Professional Documents
Culture Documents
Antivirus software
1.1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.1
1.1.2
1.1.3
1.1.4
2000-2005 period
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.5
2005 to present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2
1.3
History
Identication methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.1
Signature-based detection
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2
Heuristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.3
Rootkit detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.4
Real-time protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issues of concern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
Eectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.6
New viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.7
Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.8
Damaged les . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.9
Firmware issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5
Alternative solutions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.2
Cloud antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.3
Online scanning
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.4
Specialist tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.6
1.7
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.8
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.9
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
ii
CONTENTS
1.10 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
Application security
13
2.1
Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
2.2
. . . . . . . . . . . . . . . . . . . . . . .
13
2.3
13
2.4
13
2.5
14
2.6
Security certications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
2.7
15
2.8
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
2.9
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
16
Backdoor (computing)
17
3.1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
3.1.1
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
3.1.2
18
3.1.3
Asymmetric backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
Compiler backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
3.2.1
Occurrences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
3.2.2
Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
3.3
19
3.4
References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
3.5
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
3.2
Black hat
21
4.1
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
4.2
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
22
5.1
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.2
The conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.3
Conferences topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.4
22
5.5
22
5.6
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
5.7
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
5.8
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
Botnet
24
6.1
Types of botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.1.1
24
Legal botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS
6.1.2
iii
Illegal botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.2
Recruitment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.3
Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.4
Formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
6.5
Types of attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
6.6
Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.7
26
6.8
Trivia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.9
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.10 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
27
28
Computer crime
29
7.1
Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
7.1.1
29
7.1.2
Cyberterrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
7.1.3
Cyberextortion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.4
Cyberwarfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.5
Computer as a target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.6
Computer as a tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.2
Documented cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
32
7.3
33
7.3.1
Diusion of Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.2
Investigation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.3
Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.4
Penalties
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.4
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.5
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34
7.6
Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
7.7
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36
7.7.1
36
Government resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Computer security
37
8.1
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
8.1.1
Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
8.1.2
Denial-of-service attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.3
Direct-access attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.4
Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.5
Spoong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.6
Tampering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.7
Repudiation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.8
Information disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
iv
CONTENTS
8.1.9
8.2
8.3
8.4
Privilege escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.1.10 Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
