Perpetrators

You often hear the nomenclature of computer menaces refer to hackers, intruders, script kiddies, virus writers, bot herders, and phreakers. Just what sorts of people are these, anyway?

Hackers

These days hacker is a broad-brush term implicating almost any person who has computer skills and mouse in hand as a wild-eyed cybervillain. Actually, the real hacker is a rare breed indeed: extremely knowledgeable, patient, creative, resourceful, and well aware that knowledge is power. He or she is determined to find a new way to explore and maybe exploit some particular system, protocol, or program. He or she studies the architecture and design of the target in order to better understand how they work, and perhaps find a weakness and exploit it. The reasons for doing so can be complex.

Hackers are often employees with day jobs who experiment after hours. Most hackers are socially responsible and want to discover weaknesses in computer hardware, software, and firmware and help get them fixed before icky, bad people discover them and cause real damage. Some are hired as consultants to ply their skills to test and improve system security.

Many years ago, being a hacker was a badge of honor, associated with intelligence and ingenuity. But in popular culture, the term now carries near- universal connotations of troublemaking and criminal activity.

Script kiddies

Script kiddies are individuals with nowhere near the technical acumen of real hackers. Instead, they acquire programs and scripts developed by hackers and use those ready-made tools to carry out attacks. Frequently, script kiddies don’t even know how their attack tools work.

Don’t underestimate the power of script kiddies, however. They can cause significant damage to systems and networks if they’re determined to attack them. A fool who has a tool may still be a fool — but with the right tool, even a fool can wield a lot of power and do a lot of damage.

Virus writers

Like hackers, virus writers — or VXers — can span a broad range of expertise. Some virus writers are highly skilled and creative, quite able to engineer an effective virus on their own. But like script kiddies, many virus writers rely on templates and illicit virus cookbooks to create subtle variations of existing viruses.

Bot herders

Bot herders are individuals who establish, grow, and use bot armies to carry out attacks and cause other types of trouble. They may develop their own bot software, but mostly they use bot software developed by others.

Phreakers

The original phreakers were people who cracked telephone networks in order to get free long-distance service. Improvements in telephone networks have rendered the original techniques useless, and some phreakers have resorted to outright criminal acts, such as stealing long-distance calling cards.

The term phreakers is sometimes used to describe hackers who try to break into systems and services in order to get free services.

Black hats and white hats

These are just terms for the bad guys and the good guys, respectively. There is a Black Hat security conference, and we hear it’s interesting. Guess who goes.

Professional perps and organized crime

The U.S. Treasury Department reported that starting in 2006, organized criminal organizations were making more money on cybercrime and online fraud than they did through drug trafficking. That chilling statistic should make you sit up and take notice: You’re no longer dealing with angry children, but with deranged adults who have developed criminal enterprises with profiteering and troublemaking as their profession. They have investors, budgets, research and development departments, marketing and sales departments, conferences, and profit sharing. Big money now supports the development of viruses, bots, Trojan horses, and other means for stealing money from organizations, governments, banks, and (especially) the general public!

Prep Test

1 Masquerading as another person in order to obtain information illicitly is known as

A choice_circle Hacking

B choice_circle Social engineering

C choice_circle Extortion

D choice_circle Exhumation

2 Viruses, rootkits, and Trojan horses are known as

A choice_circle Maniacal code

B choice_circle Fractured code

C choice_circle Infectious code

D choice_circle Malicious code

3 Antivirus software that detects viruses by watching for anomalous behavior uses what technique?

A choice_circle Signature matching

B choice_circle Fleuristics

C choice_circle Heroistics

D choice_circle Heuristics

4 A developer, suspecting that he may be fired soon, modifies an important program that will corrupt payroll files long after he is gone. The developer has created a(n)

A choice_circle Delayed virus

B choice_circle Logic bomb

C choice_circle Applet bomb

D choice_circle Trojan horse

5 A SYN flood is an example of a

A choice_circle Dictionary attack

B choice_circle High Watermark attack

C choice_circle Buffer Overflow attack

D choice_circle Denial of Service attack

6 The process of recording changes made to systems is known as

A choice_circle Change Review Board

B choice_circle System Maintenance

C choice_circle Change Management

D choice_circle Configuration Management

7 A system that accumulates knowledge by observing events’ inputs and outcomes is known as a(n)

A choice_circle Expert system

B choice_circle Neural network

C choice_circle Synaptic network

D choice_circle Neural array

8 The logic present in an object is known as

A choice_circle Encapsulation

B choice_circle Personality

C choice_circle Behavior

D choice_circle Method

9 The restricted environment that Java applets occupy is known as a

A choice_circle Sandbox

B choice_circle Workbox

C choice_circle Trusted Zone

D choice_circle Instantiation

10 An attacker has placed a URL on a website that, if clicked, will cause malicious javascript to execute on victims’ browsers. This is known as a

A choice_circle Phishing attack

B choice_circle Script injection attack

C choice_circle Cross-site scripting attack

D choice_circle Cross-site request forgery attack

Answers

1 B. Social engineering. Social engineering is the process of obtaining information from people by tricking them into giving up an important piece of information, such as a modem access number. Review “System Attack Methods.”

2 D. Malicious code. Malicious code is the generic term used to describe computer codes used to inflict damage on a computer system. Review “Malicious code.”

3 D. Heuristics. Heuristics is the technique used to detect viruses by recognizing anomalous behavior. Review “Malicious code.”

4 B. Logic bomb. A logic bomb is a type of malicious code that’s designed to cause damage at a predetermined date in the future. Review “Malicious code.”

5 D. Denial of Service attack. These attacks are designed to incapacitate a system by flooding it with traffic. Review “Denial of Service.”

6 D. Configuration Management. This is the process used to record all configuration changes to hardware and software. Review “Configuration Management.”

7 B. Neural network. Neural networks become proficient at predicting outcomes by making large numbers of observations, noting the inputs and results of each. Review “Neural networks.”

8 D. Method. A method is the formal name given to business logic — also known as code — present in an object. Review “Object-Oriented Environments.”

9 A. Sandbox. This is the name given to the restricted environment in which Java applets reside. Review “Adding applets to the mix.”

10 C. Cross-site scripting attack. In a cross-site scripting attack, the attacker places malicious script language in a URL that will be executed on a victim’s browser. Review “System Attack Methods.”

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.157.34