LESSON 6: INFORMATION WARFARE & ONLINE CRIMES Flashcards
(107 cards)
1
Q
unauthorized intrusion into a computer or a network.
A
hacking
2
Q
The person engaged in hacking activities
A
hacker
3
Q
Hackers employ a variety of techniques for hacking, including:
A
- ● Vulnerability scanner
● Password cracking
● Packet sniffer
● Spoofing attack
● Root kit
● Trojan horse
● Viruses
● Key loggers
4
Q
can also refer to non-malicious activities, usually involving unusual or improvised alterations to equipment or processes.
A
Hacking
5
Q
: checks computers on networks for known weaknesses
A
Vulnerability scanner
6
Q
: the process of recovering passwords from data stored or transmitted by computer systems
A
Password cracking
7
Q
: applications that capture data packets in order to view data and passwords in transit over networks
A
Packet sniffer
8
Q
involves websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites by users or other programs
A
Spoofing attack:
9
Q
: represents a set of programs which work to subvert control of an operating system from legitimate operators
A
Root kit
10
Q
: serves as a back door in a computer system to allow an intruder to gain access to the system later
A
Trojan horse
11
Q
: self-replicating programs that spread by inserting copies of themselves into other executable code files or documents
A
Viruses
12
Q
: tools designed to record every keystroke on the affected machine for later retrieval
A
Key loggers
13
Q
is a program or utility to assist a hacker with hacking. It can also be proactively utilized to protect a network or computer from hackers.
A
hacking tool
14
Q
is intentional modification of computer software or hardware that is outside the architectural perimeters and design
A
Hacking
15
Q
is a slang term used to refer to cybercriminals who hack into celebrity email accounts to gain access to their personal information. T
A
Hackerazzi
16
Q
this term is derived from the term paparazzi, which refers to the aggressive photojournalists who often intrude on celebrities’ privacy and make a living by selling candid photos of famous people.
A
Hackerazzi
17
Q
is a piece of malware intended to get financial information or hack users through a banking or financial system, commonly through an online banking or brokerage interface.
A
banker Trojan
18
Q
is a Mozilla Firefox extension that uses packet sniffing to hijack unsecured Wi-Fi network sessions and capture unencrypted website cookies during network data transmission.
A
Firesheep
19
Q
Firesheep was created by software developer >\??
A
Eric Butler (2010)
20
Q
is the use of electronic messaging systems like e-mails and other digital delivery systems and broadcast media to send unwanted bulk messages indiscriminately.
A
Spamming
21
Q
is also applied to other media like in internet forums, instant messaging, and mobile text messaging, social networking spam, junk fax transmissions, television advertising and sharing network spam.
A
spamming
22
Q
involves sending nearly identical messages to thousands (or millions) of recipients.
A
Spam
23
Q
it is a spammers software robots (also Web crawlers or Web spiders) in order to get valid email addresses from company Web sites, blogs and newsgroups
A
spambots
24
Q
Spam is commonly used for advertising thus given an acronym
A
Sales Promotion and Marketing.
25
in what year?
RFC 733: Mail Specifications
● 1971
26
in what year?
First email spam was sent out to users of ARPANET – it was an ad for a presentation by Digital Equipment Corporation (DEC)
● 1978
27
in what year?
First know email Chain letter sent
● 1988
28
in what year?
“Spamming” starts as prank by participants in multi-user dungeon games by MUDers (Multi User Dungeon) to fill rivals accounts with unwanted electronic junk mail
● 1988
29
in what year?
First use of the term spam was for a post from USENET by Richard Depew to news.admin.policy,
which was the result of a bug in a software program that caused 200 messages to go out to the news group
● 1993
30
in what year?
● May 3rd – 25th anniversary of the first “spam” and the first time that the amount of spam email exceeded the amount of legitimate email
2003
31
in what year?
The rise of social media spam
2012
32
These are unsolicited messages that ask recipients to forward the message to others. Often, these messages contain threats or promises of good luck, and they can be considered a form of superstition or hoax.
Chain Letters
33
are typically used to spread malware or collect personal information.
Chain letters
34
: These are fraudulent investment schemes where individuals are promised high returns for recruiting new members into the scheme.
