One of the challenges of writing—and reading—about hacking is that it's a world full of jargon and technical terms. It's our job as journalists to translate this lingo and make it understandable to the average reader.
Still, accuracy is important and sometimes you have to use the right terms. To help you navigate our stories during our special week on cybersecurity, The Hacks We Can't See, (and our future and continued coverage of hacking) we thought it'd be good to have a little glossary.
A
Attribution
Attribution is the process of establishing who is behind a hack. Often, attribution is the most difficult part of responding to a major breach since experienced hackers may hide behind layers of online services that mask their true location and identity. Many incidents, such as the Sony hack, may never produce any satisfactory attribution.
B
Backdoor
Entering a protected system using a password can be described as going through the front door. Companies may build "backdoors" into their systems, however, so that developers can bypass authentication and dive right into the program. Backdoors are usually secret, but may be exploited by hackers if they are revealed or discovered.
Black hat
A black hat hacker is someone who hacks for personal gain and/or who engages in illicit and unsanctioned activities. As opposed to white hack hackers (see below), who traditionally hack in order to alert companies and improve services, black hat hackers may instead sell the weaknesses they discover to other hackers or use them.
Botnet
Is your computer part of a botnet? It could be, and you might not know it. Botnets, or zombie armies, are networks of computers controlled by an attacker. Having control over hundreds or thousands of computers lets bad actors perform certain types of cyberattacks, such as a DDoS (see below). Buying thousands of computers wouldn't be economical, however, so hackers deploy malware to infect random computers that are connected to the internet. If your computer gets infected, your machine might be stealthily performing a hacker's bidding in the background without you ever noticing.
Brute force
A brute force attack is arguably the least sophisticated way of breaking into a password-protected system, short of simply obtaining the password itself. A brute force attack will usually consist of an automated process of trial-and-error to guess the correct passphrase. Most modern encryption systems use different methods for slowing down brute force attacks, making it hard or impossible to try all combinations in a reasonable amount of time.
Bug
You've probably heard of this one. A bug is a flaw or error in a software program. Some are harmless or merely annoying, but some can be exploited by hackers. That's why many companies have started using bug bounty programs to pay anyone who spots a bug before the bad guys do.
C
Cracking
A general term to describe breaking into a security system, usually for nefarious purposes. According to the New Hacker's Dictionary published by MIT Press, the words "hacking" and "hacker" (see below) in mainstream parlance have come to subsume the words "cracking" and "cracker," and that's misleading. Hackers are tinkerers; they're not necessarily bad guys. Crackers are malicious. At the same time, you'll see cracking used to refer to breaking, say, digital copyright protections—which many people feel is a just and worthy cause—and in other contexts, such as penetration testing (see below), without the negative connotation.
Crypto
Short for cryptography, the science of secret communication or the procedures and processes for hiding data and messages with encryption (see below).
Chip-off
A chip-off attack requires the hacker to physically remove memory storage chips in a device so that information can be scraped from them using specialized software. This attack has been used by law enforcement to break into PGP-protected Blackberry phones.
D
Dark web
The dark web is made up of sites that are not indexed by Google and are only accessible through specialty networks such as Tor (see below). Often, the dark web is used by website operators who want to remain anonymous. Everything on the dark web is on the deep web, but not everything on the deep web is on the dark web.
DDoS
This type of cyberattack has become popular in recent years because it's relatively easy to execute and its effects are obvious immediately. DDoS stands for Distributed Denial of Service Attack, which means an attacker is using a number of computers to flood the target with data or requests for data. This causes the target—usually a website—to slow down or become unavailable. Attackers may also use the simpler Denial of Service attack, which is launched from one computer.
Deep web
This term and "dark web" or "dark net" are sometimes used interchangeably, though they shouldn't be. The deep web is the part of the internet that is not indexed by search engines. That includes password-protected pages, paywalled sites, encrypted networks, and databases—lots of boring stuff.
DEF CON
One of the most famous hacking conferences in the US and the world, which started in 1992 and takes place every summer in Las Vegas.
