Whether you work in the field of cybersecurity or are a believer that installing an antivirus program on your computer is enough to secure yourself online, time after time you cross cyber content with some technical terminologies. Thanks to mainstream culture and media covering prominent cybercriminals or incidents of data breaches, we’re familiar with a few terms.
But to keep you informed and knowledgeable of the terms the industry is buzzing with, we compiled an essential glossary of some must-know hacking slang. Being tech-savvy folk ourselves we appreciate these subtle, inventive and jazz-like notes of technical language.
Adware. Remember a meme with a guy on the street with a “Stop showing me ads for things I just talked about” sign? Adware is a software that acts as spyware to track a user’s browsing activities secretly. It collects your personal info, browsing history and then generates ads, usually, in programs that are free. Adware is common in the marketing world.
Attribution is the process of unveiling who is behind a cyber attack. Determining responsibility and formulating a response can be especially difficult since experienced hackers hide behind many layers of online services.
Back door is a hidden entry to a software deliberately left by maintainers so that devs can bypass authentication and dive right into the program. It can also be left by hackers to access the system when the initial vulnerability was fixed. This hole in the security system (or a wormhole) might be exploited if discovered by hackers.
Black hat. According to the Oxford English Dictionary: “Once it was easy to tell the heroes from the villains in television Westerns: The white hats were the good guys and the black hats were the bad guys.” And so in this context black hat hackers attack for personal gain and commit illegal acts. In contrast, white hat hackers operate in order to aid and alert companies to improve services without causing harm.
Bot is a program that runs rather a simple task repeatedly over the Internet. Whether it’s a good or bad bot depends on its user and function. Many search engines use bots to scan websites, optimize the working of online services. Also, you must be familiar with Apple’s Siri or Cortana from Microsoft – these bots run with the help of AI. However, there are bad bots used by hackers and they can cause real trouble, like collecting and harvesting data without any consent.
Botnet. Your computer can be part of a botnet and you might not even know it. A botnet is a network of bots controlled by a black hat. Hackers create such zombie armies by deploying malware to infect random computers connected to the Internet in order to perform cyberattacks. In such a case, it’s extremely difficult to trace the hacker.
Cloaking. Besides a freshly coined dating term, in the Internet world cloaking describes the practice of presenting different content or URLs to human users and search engines.
Clone phishing is the modification of an existing email with a false link to trick the recipient into providing personal information.
Cracker is the one who breaks security on a system in order to do harm, gain financially, or in political protest. So often the term “hacker” is misleadingly used in media when actually referring to “crackers”, and this makes real hackers mad. Why? Hackers aren’t necessarily bad, while crackers are malicious. It’s said that crackers tend to use grand screen names (or war names) to conceal their identities.
Crypto. Short for cryptography, the whole science of secret communication for hiding data with encryption, or the opposite, decoding it.
Daemon is a program that is not invoked explicitly but lies dormant waiting for some condition to occur. As for the term itself, the alternative spelling of “demon” was adopted and rationalized as “Disk And Execution MONitor”. In simple terms, it’s a background program that runs continuously and handles periodic service requests.
Dark web is part of the Internet that isn’t indexed by any search engine, and only accessible through specific networks. It includes loads of weird stuff, like password protected sites, encrypted networks, etc.
Denial of service attack (DoS) is used to flood a targeted website or system to make it temporarily unavailable by sending so many content requests to the site that the server overloads. The Distributed denial of service attack (DDoS) is performed by a number of machines and is directed towards a targeted network from several locations. Black hats control botnets and program them to send data packets to the target server.
Encryption is a process of scrambling data to make it unreadable so the info is concealed only to authorized parties. Quite often hackers employ it to extort money by encrypting files of a victim. Only after money transaction is made, the decryption key is provided. Such attacks are described as crypto viruses or ransomware.
Firewall is a network security system using hardware, software, or both to block untrusted sources and prevent unauthorized access to a system. Since black hats constantly fight hard to bypass firewalls, their creators continuously adjust and strengthen the systems.
Geek. A digital technology enthusiast, a tech-thirsty person who is excited by novelty. Forget the old fashioned description of a geek being “an asocial, malodorous, pasty-faced monomaniac with all the personality of a cheese grater.” While the modern world is becoming more and more dependent on technology, the connotations to this term should definitely shift towards respectful, trending and even the new cool!
Hacker is someone who enjoys creatively manipulating codes, scrutinizing programming systems and stretching their capabilities. At first, this term was used to describe programming explorers, those in search of flaws or wormholes. Over time, this word accomplished much wider, diverse, and rather negative implications. Now hackers can refer to both the good (white hats) ones and the bad ones (more precisely to be called black hats, crackers or cyber criminals). Hacktivist is a hacker whose intentions are social or political (as for example, widely-known hacktivist group Anonymous).
Hashing. How to secure secret written information (e.g. passwords)? Hashing might be a solution here: this fundamental process turns plaintext into garbled text. Some companies store passwords (or facial recognition data) with hashes to improve their security. The difference from encryption: Hashes cannot be decrypted and has to be guessed using brute-forcing.
HTTPS/SSL/TLS. In 2018 Google Chrome announced that it’ll give warning to users who are visiting HTTP using websites. The letters stand for Hypertext Transfer Protocol, with the “S” for “Secure” and it’s a basic framework that controls how data is transferred across the web. This protocol adds a layer of encryption to provide you with secure daily browsing—your bank, your email provider, and social network. SSL and TLS are protocols used by HTTPS to provide an added identity proof to your website. It’s advised to avoid browsing the website using HTTP and enter any passwords or credit card details on it.
