Today’s loudest cybersecurity buzz words; unwrapped and defined simply.

Area 1 Security | @area1security

/blak hatˈ hakər/

The hackers who are widely considered the “bad guys.” These hackers have selfish or malicious intentions. Black hats aim to steal, alter, destabilize, or destroy data and software. Their actions often involve vandalizing websites, launching viruses, and stealing personal information.

Also referred to as “dark-side hackers.”

/dəˈseptiv ˈfiSHiNG/

Currently the most common type of broadcast phishing attack. Deceptive phishing involves sending a fictitious email with a link that victims are manipulated into clicking.

These emails typically request verification of account information, prompt re-entering information, offer fake services, or present false account charges.

/fōn fiSHiNG/

An attack involving messages which pose as banks and make false claims about bank accounts. The victims are instructed to call a phone number and then enter their account numbers and PIN. This phone number is owned by the attacker and provided by a voice over IP service.

Voice phishing is also referred to as “vishing.”

/ɡrā hat ˈhakər/

Since white hats symbolize the “good guys” and black hats the “bad guys” it makes sense that grey hats represent the middle ground among the ethical spectrum. These computer experts have neither benevolent nor malicious intentions. They will not hack to destroy, tamper, or exploit data. However, they will not inform a company of the vulnerabilities which they find either. Their actions are illegal as they are hacking into systems without permission.

This term was initially popularized in 1996 when DEF CON scheduled its very first Black Hat Briefings.

/ˈhak-tuh-vist/

A term used to describe hackers who use networks to endorse a political agenda. Made by a fusion of the words “hacker” and “activist.” This term implies a certain level of proficiency.

Hacktivists use their skills to enact pressure on targeted institutions. They rationalize their actions by a set of ethics which include human rights, freedom of information, and free speech.

The population holds conflicting images of these hackers. Some believe that their actions should be regarded as cyberterrorism while others esteem their influence over social change.

“Anonymous” has popularized hacktivism in the media.

/ˈ(h)wāliNG/

Phishing attacks which target senior executives and other high profile individuals. The content is designed specifically for upper management. The email looks like an urgent message sent from a business authority.

Whaling uses an email with a fake concern that would involve a whole company. The attacker acknowledges the position of the targeted victim by designing the email as a customer complaint, legal subpoena, or executive problem.

/(h)wīt hat ˈhakər/

Computer security specialists who practice penetration testing. They hack into protected systems and networks for legitimate reasons, such as evaluating a company’s security state. White hat hackers are largely regarded as “the good guys.”

Car hacking has been a recent topic involving white hat hackers.

/klōn fiSHiNG/

Clone phishing uses an almost identical replica of an authentic email. In the email, the original link or attachment is substituted with a malicious one. The email is sent from an address that somehow resembles the original sender. In the new email, the attacker will often acknowledge the original by claiming to be either a copy or an update of it.

/ˈsībər ˈterərəst/

Someone who practices cyber-terrorism, a planned and politically motivated computer attack. Cyber-terrorists intentionally impose fear and disorder by threatening people or spreading viruses. These criminals will attack information, programs, computer systems, and data.

/ˈsībər ˈwôrēər/

An individual who participates in “cyber-warfare” for a variety of reasons. Religious principles, patriotism, and personal rationals are among the motivating forces for cyber warriors.

There are two roles involved in cyber-warfare — the defender of an information system and the attacker.

Sometimes cyber warriors find better methods of system security through discovering vulnerabilities. They will then close such vulnerabilities before other hackers can exploit them.

/Skript ˈkidē/

A computer programming amateur who launches hacks and exploits using preexisting programs. Script kiddies do not learn how these systems operate. The typical script kiddie is in his / her preteen-teenage years.

Notoriously, the script kiddie will disregard the values held by hacker subculture. Their hacks into networks, websites, and computer systems are personally motivated. The script kiddie’s goal is to gain a false sense of power and attain bragging rights amongst their equally novice peers.

Also referred to as “skiddie,” “skid,” “lamer,” or “script bunny.”

/ˈsnōˌSHo͞oiNG/

Snowshoeing is a method of dispersing mass amounts of spam through a variety of domains and IPs over a brief span of time. Ultimately, the abundance of IP addresses makes it difficult for victims to identify the spam. This technique aims to weaken reputation metrics and bypass filters.

Also referred to as “hit-and-run” spam. The term snowshoeing, in this context, is derived from the activity which spreads snow over a large area.

/spir fiSHiNG/

A targeted email attack that uses fake messages to gain access to confidential information. Spear phishing attacks aren’t random, they are uniquely designed for specific institutions.

Spear phishing attackers will collect information about a targeted institution to ensure success. Attackers choose victims based on who will help them obtain trade secrets, military information, or other data that might yield financial benefits.

Currently spear phishing attacks are the most successful type of cyber attacks and make up about 91% of them.