39
39
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.1
Financial systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.2
39
8.2.3
Aviation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.4
Consumer devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.5
Large corporations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.6
Automobiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.7
Government . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
40
8.3.1
41
Vulnerable areas
Reasons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
8.4.1
41
8.4.2
Security measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
8.4.3
Reducing vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
42
8.4.4
Security by design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.5
Security architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.7
44
8.4.8
Secure coding
45
8.4.9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
45
45
8.5.1
46
8.5.2
Rome Laboratory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.3
46
8.5.4
Stuxnet attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.5
46
8.5.6
46
8.6
46
8.7
Government . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
8.7.1
Publicprivate cooperation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
47
8.8.1
47
8.8.2
47
8.8.3
48
8.8.4
48
8.5
8.8
CONTENTS
8.8.5
48
8.8.6
Government initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
48
8.8.7
Military agencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
48
8.8.8
FCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
8.8.9
49
International actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
8.9.1
Germany . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.2
South Korea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.3
India . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.4
Canada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
51
8.10.1 Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
51
51
52
8.13 Terminology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
52
8.14 Scholars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54
54
55
8.17 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
58
Computer worm
59
9.1
59
9.2
60
9.3
Mitigation techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
9.4
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
9.5
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
9.6
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
9.7
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
8.9
10 Crimeware
62
10.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
62
10.3 Concerns
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
62
63
10.5 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
63
63
11 Cryptovirology
11.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
64
64
vi
CONTENTS
11.2 Examples of viruses with cryptography and ransom capabilities . . . . . . . . . . . . . . . . . . .
65
65
65
11.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
65
12 DEF CON
12.1 History
66
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
67
12.2.1 1999 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.2 2001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.3 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.4 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.5 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.6 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.7 2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.8 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.2.9 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
68
68
68
12.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
69
69
69
70
13.1 Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
13.1.1 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
13.1.2 Pivoting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
71
13.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
71
14 Firewall (computing)
14.1 History
72
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
72
73
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
73
73
14.2 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
74
14.2.2 Application-layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
14.2.3 Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
75
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS
vii
75
14.4 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
76
15 Grey hat
77
15.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
77
15.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
78
78
15.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
16 Hacker
80
16.1 Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.2 Entertainment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3 People . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3.1 Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3.2 Fictional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
81
81
82
17.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
17.2 Classications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
82
82
83
83
83
17.2.6 Neophyte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
83
17.2.8 Hacktivist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
83
83
17.3 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
84
17.3.2 Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84
85
85
17.6 Customs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
86
86
17.7.1 India . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
viii
CONTENTS
17.7.2 Netherlands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
86
87
87
87
87
88
17.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
88
17.11Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
89
17.12External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
89
18 Hacker (term)
90
90
91
92
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
18.6 Filmography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
95
96
18.8 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
96
96
97
97
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19 Hacker group
98
98
19.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
98
98
20 Hacker Manifesto
99
99
99
20.3 Related . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
99
20.4 References
99
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21 Hacking tool
101
21.1 Worms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
102
CONTENTS
ix
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.3 Cracking
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.3.1 Trojan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
110
113
CONTENTS
24.1.10 End of multi-frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
24.2 2600 Hz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
24.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
24.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
24.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
25 Rootkit
119
130
132
CONTENTS
xi
142
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
xii
CONTENTS
28.5.3 1984 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
28.5.4 1985 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
28.5.5 1986 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.6 1987 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.7 1988 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.8 1989 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6 1990s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.1 1990 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.2 1992 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.3 1993 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.4 1994 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.5 1995 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.6 1996 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.7 1997 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.8 1998 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.9 1999 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7 2000s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.1 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.2 2001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.3 2002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.4 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.5 2004 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.6 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.7 2006 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.8 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.9 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.7.10 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8 2010s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.1 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.2 2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.3 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.4 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.8.5 2014 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.10Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
152
CONTENTS
xiii
30 Vulnerability (computing)
155
162
164
168
xiv
CONTENTS
33.2 Levys true hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
33.3 Other descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.5 Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.7 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
33.8 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
33.9 Text and image sources, contributors, and licenses . . . . . . . . . . . . . . . . . . . . . . . . . . 173
33.9.1 Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
33.9.2 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
33.9.3 Content license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter 1
Antivirus software
Antivirus redirects here. For the antiviral medication, 1.1.1
see Antiviral drug.
Antivirus or anti-virus software (often abbreviated
1949-1980
days)
period
(pre-antivirus
Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable les and the boot sectors
of oppy disks and hard disks. However, as internet usage
became common, viruses began to spread online.[19]
later joined FRISK Software). Also Frans Veldman released the rst version of ThunderByte Antivirus, also
known as TBAV (he sold his company to Norman Safeground in 1998). In Czech Republic, Pavel Baudi and
Eduard Kuera started avast! (at the time ALWIL Software) and released their rst version of avast! antivirus.
In June 1988, in South Korea, Dr. Ahn Cheol-Soo released its rst antivirus software, called V1 (he founded
1.1.2 1980-1990 period (early days)
AhnLab later in 1995). Finally, in the Autumn 1988, in
There are competing claims for the innovator of the rst United Kingdom, Alan Solomon founded S&S Internaantivirus product. Possibly, the rst publicly documented tional and created his Dr. Solomons Anti-Virus Toolkit
removal of an in the wild computer virus (i.e. the Vi- (although he launched it commercially only in 1991 - in
enna virus) was performed by Bernd Fix in 1987.[20][21] 1998 Dr. Solomons company was acquired by McAfee).
At the end of the year, in the USA, Ross M. Greenberg
In 1987, Andreas Lning and Kai Figge founded G Data
released his second antivirus program, called VirexPC.
Software and released their rst antivirus product for the
[22]
Atari ST platform. Later in the same year, also the Ul- Also in 1988, a mailing list named VIRUS-L[33] was
timate Virus Killer (UVK) 2000 antivirus was released.[23] started on the BITNET/EARN network where new
viruses and the possibilities of detecting and eliminating
In 1987, in USA, John McAfee founded the McAfee
viruses were discussed. Some members of this mailing
company (now part of Intel Security[24] ) and, at the end
list were: Alan Solomon, Eugene Kaspersky (Kaspersky
[25]
of that year, he released the rst version of VirusScan.