Keyloggers, a type of malware that tracks which keys are being pressed on a computer (and which touchscreen points are used) while a person using the keyboard is unaware that the actions are being monitored. Often used by black hat hackers to record login IDs and passwords. Spooky, isn’t it?
Malware is any kind of malicious program or software designed to hijack computer systems or steal sensitive data. For example, adware, viruses, Trojan horses, keyloggers and so on. Malware can be delivered via USB, spam, decoy websites, etc.
Metadata is simply data about data. Even though it does sound harmless, with enough sources of metadata hackers can put together someone’s identity or location.
OTR (Off-the-Record). Say you want to have a private conversation over instant messaging. OTR is a protocol for encrypting messages end-to-end while using a single temporary key for every conversation. So even if hackers break into your computer and get access to your keys, at this point you’re safe. Even the instant-messaging service itself can’t see the content of such messages.
Password managers. We’re all exceptionally ingenious when it comes to creating passwords. However, among the most used passwords in 2019, there’re still the classic “1234” or “asdf”. It takes access to just one account for a black hat to break into all of them. Better forget such hacker-friendly word combinations and discover one of the recognized password managers.
Penetration testing or pentesting. Say you want to check up on your company’s security system. One way is to employ people to purposely hack it to identify weak points.
Phishing is a technique that tricks users to give their personal info (passwords, bank card numbers) that can be used in a later attack by imitating legitimate companies or individuals online (for example, Google or Amazon customer support). Phishing is often done via fake emails or fraudulent links and is really more of a form of social engineering than hacking.
Phreaking. A few old-school hackers still remember this activity. This term comes from “phone” and “freak” and, as one simply implies, describes the art of cracking the phone network (e.g. to make free long-distance calls).
PGP (Pretty Good Privacy) is one of the most popular encryption methods used today (especially by financial institutions). PGP is an encryption program that’s used for signing, encrypting, and decrypting texts, e-mails, files, directories to increase the security of email communications.
Plaintext. Just what it sounds like – information with no encryption. Companies or individuals with poor security may store passwords in plaintext, even if the folder they’re in is encrypted, just waiting for a hacker to steal.
Programmer’s Cheer. This one’s here for fun only. The old famous cheer goes as “Shift to the left! Shift to the right! Pop up, push down! Byte! Byte! Byte!”
Pwned in Internet slang translates to the verb “own.” A video game player who beats another player can say that one pwned the other. Among hackers, the term has a similar meaning, only here it’s all about gaining access to another user’s computer. You might wanna visit the website “Have I Been Pwned?” to check if your online accounts have been compromised in the past.
Ransomware is a type of malware that locks the user’s computer and cuts access to his/her files. A victim receives a message telling how much the ransom is and where to send it in order to recover the files back.
RAT stands for Remote Access Tool or Remote Access Trojan and refers to a form of malware. The scary thing is that even unskilled hackers can manage to use RATs. Once a RAT is installed on one’s system, the attacker gains complete control of it.
Root. This is the holy grail of hacking! The most fundamental and powerful level of access in the system of computers is usually called root. It can install applications, create and delete files. If hackers “gain root,” they can do whatever they want on the system. And the worst part is, function at the low system level so as to erase its tracks and, thus, go undetected for a long time.
Shodan (Sentient Hyper-Optimised Data Access Network). Often called hacker’s Google. While usual search engines index only the web, Shodan indexes everything that’s connected to the Internet. Here you can find unprotected webcams, baby monitors, printers, traffic lights, license plate readers, smart TVs, even wind turbines. Besides its horrific specifics, Shodan can be of service while letting users find vulnerable devices and alert their owners to secure them.
Social engineering is all about deceiving people into providing their personal data, such as passwords or credit card numbers. There’s a great number of sophisticated techniques social engineers use, like phishing, baiting, pretexting, etc. This is why we need to be super thoughtful every time we go online.
Spam. We all know this electronic junk mails so well. The largest spamming organizations use botnets to increase the amount of spam they send. Unfortunately, spam is used not only in marketing but also to deliver malware through phishing or directing to unauthenticated sites.
Spoofing. Hackers trick users into falling for a phishing attack by altering the header of an email and making it look like the address of someone the target knows (for instance, the bank or phone service carrier). Other things can also be spoofed: MAC address, IP address, Hostname, etc.
Tails (stands for The Amnesic Incognito Live System) is an operating system endorsed by Edward Snowden as he used it to hide his communication out of NSA’s eyes. While the system keeps no memory, every time you start the computer, it’s like a fresh page and remembers nothing. Tails is free and open source.
Trojan horse. A malicious program that masquerades as something harmless, such as games or antivirus programs. After we admit such a masked guest, soon it delivers its payload and installs a back door for its master to enter.
Virus is a type of malware that is typically hidden in a program or file. It can infect computers, destroy a hard drive, steal, delete, and encrypt data, or perform many other malicious activities.
VPN stands for Virtual Private Network and is used to create a private and secure channel to connect to the Internet when a user is on an untrusted network (e.g. a public wifi in a coffee shop or hotel). VPNs also give a chance to circumvent censorship in restricted areas of the world.
White hat. Since we already discussed the black hat hackers, there’s probably no need to explain this one. The opposite of the bad ones, these ethical hackers use their skills to help a company or organization by exposing loopholes before black hat hackers do.
Worm is a specific type of malware that works solo. An automatically self-replicating worm can consume loads of memory reducing the speed of one’s system. Or, such a worm might be equipped with a payload that installs back doors to make a botnet.
Zero-day or 0day is a bug or vulnerability that’s undocumented by antivirus scanner installed on the system, or not publicly known in general. Also when no exploit is available to the public for a known vulnerability. The name explains the short term between the discovery of the flaw and the first its attack.