Home > Glossary

Glossary

Here is a compilation of cyber terms and definitions frequently used on the website. The term “cyberwar” is not fully understood by the public, security experts, military or government officials. Several organizations and people try to define terms in order to explain their argument or to provide one definition everyone can use. However, there has not been one source to compile a comprehensive list to which policy makers, government/military leaders, and security officials can agree to use. The definitions were written from multiple sources that attempt at defining the various terms. The quoted definitions are directly from the source provided. While this is not a comprehensive list, hopefully it will provide a good idea of what commonly used terms mean.

Terms

Cyberwar: Cyberwar is a conflict between state actors in the cyber domain. If a cyber attack causes harm or damage and/or was politically motivated, then it constitutes as an act of war. Conflict between non-state groups or individuals is not cyberwar. Many claim that a worm which steals information is an act of war, but others caution against conflating every cyber attack with cyberwar. Cyberwar is a contentious term among the nation's leaders and security experts. While some believe we are currently in a cyberwar, others do not. Though the term gets used frequently, no one definition is used across organizations or people. (Sources: Lorents & Ottis (pay or university access only) & Virtually Here: The Age of Cyberwarfare)

Cyber attack: A cyber attack is not espionage or stealing intellectual property. An attack is linked to cyberwar in the sense that it is directed toward a target for political means. In order for a cyber attack to constitute an act of war, it must come from a nation-state. A cyber attack damages infrastructure or information systems and can be conducted by terrorist groups or nation-states. Even though cyber attacks can come from non-state actors, they are not considered part of “cyberwar.” However, there are people (like Michael Hayden) who believe that stolen information should be considered an attack (and act of war). The term “cyber attack” is used often and ambiguously so determining how people use it is important to see if they consider cyber attacks part of cyberwarfare. (Lewis)

Cyber espionage: Cyber espionage is using cyber means to gain information on an opponent’s information, military capabilities and intentions. (Lewis and Lorents & Ottis (pay or university access only)

Cyber weapon: “Cyber weapons are information technology based-system that is designed to damage the structure or operations of some other information technology based-system(s).” (Lorents & Ottis (pay or university access only)

Cyber incidents : Cyber incidents are purposeful or accidental events which cause disruption, damage or harm to an information system. While “incident” is sometimes used synonymously with “attack,” a cyber incident does not have to be planned. It can be an accident caused by a simple glitch in a system. ( Improving our Nation’s Cybersecurity through the Public‐Private Partnership and Lorents & Ottis (pay or university access only)

Cyber crime: Cyber crime involves engaging in illegal activity using internet technologies. For example, a cyber crime could be unlawful money extraction from financial systems. (Lewis)

People

Hacktivist: A hacktivist is someone who intends to communicate a social or political message by engaging in various kinds of cyber attacks (i.e. theft, website defacement, denial of service, etc.). A hacktivist is not necessarily linked to a specific government or group, however they do show their support to a political or ideological group by hacking into an opposing website or system. . ( US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation)

Black hat: A black hat is a type of computer hacker who has intentions of causing damage or engaging in illegal actions online (i.e. creating viruses, stealing information, etc.). Not to be confused with the Black Hat Conference (which is a security conference), black hats are usually thought of us “bad” hackers. ( US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation and Hacking Alert)

White hat: Opposite of a black hat, a white hat hacker tries to improve security. “White hats” are also considered ethical hackers or just computer security experts. ( US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation and Hacking Alert)

Grey hat: A white hat is someone who fits in the middle of a black and white hat. He/she may illegal hack into a system with good intentions. Grey hats do not hack into systems for personal or monetary gain, however. If they did, they would be considered black hats. (Hacking Alert)

Script kiddies: A hacker who does not create his/her own code, but is able to deface websites, gain access, etc. based on other people’s research. Generally, this is a derogatory term for hackers and commonly refers to young hackers. ( US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation and Hacking Alert)

Types of Cyber Attacks

Adware: “Software that generates revenue by displaying advertisements targeted at the user. Adware earns revenue from either the vendor or the vendor’s partners. Certain types of adware have the capability to capture or transmit personal information.”( McAfee)

Botnet: “A collection of zombie PCs. Botnet is short for robot network. A botnet can consist of tens or even hundreds of thousands of zombie computers. A single PC in a botnet can automatically send thousands of spam messages per day. The most common spam messages come from zombie computers.” (McAfee)

Clickjacking (“UI redressing”): This is a technique to hijack clicks on web pages. A link or button will be beneath another layer of imagery on a website. But, a malicious page is created by clicking on it, even though the internet user does not see it. A hacker will then be able to see one’s personal details, make a purchase, etc. (Sophos)

Computer network attack (CNA): A CNA disrupts, denies, degrades, manipulates or destroys information in computers and computer networks or the networks themselves. (Joint Terminology for Cyberspace Operations, Michael Hayden and US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation)

Computer network exploitation (CNE): A CNE allows for intelligence collection capabilities by using computer networks to gather data from a target. (Joint Terminology for Cyberspace Operations, Michael Hayden and US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation)

DDOS attacks (distributed denial of service): “Denial-of-service attacks target a computer server, or network by flooding it with traffic. A denial-of-service attack overwhelms its target with false connection requests so the target ignores legitimate requests.”(McAfee)

Phishing: Phishing is trying to get people’s personal information. Hackers will send fake emails pretending to be legitimate businesses. Most of the time, phishing emails want the recipient to click on a link to update credit card information or other personal details. (McAfee and OECD Report)

Malware: “Malware, short for malicious software, aims to infect computer systems without the owner’s consent.” (McAfee)

Scareware: “A type of malware designed to trick users into purchasing or downloading useless or potentially dangerous software, usually phony anti-virus software. It’s called scareware because users are scared into thinking something is wrong with their machine to get them to download the software.”(McAfee)

Social engineering: Hackers will search for “hot topics” on the internet and then post a message about the topic with a link to a site which might steal personal information. (McAfee)

Virus: “A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission.”(McAfee)