Lab), Fririk Sklason (FRISK Software), John McAfee
In the meanwhile, in Slovakia, Peter Pako and Miroslav
(McAfee), Luis Corrons (Panda Security), Mikko HypTrnka created the rst version of NOD32 antivirus (albeit
pnen (F-Secure), Pter Szr, Tjark Auerbach (Avira)
they established ESET only in 1992).
and Dr. Vesselin Bontchev (FRISK Software).[33]
In 1987, Fred Cohen wrote that there is no algoIn 1989, in Iceland, Fririk Sklason created the
rithm that can perfectly detect all possible computer
rst version of F-PROT Anti-Virus back in 1989 (he
viruses.[26]
founded FRISK Software only in 1993). In the meanThe rst antivirus signatures were simply hashes of the while, in USA, Symantec (founded by Gary Hendrix in
entire les or sequences of bytes that represented the par- 1982) launched its rst Symantec antivirus for Macintosh
ticular malware.
(SAM).[34][35] SAM 2.0, released March 1990, incorpoFinally, in the end of 1987, the rst two heuristic an- rated technology allowing users to easily update SAM to
that
tivirus utilities were released: FluShot Plus by Ross intercept and eliminate new viruses, including many
[36]
[27][28][29]
[30][31]
didn't
exist
at
the
time
of
the
programs
release.
Greenberg
and Anti4us by Erwin Lanting.
However, the kind of heuristic they were using was totally
dierent from the one used today by many antivirus products. The rst antivirus product with an heuristic engine
which resembles the ones used nowadays was F-PROT
in 1991.[32] The early heuristic engines were based on dividing the binary in dierent sections: data section, code
section (in legitimate binary it usually starts always from
the same location). Indeed the initial viruses re-organise
the layout of the sections, or override the initial portion
of section in order to jump to the very end of the le
where malicious code was located and then, later on, go
back to resume the execution of the original code. This
was a very specic pattern, not used at the time by any
legitimate software, that initially represented a very nice
heuristic to catch where something was suspicious or not.
Later, in time, other kind of more advanced heuristics
have been added, such as: suspicious sections name, incorrect header size, wildcards and regular expressions and
partial pattern in-mermory metching.
In 1990, the Computer Antivirus Research Organization (CARO) was founded. In 1991, CARO released
the Virus Naming Scheme, originally written by Fririk
Sklason and Vesselin Bontchev.[38] Although this naming scheme is now outdated, it remains the only existing
1.1. HISTORY
standard that most computer security companies and researchers ever attempted to adopt. CARO members includes: Alan Solomon, Costin Raiu, Dmitry Gryaznov,
Eugene Kaspersky, Fririk Sklason, Igor Muttik, Mikko
Hyppnen, Morton Swimmer, Nick FitzGerald, Padgett
Peterson, Peter Ferrie, Righard Zwienenberg and Dr.
Vesselin Bontchev.[39][40]
In 1991, in the USA, Symantec released the rst version of Norton Anti-Virus. In the same year, in
Czechoslovakia, Jan Gritzbach and Tom Hofer founded
AVG Technologies (Grisoft at the time), although they released the rst version of their Anti-Virus Guard (AVG)
only in 1992. On the other hand, in Finland, F-Secure
(founded in 1988 by Petri Allas and Risto Siilasmaa with the name of Data Fellows) released the rst version
of their antivirus product. F-Secure claims to be the rst
antivirus rm to establish a presence on the World Wide
Web.[41]
Over the years it has become necessary for antivirus software to use several dierent strategies (e.g. specic email
In 1991, the European Institute for Computer An- and network protection or low level modules) and detectivirus Research (EICAR) was founded to further an- tions algorithms, as well as to check an increasing variety
tivirus research and improve development of antivirus of les, rather than just executables, for several reasons:
software.[42][43]
In 1992, in Russia, Igor Danilov released the rst version
of SpiderWeb, which later became Dr. Web.[44]
In 1994, AV-TEST reported that there were 28,613
unique malware samples (based on MD5) in their
database.[45]
Over time other companies were been founded. In 1996,
in Romania, Bitdefender was founded and released the
rst version of Anti-Virus eXpert (AVX).[46] In 1997,
in Russia, Eugene Kaspersky and Natalia Kaspersky cofounded security rm Kaspersky Lab.[47]
In 1996, there was also the rst in the wild Linux virus,
known as Staog.[48]
In 1999, AV-TEST reported that there were 98,428
unique malware samples (based on MD5) in their
database.[45]
1.1.4
2000-2005 period
Powerful macros used in word processor applications, such as Microsoft Word, presented a risk.
