IS 414 CH. 6 (VOCAB)

Question 1

Hacking

Answer 1

Unauthorized access, modification, or use of an electronic device or some element of a computer system

Question 2

Hijacking

Answer 2

Gaining control of someone else’s computer to carry out illicit activities, such as sending spam without the computer user’s knowledge

Question 3

Botnet

Answer 3

A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware

Question 4

Zombie

Answer 4

A hijacked computer, typically part of a botnet, that is used to launch a variety of internet attacks

Question 5

Bot herder

Answer 5

The person who creates a botnet by installing software on Pcs that responds to the bot herder’s electronic instructions

Question 6

Denial-of-service (DoS) attack

Answer 6

A computer attack in which the attacker sends many email bombs or web page requests, often from randomly generated false addresses, that the internet service provider’s email server or the web server is overloaded and shuts down

Question 7

Spamming

Answer 7

Simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something

Question 8

Dictionary attack

Answer 8

Using special software to guess company email addresses and send them blank email messages. Unreturned messages are usually valid email addresses that can be added to spammer email lists

Question 9

Splog

Answer 9

Spam blogs created to increase a website’s Google PageRank, which is how often a web page is referenced by other web pages

Question 10

Spoofing

Answer 10

Altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of a recipient

Question 11

Email spoofing

Answer 11

Making a sender address and other parts of an email header appear as though the email originated from a different source

Question 12

Caller ID spoofing

Answer 12

Displaying an incorrect number on the recipient’s caller ID display to hide the caller’s identity

Question 13

IP address spoofing

Answer 13

Creating internet protocol packets with a forged IP address to hide the sender’s identity or to impersonate another computer system

Question 14

Address Resolution Protocol (ARP) spoofing

Answer 14

Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network host’s hardware address when only its IP or network address is known

Question 15

MAC address

Answer 15

A media access control address is a hardware address that uniquely identifies each node on a network

Question 16

SMS spoofing

Answer 16

Using short message service to change the name or number a text message appears to come from

Question 17

DNS Spoofing

Answer 17

Sniffing the ID of a domain name system request and replying before the real DNS server

Question 18

Zero-day attack

Answer 18

An attack between the time a new software vulnerability is discovered and “released it into the wild” and the time a software developer releases a patch to fix the problem

Question 19

Patch

Answer 19

Code released by software developers that fixes a particular software vulnerability

Question 20

Cross-site scripting (XSS)

Answer 20

A vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from the desired website

Question 21

Buffer overflow attack

Answer 21

When the amount of data entered into a program is greater than the amount of the input buffer. The input overflow overwrites the next computer instruction, causing the system to crash. Hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. This code could open a back door into the system

Question 22

SQL injection (insertion) attack

Answer 22

Inserting a malicious SQL query in input such that it is passed to and executed by an application program. This allows a hacker to convince the application to run SQL code that it was not intended to execute

Question 23

Man-in-the-middle (MITM) attack

Answer 23

A hacker placing himself between a client and a host to intercept communications between them

Question 24

Masquerading/impersonation

Answer 24

Gaining access to a system by pretending to be an authorized user. This requires that the perpetrator know the legitimate user’s ID and passwords

Question 25

Piggybacking

Answer 25

(1) Tapping into a communications line and electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system.
(2) The clandestine use of a neighbor’s Wi-Fi network.
(3) An unauthorized person following an authorized person through a secure door, bypassing physical security controls

Question 26

Password cracking

Answer 26

When an intruder penetrates a system’s defenses, steals the file containing valid passwords, decrypts them, and uses them to gain access to programs, files, and data

Question 27

War dialing

Answer 27

Programming a computer to dial thousands of phone lines searching for dial-up modem lines. Hackers hack into the PC attached to the modem and access the network to which it is connected

Question 28

War driving

Answer 28

Driving around looking for unprotected home or corporate wireless networks

Question 29

War rocketing

Answer 29

Using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless networks

Question 30

Phreaking

Answer 30

Attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data

Question 31

Data diddling

Answer 31

Changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data

Question 32

Data leakage

Answer 32

The unauthorized copying of company data, often without leaving any indication it was copied

Question 33

Podslurping

Answer 33

Using a small device with storage capacity to download unauthorized data from a computer

Question 34

Salami technique

Answer 34

Stealing tiny slices of money from many different accounts

Question 35

Round-down fraud

Answer 35

Instructing the computer to round down all interest calculations to two decimal places. The faction of a cent rounded down on each calculation is put into the programmer’s account

Question 36

Economic espionage

Answer 36

Theft of information, trade secrets, and intellectual property

Question 37

Cyber-extortion

Answer 37

Threatening to harm a company or a person if a specified amount of money is not paid

Question 38

Cyber-bullying

Answer 38

Using computer technology to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person

Question 39

Sexting

Answer 39

Exchanging sexually explicit text messages and revealing pictures with other people, usually by means of a phone

Question 40

Internet terrorism

Answer 40

Using the internet to disrupt electronic commerce and harm computers and communications

Question 41

Internet misinformation

Answer 41

Using the internet to spread false or misleading information

Question 42

Email threats

Answer 42

Threats sent to victims by email. The threats usually require some follow-up action, often at great expense to the victim

