Glossary: 20 terms to better understand the world of cybercrime - Part 2
The definition of hacker is a little diffuse and has been used with multiple meanings over the years. Nowadays, the most accepted one is that a hacker is someone with broad technological knowledge and who likes to mess with information systems. "Hacker", by itself, is a neutral word, without value judgment.
The white hat hacker is, in general, a cyber security expert. He knows the techniques of cybercrime and uses them in favor of the development of more secure systems. Often, companies like Google and Facebook pay rewards to white hat hackers who discover vulnerabilities in their systems, as long as they do not exploit them for evil purposes.
Already the hacker "black hat" is what was formerly called "cracker": it is someone with extensive security knowledge, but uses its techniques for criminal purposes. Their techniques are geared towards stealing information and money.
Jailbreaking is a way to break manufacturer-imposed restrictions on what can and can not be done on that device. It is a word closely associated with iPhones and iOS, as it is a great example of an operating system that restricts the execution of software that did not come from the App Store, but this also applies to video game consoles, which usually go through the jailbreak to allow pirated games.
Not every hacker attack has a political or criminal motivation. Often, hackers just want to have fun in a somewhat anarchic way. "For the lulz" is an expression used to define exactly this type of action done only to generate some laughter. "Lulz" comes from the acronym "LOL", which means "laughing loudly"; that is to say: it was an attack only by the laughter.
Malware is an umbrella term that defines any type of malicious software (hence the name "mal + ware"), and there are many types of malware. In recent years, ransomware is on the rise, "sequestering" computers and requiring victims to pay to unlock their machine and allow them to recover their files.
However, there are many other types of malware with multiple methods of action. Viruses, for example, are malicious software hidden inside a seemingly harmless program that can replicate itself, while Trojans infect in a similar way but do not replicate automatically. Rootkits, in turn, use some techniques to hide their operation from the rest of the system, allowing them to run silently for a long time, increasing the effectiveness of the attack.
The "man in the middle" is an attack technique that aims to intercept information from a victim using a compromised Wi-Fi network. This can be done in two ways: by creating a public Wi-Fi network on your own and by attracting people to connect to it or by using vulnerabilities in a Wi-Fi network in a mall or cafeteria, for example.
Since then, all content that travels online starting or arriving at the connected device and that is not protected by encryption can be easily accessed by the cybercriminals, making this method ideal for discovering passwords, for example.
The term is widely used to refer to someone who has been the victim of an attack, originating from the word "owned" (look at your keyboard, the letter "P" is on the "O" side, right?).
"Owned" in this context means that a victim has been humiliated; not for nothing, the expression is also used for people who have been defeated in online games.
The expression has gained so much strength and popularity that one of the most important security community sites at the moment is called "Have I Been Pwned?" Which catalogs leaks of data and informs you if your email address and password have already been reached in Some of them. It pays to take the test.
It is one of the most important techniques for cybercrime. Originating from the word "fishing", the expression represents a method of attack that consists of throwing a bait and twisting so that the target bites the hook.
One of the most common methods of phishing is to send an email to the victim going through a company (for example, Apple), saying that it is necessary to do some procedure, such as a registrar. The email has a link in which the victim is instructed to enter his login and password that are sent directly to the hacker. Thus, it is possible to invade an account without major inconvenience.
It is a provocative term to represent people who have some technological knowledge but who lack the technical ability to exploit vulnerabilities on their own. As a result, they use codes, or "scripts," developed by other hackers.
It is an attack technique very similar to phishing, but more targeted and personalized. Instead of going through a company, the hacker goes through a person close to the victim in order to convince her to click on some dangerous link.
Zero-day is an expression that represents a serious problem. This is a security flaw in some system that is discovered by cybercrime before the company in charge has knowledge on the subject. This means that until the company develops and publishes a fix, which can take a few days or weeks, hackers will have free access to exploit the flaw.