Gain awareness of the multiple threats to internet security that exist, including what to look for and how to prevent from becoming a victim
There are many different paths into a restricted computer or network. Here is a list of the most common security breaches, and the methods used to access, copy, change, or destroy private data.
Hacking: The actual meaning of a hack is deconstruct, debug or tweak a software program or file. While there are legitimate reasons to hack, the popular use of the term implies at the minimum unauthorized access to a computer system. Hacking can encompass attempts to guess an access code or password to a site where one does not have authorized access. When hackers gain unauthorized access to a network with malicious intent to do damage or defraud, they often get other names, like crackers (criminal hackers), or attackers (as in "cyber attacks").
Phishing: Also called "brand spoofing" or "carding," this is a play on the word "fishing," in which "bait" -- i.e., a seemingly legitimate invitation or request -- is thrown out in hopes of hooking unsuspecting users to divulge personal information. The bait is usually in the form of an email, leading to a "pharm" or imposter website designed to get you to reveal a username, password, and/or account number. A variation is "social" phishing, which is when someone calls on the telephone pretending to be a customer service representative for a company you do business with, who at some point requests private access info, such as your password. Phishing happens on social networks, too, such as Facebook and Twitter.
Pharming: Pharming is a form of hacking that involves the creation of counterfeit websites that masquerade as real sites. The rogue sites encourage visitors to enter usernames and passwords that are then used to gain unauthorized access to bank accounts or other private accounts.
Keylogging: Also called "keyboard capture programs," these programs record keystrokes entered into a computer and often transmit a file containing those key captures surreptitiously over the Internet. Keylogging is legitimately used by companies to track employee performance, measure productivity, and create training materials. But keyloggers can be used maliciously by hackers to gain access to sensitive information such as passwords, credit card numbers, and bank account numbers, social security numbers, dates of birth, etc.
Trojan Horses, Viruses and Worms: During the Trojan War, the Greek army hid soldiers inside a wooden horse, which was towed inside of Troy's fortification to open the gates to allow the surrounding army in to destroy the city. Similarly, a Trojan horse is any software presented as useful that, once installed in the system, proceeds to take it over or destroy it. Unlike viruses and worms, Trojan horses are not self-replicating.
Viruses, like the pathogens that harm humans, are harmful code spread through multiple connected computers via the transmission from infected email attachments, websites, flash drives, or other file-transfer mechanisms.
Worms, similar to viruses in that they are self-replicating, do not require user interaction to spread and they don't damage a system. What they do is siphon the use of resources so as to slow down a system considerably, sometimes to the point of shutting it off completely.
Backdoors: A backdoor is separate way of accessing a system, often installed by programmers to protect against not being paid for a job. The same backdoor left by a programmer can be exploited by a hacker to allow remote control of hardware or software, usually without the permission or knowledge of the network's owner. While there are legitimate reasons for installing backdoors (e.g., testing), they can be exploited to surreptitiously collect data and install spyware or malware.
Bots and Botnets: An Internet robot is an automated program that works without a human operator. Also called "webcrawlers" or "spiders," bots can secretly install spyware and malware, and are frequently used to carry out remote attacks on a network. When bots are linked together, they form a "botnet" network of bots, installed on multiple computers running identical malware and collaborating on attacks.
Advanced Persistent Threats (APTs): A group of hackers (or the computers they have taken over) collectively targeting a specific network weakness. This is increasingly popular among criminal hackers. Growing use of APT requires new and creative security responses.
Denial of Service (DoS) Attack: The "denial of service" attack is an attempt to shut down an online service by flooding it with redundant requests, such as continuously reloading a home page from thousands of different computers at the same time. The result is that the site's services are denied to authorized users, who can't get in. Site response times will often slow down with DoS attacks, which is one way of detecting them. In some cases, DoS attacks can cause a site to crash.
Cookies: Cookies are files containing small amounts of data and instructions typically used to customize a website to the user's personal preferences. Cookies identify the user as someone who has visited the site before. They are often capable of retrieving a browser's history and preferences, tracking the browser's movements through the site, and tracking the browser's online activities after leaving the site. Thus, cookies can be a threat to privacy as well as a tool to make using the Internet faster and more personalized.
Adware: Pop-up windows or advertising banners that appear within a website's interface. While generally not malicious, adware can be pernicious and annoying, and can, in fact, be used to transmit malicious code (malware) to connected devices.
Drive-By Attacks: A "drive-by attack" is the installation of rogue software without a user's knowledge or consent. Drive-bys are usually accomplished when an unsuspecting user clicks on a pop-up ad on a website. Sometimes the drive-by is initiated by clicking the "close" box on the ad, so that attempting to close the pop-up launches the attack.
Hijacking: These software programs alter browser settings or change a default home page to some other site. If your browser is hijacked, it will take you to sites you didn't ask to see. An innocent example is a hotel's Internet access page, which appears when you attempt to access a site before consenting to the hotel's terms. Another form of hijacking is when a website -- or even just a homepage -- is taken over by hackers and redirected to another site or replaced with a bogus homepage. Sometimes hackers hijack a site to make the fact that they cracked the system undeniable -- forcing companies to admit that they were hacked.
Rogue Antispyware: Programs that pose as legitimate virus protection or antispyware applications. The rogue program alerts you to a nonexistent problem on your computer and triggers a pop-up ad offering to sell you an unneeded product that supposedly fixes it. Neither the pop-ups nor the rogue software itself are easily removed.