Virus writers could use the macros to write viruses
embedded within documents. This meant that
computers could now also be at risk from infection by opening documents with hidden attached
macros.[55]
The possibility of embedding executable objects inside otherwise non-executable le formats can make
opening those les a risk.[56]
Later email programs, in particular Microsofts
Outlook Express and Outlook, were vulnerable to
viruses embedded in the email body itself. A users
computer could be infected by just opening or previewing a message.[57]
In 2005, F-Secure was the rst security rm that developed an Anti-Rootkit technology, called BlackLight.
Given the consideration that most of the people is nowaIn 2000, Rainer Link and Howard Fuhs started the
days connected to the Internet round-the-clock, in 2008,
rst open source antivirus engine, called OpenAntivirus Jon Oberheide rst proposed a Cloud-based antivirus
[49]
Project.
design.[58]
In 2001, Tomasz Kojm released the rst version of In November 2009, Panda Security unveiled its rst
ClamAV, the rst ever open source antivirus engine to Cloud-based antivirus technology, the rst commercial
be commercialised. In 2007, ClamAV was bought by CloudAV ever released. A year after, Sophos also
Sourcere,[50] which in turn was acquired by Cisco Sys- added to its host-based antivirus product a Cloud-based
tems in 2013.[51]
one. In the following years, many other antivirus
In 2002, in United Kingdom, Morten Lund and Theis rms have added a CloudAV to their security products
Sndergaard co-founded the antivirus rm BullGuard.[52] (see Comparison of antivirus software for a complete
In 2005, AV-TEST reported that there were 333,425 overview).
unique malware samples (based on MD5) in their In 2011, AVG introduced a similar cloud service, called
Protective Cloud Technology.[59]
database.[45]
Signature-based detection technique can be very eecThere are several methods which antivirus engine can use tive but, clearly, cannot defend against malware unless
to identify malware:
some of its samples have already been obtained, a proper
signatures generated and the antivirus product updated.
Signature-based detection: is the most common Signature-based detection system rely on the consideramethod. To identify viruses and other malware, the tion that, generally speaking, the more infective a malantivirus engine compares the contents of a le to its ware is the faster arrives in the hands of security redatabase of known malware signatures.
searchers. Thus, even if it does not guarantee perfection,
it guarantees the protection from the most widespread
Heuristic-based detection: is generally used to- threats. However, this approach is not really eective
gether with signature-based detection. It detects against zero-day or next-generation malware, i.e. malmalware based on characteristics typically used in ware that has not been yet encountered/analysed.
known malware code.
As new malware are being created each day, the
Behavioural-based detection:
is similar to signature-based detection approach requires frequent upheuristic-based detection and used also in Intrusion dates of the signatures database. To assist the antivirus
Detection System. The main dierence is that, rms, the software may automatically upload new malinstead of characteristics hardcoded in the malware ware to the company or allow the user to manually do
code itself, it is based on the behavioural ngerprint it, allowing the antivirus rms to dramatically shorten
of the malware at run-time. Clearly, this technique the life of those threats. Some antivirus products inis able to detect (known or unknown) malware cludes also advanced software to spot zero-day or nextonly after they have starting doing their malicious generation malware.
actions.
Many viruses start as a single infection and through either mutation or renements by other attackers, can grow
into dozens of slightly dierent strains, called variants.