Pyramid Schemes
35
: These are fraudulent schemes that promise quick and easy wealth with minimal effort. Often, these schemes require an initial investment, and the promised returns are unrealistic.
"Get Rich Quick" or "Make Money Fast" Schemes
36
: These are fraudulent schemes that promise individuals the opportunity to work from home and make money.
Work-at-Home Schemes
37
: These are unsolicited messages that advertise pornographic websites or services.
Pornographic Websites
38
: These are unsolicited messages that advertise unknown start-up corporations and their stock offerings. Often, these companies are fraudulent, and the stock offerings are worthless.
Stock Offerings for Unknown Start-Up Corporations
39
: These are unsolicited messages that advertise health products or remedies that are not scientifically proven or regulated. Often, these products are fraudulent, and the claims made about them are false
Quack Health Products and Remedies
40
: These are unsolicited messages that advertise illegally pirated software. Using pirated software is illegal and can result in fines or legal action.
Pirated Software
41
TYPES OF SPAM
❖ Email Spam
❖ Social Networking Spam (or Social Media Scam)
❖ SMS Spam
❖ Spamdexing
42
There are 2 general types of unsolicited emails –
Unsolicited Bulk Emails (UBE) Unsolicited Commercial Emails (UCE),
43
SPAM messages, sent to multiple recipients, without their consent.
email spam
44
- Unwanted spam content appearing on social networking services and any website with user-generated content (comments, chat, etc.)
Social Networking Spam (or Social Media Scam)
45
- It can be manifested in many ways, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information
Social Networking Spam (or Social Media Scam)
46
- any unwanted or unsolicited text message sent indiscriminately to your mobile phone, often for commercial purposes
SMS Spam
47
Spamdexing which is a word derived from
“spam” and “indexing,”
48
refers to the practice of search engine spamming
Spamdexing
48
SEO?
Search Engine Optimization,
49
which is the art of having your website optimized, or attractive, to the major search engines for optimal indexing.
Search Engine Optimization,
49
take precautions
● Use a complicated email username
● Preview your messages before you open them
49
THINGS YOU CAN DO TO PREVENT SPAM
- Take Precautions
- Think Before You Click (or Reply or Forward)
- Monitor Your Settings, Report Suspicious Behavior
50
Think Before You Click (or Reply or Forward)
- ● Never, ever reply to a spam message
● Don't click any links in a spam email
● Don't forward an email from someone you don't know to a list of people
51
5. Technology-based Terrorism is also called
Cyberterrorism
51
Monitor Your Settings, Report Suspicious Behavior
● Use a spam filter.
● Make sure your privacy settings are set so you don't receive marketing from other sites in your AOL and Yahoo profiles
● If your organization has an IT department, forward it any spam that gets through.
52
is an essential element of modern terrorism; these powerful platforms allow terrorists to communicate, to make propaganda and recruit new sympathizers.
Social media
53
the Internet, and technology, could be exploited by terrorist organizations for several purposes including:
► Propaganda
► Psychological warfare
► Recruitment and mobilization
► Fundraising
► Data Mining, information gathering
► Secure communications
► Cyber attacks
► Software distribution (e.g., mobile app)
► Buying false documents
► Training
53
is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.
Cyberterrorism
54
It is also sometimes considered an act of Internet terrorism where terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, and other malicious software and hardware methods and programming scripts.
Cyberterrorism
55
is multi-lingual. It reaches not only Arab people and is easily accessible to young people.
online propaganda
56
is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information
from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware.
Cyber spying, or cyber espionage,
57
TOP 5 MOST COMMON CYBER-ATTACKS.
1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
2. Man-in-the-middle (MitM) attack is a Man-in-the-middle (MitM) attack.
3. Phishing and spear phishing attacks
4. Drive-by attacks
5. Password attack
58
is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
denial-of-service attack (DoS attack)
59
● is typically accomplished by flooding the targeted machine or resource with superfluous requests to overload systems and prevent some or all legitimate requests from being fulfilled.
Denial of service
60
, the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
distributed denial-of-service attack (DDoS attack)
61
● attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
Man-in-the-middle (MitM) attack is a Man-in-the-middle (MitM) attack.
