Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAP 6 - Computer Fraud and
Abuse Techniques, hacking - Unauthorized…
-
hacking - Unauthorized access, modification, or use of an electronic device or some element of a computer system.
hijacking - Gaining control of someone else’s computer to carry out illicit activities, such as sending spam without the computer user’s knowledge.
botnet - A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware.
zombie - A hijacked computer, typically part of a botnet, that is used to launch a variety of Internet attacks.
bot herder - The person who creates a botnet by installing software on PCs that responds to the bot herder’s electronic instructions.
denial-of-service (DoS) attack - A computer attack in which the attacker sends so many e-mail bombs or web page requests, often from randomly generated false addresses, that the Internet service provider’s e-mail server or the web server is overloaded and shuts down.
spamming - Simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something.
dictionary attack - Using special software to guess company e-mail addresses and send them blank e-mail messages. Unreturned messages are usually valid e-mail addresses that can be added to spammer e-mail lists.
splog - Spam blogs created to increase a website’s Google PageRank, which is how often a web page is referenced by other web pages.
spoofing - Altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient.
e-mail spoofing - Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source.
caller ID spoofing - Displaying an incorrect number on the recipient’s caller ID display to hide the caller’s identity.
IP address spoofing - Creating Internet Protocol packets with a forged IP address to hide the sender’s identity or to impersonate another computer system.
Address Resolution Protocol (ARP) spoofing - Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network host’s hardware address when only its IP or network address is known
MAC address - A Media Access Control address is a hardware address that uniquely identifies each node on a network.
-
SMS spoofing - Using short message service (SMS) to change the name or number a text message appears to come from.
DNS spoofing - Sniffing the ID of a Domain Name System (DNS, the “phone book” of the Internet that converts a domain, or website name, to an IP address) request and replying before the real DNS server.
zero-day attack - An attack between the time a new software vulnerability is discovered and “released into the wild” and the time a software developer releases a patch to fix the problem.
-
cross-site scripting (XSS) - A vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from the desired website.
buffer overflow attack - When the amount of data entered into a program is greater than the amount of the input buffer. The input overflow overwrites the next computer instruction, causing the system to crash. Hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. This code could open a back door into the system.
DNS spoofing - Sniffing the ID of a Domain Name System (DNS, the “phone book” of the Internet that converts a domain, or website name, to an IP address) request and replying before the real DNS server.
SQL injection (insertion) attack - Inserting a malicious SQL query in input such that it is passed to and executed by an application program. This allows a hacker to convince the application to run SQL code that it was not intended to execute.
man-in-the-middle (MITM) attack - A hacker placing himself between a client and a host to intercept communications between them
piggybacking - (1) Tapping into a communications line and electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system. (2) The clandestine use of a neighbor’s Wi-Fi network. (3) An unauthorized person following an authorized person through a secure door, bypassing physical security controls.
masquerading/impersonation - Gaining access to a system by pretending to be an authorized user. This requires that the perpetrator know the legitimate user’s ID and passwords.