Generic detection refers to the detection and removal of
multiple threats using a single virus denition.[79]
1.2.3
Rootkit detection
1.2.4
Real-time protection
5
present subscription[85] while BitDefender sends notications to unsubscribe 30 days before the renewal.[86]
Norton AntiVirus also renews subscriptions automatically by default.[87]
1.3.4
anti-virus industry has over-hyped how eective its products are and so has been misleading customers for
years.[113]
Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection.
The best ones provided as high as 99.9% detection for
simulated real-world situations, while the lowest provided
It is sometimes necessary to temporarily disable virus 91.1% in tests conducted in August 2013. Many virus
protection when installing major updates such as Win- scanners produce false positive results as well, identifydows Service Packs or updating graphics card drivers.[103] ing benign les as malware.[114]
Active antivirus protection may partially or completely
prevent the installation of a major update. Anti-virus Although methodologies may dier, some notable
software can cause problems during the installation of independent quality testing agencies include AVan operating system upgrade, e.g. when upgrading to a Comparatives, ICSA Labs, West Coast Labs, Virus
of the Antinewer version of Windows in place without eras- Bulletin, AV-TEST and other members[115][116]
ing the previous version of Windows. Microsoft recom- Malware Testing Standards Organization.
mends that anti-virus software be disabled to avoid conicts with the upgrade installation process.[104][105][106]
The functionality of a few computer programs can be
hampered by active anti-virus software. For example
TrueCrypt, a disk encryption program, states on its troubleshooting page that anti-virus programs can conict
with TrueCrypt and cause it to malfunction or operate
very slowly.[107] Anti-virus software can impair the performance and stability of games running in the Steam
platform.[108]
Support issues also exist around antivirus application interoperability with common solutions like SSL VPN remote access and network access control products.[109]
These technology solutions often have policy assessment
applications which require that an up to date antivirus is
installed and running. If the antivirus application is not
recognized by the policy assessment, whether because the
antivirus application has been updated or because it is not
part of the policy assessment library, the user will be unable to connect.
1.3.5
Eectiveness
Studies in December 2007 showed that the eectiveness of antivirus software had decreased in the previous
year, particularly against unknown or zero day attacks.
The computer magazine c't found that detection rates for
these threats had dropped from 40-50% in 2006 to 2030% in 2007. At that time, the only exception was the
NOD32 antivirus, which managed a detection rate of 68
percent.[110] According to the ZeuS tracker website the
average detection rate for all variants of the well-known
ZeuS trojan is as low as 40%.[111]
The problem is magnied by the changing intent of virus
authors. Some years ago it was obvious when a virus
infection was present. The viruses of the day, written
by amateurs, exhibited destructive behavior or pop-ups.
Modern viruses are often written by professionals, -
1.3.7 Rootkits
Detecting rootkits is a major challenge for anti-virus programs. Rootkits have full administrative access to the
computer and are invisible to users and hidden from the
list of running processes in the task manager. Rootkits can modify the inner workings of the operating system[120] and tamper with antivirus programs.
copies;[121] installed software that is damaged requires reinstallation[122] (however, see System File Checker).
1.3.9
Firmware issues
antivirus systems and make no attempt to identify or remove anything. They may protect against infection from
outside the protected computer or network, and limit
1.4 Performance and other draw- the activity of any malicious software which is present
by blocking incoming or outgoing requests on certain
backs
TCP/IP ports. A rewall is designed to deal with broader
system threats that come from network connections into
Antivirus software has some drawbacks, rst of which the system and is not an alternative to a virus protection
that it can impact a computers performance.[129]
system.
Furthermore, inexperienced users can be lulled into a
false sense of security when using the computer, considering themselves to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect deci- 1.5.2 Cloud antivirus
sion may lead to a security breach. If the antivirus software employs heuristic detection, it must be ne-tuned to Cloud antivirus is a technology that uses lightweight
minimize misidentifying harmless software as malicious agent software on the protected computer, while of(false positive).[130]
oading the majority of data analysis to the providers
[132]
Antivirus software itself usually runs at the highly trusted infrastructure.
kernel level of the operating system to allow it access to One approach to implementing cloud antivirus involves
all the potential malicious process and les, creating a po- scanning suspicious les using multiple antivirus engines.