Question 43

Internet auction fraud

Answer 43

Using an internet auction site to defraud another person

Question 44

Internet pump-and-dump fraud

Answer 44

Using the internet to pump up the price of a stock and then sell it

Question 45

Click fraud

Answer 45

Manipulating the number of times an ad is clicked to inflate advertising bills

Question 46

Web cramming

Answer 46

Offering a free website for a month, developing a worthless website, and charging the phone bill of the people who accept the offer for months, whether they want to continue using the website or not

Question 47

Software piracy

Answer 47

The unauthorized copying or distribution of copyrighted software

Question 48

Social engineering

Answer 48

The techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to fain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data

Question 49

Identity theft

Answer 49

Assuming someone’s identity, usually for economic gain, by illegally obtaining confidential information such as a Social Security number or a bank account or credit card number

Question 50

Pretexting

Answer 50

Using an invented scenario (the pretext) that creates legitimacy in the target’s mind in order to increase the likelihood that a victim will divulge information or do something

Question 51

Posing

Answer 51

Creating a seeming legitimate business, collecting personal information while making a sale, and never delivering the product

Question 52

Phishing

Answer 52

Sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of a consequence if it is not provided. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim’s account

Question 53

Vishing

Answer 53

Voice phishing; it is like phishing except that the victim enters confidential data by phone

Question 54

Carding

Answer 54

Activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers

Question 55

Pharming

Answer 55

Redirecting website traffic to a spoofed website

Question 56

Evil twin

Answer 56

A wireless network with the same name as a legitimate wireless access point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts or disables the legitimate access point. Users are unaware that they connect to the evil twin and the perpetrator monitors the traffic looking for confidential information

Question 57

Typosquatting/URL hijacking

Answer 57

Setting up similarly names websites so that users making typographical errors when entering a website name are sent to an invalid site

Question 58

QR barcode replacements

Answer 58

Fraudsters cover valid OR codes with stickers containing a replacement QR code to fool people into going to an unintended site that infects their phones with malware

Question 59

Tabnapping

Answer 59

Secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back in to the site

Question 60

Scavenging/dumpster diving

Answer 60

Searching documents and records to gain access to confidential information. Scavenging methods include searching garbage cans, communal trash bins, and city dumps

Question 61

Shoulder surfing

Answer 61

When perpetrators look over a person’s shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords

Question 62

Lebanese looping

Answer 62

Inserting a sleeve into an ATM that prevents it from ejecting the card. The perpetrator pretends to help the victim, tricking the person into entering the pin again. Once the victim gives up, the thief removes the card and uses it and the pin to withdraw money

Question 63

Skimming

Answer 63

Double swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, hand-held card reader that records credit card data for later use

Question 64

Chipping

Answer 64

Posing as a service engineer and planting a small chip that records transaction data in a legitimate card reader. The chip is later removed to access the data recorded on it

Question 65

Eavesdropping

Answer 65

Listening to private communications or tapping into data transmissions intended for someone else. One way to intercept signals is by setting up a wiretap

Question 66

Malware

Answer 66

Any software that is used to do harm

Question 67

Spyware

Answer 67

Software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user’s permission

Question 68

Adware

Answer 68

Spyware that causes banner ads to pop up on a monitor, collects information about the user’s web-surfing and spending habits, and forwards it to the adware creator, often an advertising or media organization. Adware usually comes bundled with freeware and shareware downloaded from the internet

Question 69

Torpedo software

Answer 69

Software that destroys competing malware. This sometimes results in “malware warfare” between competing malware developers

Question 70

Scareware

Answer 70

Malicious software of no benefit that is sold using scare tactics

Question 71

Ransomware

Answer 71

Software that encrypts programs and data until ransom is paid to remove it

Question 72

Keylogger

Answer 72

Software that records computer actvity, such as a user’s keystrokes, emails sent and received, websites visited, and chat session participation

Question 73

Trojan horse

Answer 73

A set of unauthorized computer instructions in an authorized and otherwise properly functioning program

Question 74

Time bomb/logic bomb

Answer 74

A program that lies idles until some specific circumstance or a particular time triggers it. Once triggered, the program sabotages the system by destroying programs or data

Question 75

Trap door/back door

Answer 75

A set of computer instructions that allows a user to bypass the system’s normal controls

Question 76

Packet sniffers

Answer 76

Programs that capture data from information packets as they travel over the internet or company networks. Captured data is sifted to find confidential or proprietary information

Question 77

Steganography program

Answer 77

A program that can merge confidential information with a seemingly harmless file, password protect the file, send it anywhere in the world, where the file is unlocked and the confidential information is reassembled. The host file can still be heard or viewed because humans are not sensitive enough to pick up the slight decrease in image or sound quality

Question 78

Rootkit

Answer 78

A means of concealing system components and malware from the operating system and other programs; can also modify the operating system

Question 79

Superzapping

Answer 79

The unauthorized use of a special system program to bypass regular system controls and perform illegal acts. The superzap utility was originally written to handle emergencies, such as restoring a system that had crashed

Question 80

Virus

Answer 80

A segment of executable code that attaches itself to a file, program, or some other executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates

Question 81

Worm

Answer 81

Similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm also copies itself automatically an actively transmits itself directly to other systems

Question 82

Bluesnarfing

Answer 82

Stealing (snarfing) contact lists, images, and other data using flaws in Bluetooth applications

Question 83

Bluebugging

Answer 83

Taking control of someone else’s phone to make or listen to calls, send or read text messages, connect to the internet, forward the victim’s calls, and call the numbers that charge fees