Cyber Security Terms and Definition – Part 1

Just like in the controls industry, cybersecurity has its share of acronyms, terms, etc. Wading through these can be overwhelming.

The list below is some of the terms you may have heard or probably will hear sometime in the near future. Rather than cram a bunch of terms/definitions into one post, I will post terms periodically in my blog.

Hacker – It used to apply to someone who uses various means and methods to gain access to computer. Now with IoT (internet of things) it applies not only to computers, servers, and laptops, it also applies to anything that is network and/or web connected devices.

We tend to think of this of only control system devices, but now this includes, home automation such as internet connected thermostats, TVs, garage door openers, lighting control, security systems, etc. It also includes medical devices, cars, surveillance systems, traffic control, planes, trains, etc,

A hacker used to be only those individuals that were high functioning computer users/programmers. Now, however, anyone with basic computer understanding can buy software “tools” that only require minimal setup that can take control of network devices. Some of these tools have been sold for as low as $40 and even shared freely by would be hackers.

Hackers are not all bad… Some hack for the purpose of finding weaknesses to help make the network more secure.

White Hat – This is the good guy or girl… Hence the white hat.

You may of heard of the white described as an ethical hacker. Companies will employ them to try and compromise their the network and then make recommendations to close the “holes”. This is known as penetration testing.

Red Hat – This hat represents a white hat with an aggressive purpose. Governments will use Red Hats to attack foreign networks for the purpose of crippling their network and/or servers.

Red Hat is also the company that produces Linux Fedora operating system.

Black Hat – They fit the stereotype that most people know as hackers. You could also call them thieves, criminals, destroyers, etc. No other way to say it… they are bad.

They will steal credit card data and sell it on the cyber black market. They steal personal data to sell to identity thieves. They will take down networks for ego sake. They will infiltrate a company’s website to cause brand damage.

Grey Hat – Now this guy is a little harder to put in a box. They are not bad per se… They tend not to follow a clear line of ethics. They don’t do what they do for personal gain. They will, on their own, search for vulnerabilities of systems without the permission of the owner. They may or may not let the owner know. And they may even publish their findings publicly which could cause the damage by making the vulnerabilities know which a black hat would take full advantage of this information.

Script Kiddie – This designation is for a person who does not develop software tools to hack with, but purchases the software tools to use to gain entry into systems. As mentioned earlier, software tools for the purpose of hacking and controlling networks is becoming more readily available. This means most anyone can become a Hacker. Script Kiddie’s can download hacking tools and if they run into problems setting it up there are help sites for them to use to help them.

Hacktivist – This group is more closely aligned with activist groups. Their purpose is to make a protest statement through disruption of services or terroristic means. In this group there are two types… Freedom of information and Cyberterrorism. The Freedom of information group will obtain information that is not public and make it available to the public. Cyberterrorist will usually use DOS/DDOS or website defacement to further their cause.

Watering Hole – Most of us go to watering holes and probably don’t even know it.

So what is it? A watering hole can be any place you go such as web forums, information sharing, etc. In the controls world we have several places we frequent to look up info, download help docs, share knowledge. The attacker will join the group and monitor it to look for a “prize” target. The target may be someone posting request for help. The attacker may offer a “solution” that the target can download. Inside the download may be malware/command & control to gain access to the target’s network.

Honey Pot – Like the old saying goes… “You can catch more flies with honey…” The honey pot is a decoy system to draw in hackers. It is setup to be easy prey with activity monitoring. The attacker’s activity will logged and traced. The idea is attackers will return multiple times and this will give us a bounty of data to combat them.

Why do it? Most agree the reason to setup a Honey Pot is education. You need to learn attack methodologies to better protect your systems and the Honey Pot will show you how an attackers comes

at your systems. Keep in mind this is not something you set and forget. It requires periodic study because hacking methodology is continually evolving and the hackers will eventually either figure out that it is a Honey Pot or loose interest since there is nothing there to pillage.

IoT – Internet of Things – I found a good explanation of IoT on Forbes. According to the article “A Simple Explanation Of ‘The Internet Of Things’ by Jacob Morgan, IoT is “Simply put this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cell phones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig.”

(To read the full article go to – http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/)

DOS – Denial of Service – An attack designed to overwhelm a targeted website to the point of crashing it or making it inaccessible.

The purpose of DOS attack is to flood an end device, such as a web server, with a large number of request. By doing this the attacker can make it where no one else can see your website. Therefore “shutting” you down. This type of attack typically originates from one location.

DDoS – Distributed Denial of Service Attack – A Distributed Denial of Service attack is done with the help of zombie drones (also known as a botnet) under the control of black hats using a master program to command them to send information and data packets to the targeted webserver from the multiple systems under their control.

Unlike a DOS attack, the DDOS will come at you from all over the place from little pieces of code (zombie drones/botnets) reside on several systems. Even throughout world. The zombies will respond to a single source (the hacker) flooding your system. A good example of this was an attack that occurred on April 29, 2015 (http://www.zdnet.com/article/largest-denial-of-service-attack-ever-detected-hit-asian-datacenter/). According to Arbor Networks came from tens of thousands of connections (generated by the botnets) with traffic up to 334 Gbps (gigabits per second).

Often this type of attack is generated from a hacktivists as a protest against a particular company.

BotNet – This little critter is not much to speak of by itself, but when a part of a zombie army the damage can be serious. Its one role in its cyber life is to listen for the command to attack and join its fellow zombies and perform a DDOS (distributed denial of service) attack.

Most BotNets are found on home computers. When a DDOS attack is launched most user don’t even know that their machine is a part of the zombie army. Your computer may have a BotNet on it right now waiting for the command to attack.

According to Kaspersky Labs, BotNet… not spam, viruses, or worms… currently pose the biggest threat to the internet. A Symantec report agreed with this conclusion.

Zero Day – A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack. (from http://searchsecurity.techtarget.com/definition/zero-day-exploit)

This can be a foot race between the software develop to close the vulnerability and the hacker who is trying to exploit the vulnerability.

If you have comments or questions feel free to post them here or contact me directly at fred.gordy@smartcore.com