Cyber-Crime Terminology

Typically, adware is installed along with shareware or freeware software. These advertisements create revenue for the software developer. Adware displays web-based advertisements through pop-up windows or through an advertising banner that appears within a program's interface. Pop-up ads are very annoying.

A person who aspires to be a hacker/cracker but has very limited knowledge or skills. Usually associated with young teens who collect and use simple, malicious programs obtained from the Internet.

An intentional breach in the security of a computer system left in place by designers or maintainers. A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering, or destroying data.

Guessing the password until you figure it out, whether via manual methods or by using a program that continually guesses passwords. Programs will try passwords like "aa," "ab," "ac," and so on until every legal character combination has been tried.

Computer Emergency Response Team: The Defense Advanced Research Projects Agency (DARPA) used this term to describe the first computer emergency response team, founded in 1988 at Carnegie Mellon University in Pittsburgh. The official term is now CERT/CC, which stands for CERT Coordination Center.

Internet browsers write and read cookies, files with small amounts of data (such as site passwords and settings) based on instructions from web pages. Normally, cookies provide a benefit to users. However, in some instances cookies are used to consolidate and track user behaviour across various sites, which provides marketers with private information about an individual.

A computer hacker who performs illegal or unethical activities. This definition assumes that hacking is ethical and legal. The terms "hack" and "crack" are often used interchangeably.

A digital guarantee that a file has not been altered, as if it were carried in an "electronically sealed" envelope. The "signature" is an encrypted digest (one-way hash function) of the text message, executable, or other file.

Action against a host resulting in the target's inability to perform service(s) for other users, particularly over a network.

Spying the old-fashioned way: rummaging through garbage or recycling cans for information such as invoices, passwords, and account numbers.

Code that when executed sends many messages to the same address(es) for the purpose of using up disk space and/or overloading the email or web server.

Principles or practices that reduce spam and protect a computer from viruses and other threats embedded in or attached to email messages.

Any of a number of security schemes that prevent unauthorized users from gaining access to your computer or computer network, or using your computer to gain unauthorized access to the internet. A firewall can be a hardware device or a software program. A physical device is preferred because a software firewall can be shut down by unauthorized programs such as viruses, worms and trojans.

A computer hacker who attempts to infiltrate a secure computer system in an effort to learn the system's weaknesses so that they can be repaired. This is called "ethical hacking." Simply, hacking means breaking into a computer system.

A computer hacker who breaks into computer systems to further an activist agenda, usually political or environmental in nature.

Hijackers (or browser hijackers) often masquerade as a helpful browser toolbar. They alter browser settings or change the default home page to point to some other site.

A decoy server set up to lure and trick an intruder. Designed to make hackers/crackers think they are on a valid production system. It is used to catch and stop an intruder or detect and track intruder techniques and test system vulnerability.

Computer security is the process of detecting and preventing unauthorized use of your computer. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done. Prevention helps you to stop unauthorized users ("intruders") from accessing any part of your computer system.

Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords, credit-card numbers, or other financial information. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.

Hacking directed at the telephone system (as opposed to the data communications networks) or hacking with a telephone. Using different "boxes" and "tricks" to manipulate the phone companies and their phones, phreakers can gain many things, two of which are knowledge about telephones and how they work, and free local and long-distance phone calls.

The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious if someone is looking for a weakened access point.

Using one computer or device to make requests or "stand in" in place of another. Proxies are often used for Internet security. You can use a proxy to pass data between an internal network and the Internet. The server on the Internet never knows that the request is coming from anywhere but the proxy. Some proxies have caching and site filtering built in.

An inexperienced and unskilled "hacker" who attempts to infiltrate or disrupt computer systems by running pre-fabricated scripts designed to crack those systems. Script kiddies are regarded as mischief makers as opposed to real threats. Generally refers to a teenage group of people.

A protocol that allows for "secure" passage of data. It uses public key encryption, including digital certificates and digital signatures, to pass data between a browser and a server.

Unsolicited commercial email.

1. Faking the sending address of a transmission to make it look like it is coming from a trusted host or address in order to gain illegal entry into a secure system.
2. A generic term for activities in which trusted relationships or protocols are exploited. Impersonating, masquerading, and mimicking are forms of spoofing.

Spyware often comes with a freeware or shareware program, just like adware, making the distinction between the two a bit vague. Spyware gathers and transmits information about you or about your behaviour to a third party. This data is collected without your knowledge or consent.

Trojans or Trojan Horses get into your system and run without your knowledge. They can have many functions. For example, some use a computer's modem to dial long-distance, resulting in enormous phone bills. Unlike viruses and worms, Trojan horses do not make copies of themselves. They can be delivered to your system via shareware or freeware, or via worms and viruses.

User identification is the process by which a user identifies himself to the system as a valid user. (As opposed to authentication, which is the process of establishing that the user is indeed that user and has a right to use the system.)

A self-replicating code segment. Viruses may or may not contain attack programs or trapdoors.

Refers to any weakness in any system (either hardware or software) that allows intruders to gain unauthorized access or deny service.

A graphic on a web page or in an email message that monitors who is reading the web page or email message. Web bugs are often invisible because they are typically only 1x1 pixel in size. They are invisible in order to hide the fact that the monitoring is taking place.

A program that reproduces by copying itself in full-blown fashion from one computer to another, usually over a network. Unlike a virus, it usually doesn't modify other programs.