tential avenue of attack.[131]
This approach was proposed by an early implementation
of the cloud antivirus concept called CloudAV. CloudAV
was designed to send programs or documents to a network
cloud where multiple antivirus and behavioral detection
1.5 Alternative solutions
programs are used simultaneously in order to improve detection rates. Parallel scanning of les using potentially
Installed antivirus solutions, running on an individual
incompatible antivirus scanners is achieved by spawncomputers, although the most used, is only one method
ing a virtual machine per detection engine and therefore
of guarding against malware. Other alternative solutions
eliminating any possible issues. CloudAV can also perare also used, including: Unied Threat Management
form retrospective detection, whereby the cloud detec(UTM), hardware and network rewalls, Cloud-based antion engine rescans all les in its le access history when a
tivirus and on-line scanners.
new threat is identied thus improving new threat detection speed. Finally, CloudAV is a solution for eective
virus scanning on devices that lack the computing power
1.5.1 Hardware and network Firewall
to perform the scans themselves.[133]
Network rewalls prevent unknown programs and pro- Some examples of cloud anti-virus products are Panda
cesses from accessing the system. However, they are not Cloud Antivirus and Immunet.
1.5.3
Online scanning
Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical
areas only, local disks, folders or les. Periodic online
scanning is a good idea for those that run antivirus applications on their computers because those applications are
frequently slow to catch threats. One of the rst things
that malicious software does in an attack is disable any
existing antivirus software and sometimes the only way
to know of an attack is by turning to an online resource
that is not installed on the infected computer.[134]
1.5.4
Specialist tools
to medium-sized business did not use antivirus protection at that time, whereas more than 80% of home users
had some kind of antivirus installed.[142] According to
a sociological survey conducted by G Data Software in
2010 49% of women did not use any antivirus program
at all.[143]
Virus hoax
A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus software outside of the installed operating system, in order to remove infections while they are dormant. A bootable
antivirus disk can be useful when, for example, the installed operating system is no longer bootable or has
malware that is resisting all attempts to be removed by
the installed antivirus software. Examples of some of
these bootable disks include the Avira AntiVir Rescue System,[136] PCTools Alternate Operating System Scanner,[139]
and AVG Rescue CD.[140] The AVG Rescue CD software
can also be installed onto a USB storage device, that is
bootable on newer computers.[140]
1.8 References
[1] lifehacker: The Dierence Between Antivirus and AntiMalware (and Which to Use)
[2] What is antivirus software?". Microsoft.
[3] John von Neumann: Theory of self-reproducing automata (1949)
[4] Thomas Chen, Jean-Marc Robert (2004). The Evolution
of Viruses and Worms. Retrieved 2009-02-16.
[5] From the rst email to the rst YouTube video: a denitive
internet history. Tom Meltzer and Sarah Phillips. The
Guardian. 23 October 2009
[6] IEEE Annals of the History of Computing, Volumes 2728. IEEE Computer Society, 2005. 74. Retrieved from
Google Books on 13 May 2011. "[...]from one machine to
another led to experimentation with the Creeper program,
which became the worlds rst computer worm: a computation that used the network to recreate itself on another
node, and spread from node to node.
[7] John Metcalf (2014). Core War: Creeper & Reaper.
Retrieved 2014-05-01.
1.8. REFERENCES
[35] SAM Identies Virus-Infected Files, Repairs Applications, InfoWorld, May 22, 1989
[36] SAM Update Lets Users Program for New Viruses, InfoWorld, Feb 19, 1990
[24] McAfee Becomes Intel Security. McAfee Inc. Retrieved 15 January 2014.
[53] The digital detective: Mikko Hypponens war on malware is escalating. (March 2012, Wired)
[54] James Lyne: Everyday cybercrime and what you can
do about it (February 2013, TED)
[55] Szor 2005, pp. 6667
[56] New virus travels in PDF les. 7 August 2001. Retrieved 2011-10-29.
[57] Slipstick Systems (February 2009). Protecting Microsoft
Outlook against Viruses. Archived from the original on
2 June 2009. Retrieved 2009-06-18.
[58] Jon Oberheide: CloudAV: N-Version Antivirus in the
Network Cloud (2008, Usenix)
[59] TECHNOLOGY OVERVIEW. AVG Security. Retrieved 16 February 2015.
