APPENDIX 7: GLOSSARY
419 fraud
Form of advance fee fraud, in which the victim is
persuaded to put down a sum of money in anticipation of a much
larger gain, which then fails to materialise. Named after the
relevant article of the Nigerian criminal code.
Abstraction [of network layers]
Principle that there are different layers in a network
and each one has a specific function, with clear boundaries between
adjacent layers.
Botmaster
Controller of a botnet.
Botnet
Collection of compromised computers (individually
called robots or zombies) running malicious programs that allow
them to be controlled remotely; commonly used to distribute spam
or launch Distributed Denial of Service attacks.
Browser
Computer program which permits the viewing of material
on the World Wide Web.
Can-Spam Act
2003 Act of the United States Congress designed to
regulate the use of spam.
Cybercrime
See e-crime.
Distributed Denial of Service attack
Attack launched by means of compromised systems (typically
controlled via botnets), designed to overwhelm a particular servers
or networks by flooding them with packets of information.
Domain
Name identifying a computer or computers belonging
to a single organisation on the Internet.
E-crime
Crime committed against or with significant use of
electronic networks.
End-to-end [principle]
Principle that the network core should only carry
traffic, and that additional services should be delivered at the
edges of the network, by end-points, not within the network core.
Exploit
Known way of taking advantage of a security problem
with a system on the Internet.
File sharing
Practice of making files available for others to
download over the Internet.
Firewall
Device controlling the passage of data between areas
of a network that are more or less trustworthy.
Hacker
Person who tests out computer security, whether lawfully
or unlawfully (e.g. for research, or for criminal purposes).
Hypertext
Text on a computer that leads the user to other information,
e.g. by means of a "hyperlink".
Instant Messaging
Real-time communication between users of a network,
by means of typed text.
Internet
The global network of interconnected networks that
transmits data by means of the Internet Protocol.
Internet Protocol
Protocol for communicating data via the Internet
using packet-switching.
Internet Relay Chat
Form of real-time Internet communication via dedicated
channels.
Keylogger
Program that surreptitiously captures a user's keystrokes
so that a remote attacker may learn passwords etc.
Level 1/2/3 crime
Crime that affect a local police force only (level
1); that crosses force boundaries (level 2); or that is committed
nationally or internationally (level 3).
Malware
Malicious code.
Man in the middle
Attack in which the attacker places himself between
two parties, e.g. the individual end-user and his bank, without
those parties being aware that the link between them has been
compromised.
Network
Interconnected group of computers.
Node
Device within a network.
Operating system
Program that manages the hardware and software resources
of a computer.
Operation Ore
Police investigation into over 7,000 individuals
in the United Kingdom whose details were found on a database held
by Landslide Inc, an American company offering access to child
abuse websites.
Packet
Block of data carried by a computer network.
Packet switching
Paradigm for communicating information by which communications
between end-points are broken down into packets, and then routed
between the nodes making up the network, before being reconstructed
at the destination end-point.
Patch
Piece of software designed to fix a software vulnerability.
Peer-to-peer
Network in which participants share files or bandwidth,
all participants being equals, rather than communicating through
a central server.
Phishing
Criminal activity that relies on social engineering
to persuade victims to enter user names, passwords etc on a spoof
website.
Protocol
Set of guidelines governing communication between
computers.
Root [name server]
One of the thirteen servers that answer requests
for the "root domain" (the empty sequence at the end
of every domain name) and redirect such requests to the "top
level domain" (e.g. ".uk" or ".com")
name-servers.
Router
Device that determines the proper path for data to
travel between networks.
Sand-box
Virtual container in which programs that are not
trusted can safely run within infecting the rest of the computer
or network.
Spam
Unsolicited bulk email messages.
Spoofing
Launching an attack by masquerading as someone else.
Toolkit
A set of inter-related programs for a particular
purpose, such as the production of malware or the incorporation
of exploits into a Trojan.
Tor
The Onion Router, a system allowing users to communicate
anonymously on the Internet.
Trojan [horse]
Program that installs malicious software, under the
guise of doing something else.
Two factor [authentication]
Authentication requiring two different methods to
be used, typically something known (a password) and something
owned (often a key-fob generating a random sequence of six-digit
numbers).
Vendor
Manufacturer of software or some other product.
Virus
Malicious program, attaching itself to an existing
program, which can copy itself and infect or corrupt computers
without the knowledge or permission of their owners.
Vulnerability
Weakness in a system that exposes it to attack.
WiFi
Wireless communications medium used by mobile computing
devices.
World Wide Web
System of documents, identified or located by means
of Uniform Resource Identifiers (that is, strings of characters
used to specify particular resources or pages), interlinked by
means of hypertext, and accessed via the Internet.
Worm
Malicious program that replicates itself and sends
copies to other computers, so endangering the network by consuming
bandwidth, but which does not need to attach itself to an existing
program and may or may not corrupt the host computer itself.
Zombie
Compromised machine controlled by an external source,
typically forming part of a botnet.
| 