62
● is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
Spear phishing
63
● attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
Spear phishing
64
may happen when visiting a website, opening an e-mail attachment or clicking a link, or clicking on a deceptive pop-up window by clicking on the window in the mistaken belief that, for example, an error report from the computer's operating system itself is being acknowledged or a seemingly innocuous advertisement pop-up is being dismissed.
Drive-by attacks or Drive-by downloads
65
● is the process which of recovering passwords from data that have been stored in or transmitted by a computer system.
Password attack
66
is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
brute-force attack)
67
● The three different types of password attacks are
Brute Force
Dictionary attack
Hybrid attack
68
The other types of cyber-attacks are
● SQL injection attack
● Cross-site scripting (XSS) attack
● Eavesdropping attack
● Birthday attack
● Malware attack
69
well-known attack groups is TEMP.Periscope, or Leviathan.
china
70
Types of Intelligence Gathering
* Competitive Intelligence
* Corporate Espionage
* Information Warfare
* Private Investigation
71
* Relies solely on legal and ethical means to gather data, piece it together to form information, and analyze it to create intelligence for the use of decision-makers
Competitive Intelligence
72
* Helps organizations better understand their competitive environment and make sound business decisions
Competitive Intelligence
73
* State-sponsored information and electronically delivered actions taken to achieve information superiority in support of national military strategy.
Information Warfare
74
* Meant to affect enemy information and information systems while protecting our information and information systems.
Information Warfare
75
Information Warfare Categories
offensive
defensive
76
- Deny, corrupt, destroy, or exploit an adversary’s information, and influence the adversary’s perception.
* Offensive
77
- Safeguard the nation and allies from similar actions, also known as IW hardening.
Defensive
78
* Research to develop knowledge on a human subject, by obtaining identifiable private information that can be linked to the individual.
Private Investigation
79
Investigation Methods
* Begin by writing down everything you know about your subject.
* Start the investigation from the person’s address and work out from there.
* Research property records.
* Ask at the Post Office for any change of address on the person.
* Ask neighbors for information.
* Research marriage records.
80
Internet Frauds. Several high-profile methods include the following:
1. Business E-Mail Compromise (BEC)
2. Data Breach
3. E-Mail Account Compromise (EAC)
4. Phishing/Spoofing
5. Ransomware
81
steal millions of dollars each year from victims and continue to plague the Internet through various methods.
Internet crime schemes
82
A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments.
Business E-Mail Compromise (BEC)
83
The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds.
Business E-Mail Compromise (BEC)
84
– A leak or spill of data which is released from a secure location to an untrusted environment.
Data Breach
85
can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
Data breache
86
this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.
E-Mail Account Compromise (EAC)
87
deal with forged or faked electronic documents.
Phishing/Spoofing
88
refers to the dissemination of e-mail which is forged to appear as though it was sent by someone other than the actual source.
Spoofing
89
, is often used in conjunction with a spoofed e-mail.
Phishing
90
Phishing, also referred to as
vishing, smishing, or pharming
90
It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website.
phishing
91
– form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems
ransomware
91
Frequent instances of Internet fraud include:
1. Business Fraud
2. Credit Card Fraud
3. Internet Auction Fraud
4. Investment Schemes
5. Non-delivery of Merchandise
92
Business fraud is also known as
corporate fraud
92
consists of dishonest and illegal activities perpetrated by individuals or companies in order to provide an advantageous financial outcome to those persons or establishments.
Business fraud
93
Also known as corporate fraud, these schemes often appear under the guise of legitimate business practices:
* Charity Fraud
* Internet Auction Fraud
* Non-delivery of merchandise
* Non-payment of funds
* Overpayment scheme
* Re-shipping scheme
94
is the unauthorized use of a credit or debit card, or similar payment tool (ACH, EFT, recurring charge, etc.), to fraudulently obtain money or property.
Credit card fraud
94
involves schemes attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.
Internet auction fraud
95
involves the illegal sale or purported sale of financial instruments.
Investment fraud
96
is a scheme most often linked to Internet auction fraud, in which a seller on an Internet auction website accepts payment for an item yet intentionally fails to ship it.
Non-delivery of merchandise
97
.is an application that capture data packets in order to view data and passwords in transit over networks
packet sniffer
98
Is the process of recovering passwords from data stored or transmitted by computer systems
password cracking
