems and networks to test its defences against hacking. A defence against this simulated attack will be made by the 'blue team'. The objective of this exercise is to reveal weaknesses in the organisation’s systems so that measures can then be taken to bolster the defences and firewalls against unfriendly hackers.
7. Rootkit
A collection of software tools that enable a hacker to gain control of a computer system or areas of software and which then conceals its existence. Rootkit can be automated and installed after a hacker has gained unauthorised system administrator access.
8. Script kiddies
These are novice hackers who lack the skill needed to write their own programs but instead use programs (or scripts) developed by others to attack computer systems and networks.
9. Vishing
This is the practice of making phone calls to a potential victim (or leaving them voicemail messages) which appear to be plausible and from a trusted organisation, such as a major bank with whom the victim has had legitimate dealings, to dupe them into disclosing personal financial information. One example of this which has featured in the media recently is where a fraudster phones an individual and pretends to be from the bank’s fraud team and tells them that their bank account has been compromised. They persuade the person to transfer their funds into a bogus account for protection against any further attempts to subvert it. The victim then gives their bank details and the account is swiftly emptied by the fraudster.
10. Wardriving
This activity involves a person driving around in a motor vehicle using a laptop computer or a smartphone to locate and potentially exploit connections to local area networks. Wardriving is considered illegal only if it is active - that is, the objective of the exercise is an attempt to illegally gain admittance to a computer network by circumventing passwords or other devices installed to prevent unauthorised access to a network. Variations on this theme include:
- Warcycling - This is using a bicycle instead of a vehicle.
- Warflying - This is using an aircraft (or perhaps a drone) instead of a vehicle.