10
[60] NetworkWorld, Ellen Messmer, August 19, 2014:"Startup oers up endpoint detection and response for behaviorbased malware detection
[61] HSToday.US, Kylie Bull, June 19, 2014:"Bromium Research Reveals Insecurity In Existing Endpoint Malware
Protection Deployments
[62] Sandboxing against unknown zero day threats. Retrieved 2015-01-30.
[63] Szor 2005, pp. 474481
[64] A Machine Learning Approach to Anti-virus System
[65] Data Mining Methods for Malware Detection
[66] Data mining and Machine Learning in Cybersecurity
[67] Analysis of Machine learning Techniques Used in
Behavior-Based Malware Detection
[68] A survey of data mining techniques for malware detection
using le features
[69] Intelligent automatic malicious code signatures extraction
[70] Malware Detection by Data Mining Techniques Based on
Positionally Dependent Features
[71] Data mining methods for detection of new malicious executables
[72] IMDS: Intelligent Malware Detection System
[73] Learning to Detect and Classify Malicious Executables in
the Wild
[74] Malware detection using statistical analysis of byte-level
le content
[75] An intelligent PE-malware detection system based on association mining
[76] Malware detection based on mining API calls
[77] Andromaly": a behavioral malware detection framework
for android devices
[78] Szor 2005, pp. 252288
[79] Generic detection. Kaspersky. Retrieved 2013-07-11.
[80]
[81]
[82]
[83]
[84]
1.9. BIBLIOGRAPHY
11
[105] Upgrading to Microsoft Windows Vista recommended [126] Phrack Inc. Persistent BIOS Infection. June 1, 2009.
steps.. Retrieved 24 March 2012.
Archived from the original on 30 April 2011. Retrieved
2011-03-06.
[106] How to troubleshoot problems during installation when
you upgrade from Windows 98 or Windows Millennium [127] Turning USB peripherals into BadUSB. Retrieved
2014-10-11.
Edition to Windows XP. Last Review: May 7, 2007.
Retrieved 24 March 2012. Check date values in: |date=
[128] Why the Security of USB Is Fundamentally Broken.
(help) Mentioned within General troubleshooting.
2014-07-31. Retrieved 2014-10-11.
[107] Troubleshooting. Retrieved 2011-02-17.
[129] How Antivirus Software Can Slow Down Your Computer. Support.com Blog. Retrieved 2010-07-26.
[108] Spyware, Adware, and Viruses Interfering with Steam.
Retrieved 11 April 2013. Steam support page.
[130] Softpedia Exclusive Interview: Avira 10. Ionut Ilascu.
Softpedia. 14 April 2010. Retrieved 2011-09-11.
[109] Field Notice: FN - 63204 - Cisco Clean Access has Interoperability issue with Symantec Anti-virus - delays Agent
[131] Norton AntiVirus ignores malicious WMI instructions.
start-up
Munir Kotadia. CBS Interactive. 21 October 2004. Retrieved 2009-04-05.
[110] Dan Goodin (December 21, 2007). Anti-virus protection gets worse. Channel Register. Retrieved 2011-02[132] Zeltser, Lenny (October 2010). What Is Cloud Anti24.
Virus and How Does It Work?". Archived from the original on 10 October 2010. Retrieved 2010-10-26.
[111]
[112] Dan Illett (July 13, 2007). Hacking poses threats to busi- [133] Jon Erickson (August 6, 2008). Antivirus Software
Heads for the Clouds. Information Week. Retrieved
ness. Computer Weekly. Retrieved 2009-11-15.
2010-02-24.
[113] Tom Espiner (June 30, 2008). Trend Micro: Antivirus
industry lied for 20 years. ZDNet. Retrieved 2014-09- [134] Brian Krebs (March 9, 2007). Online Anti-Virus Scans:
A Free Second Opinion. Washington Post. Retrieved
27.
2011-02-24.
[114] AV Comparatives (December 2013). Whole Prod[135] Ryan Naraine (February 2, 2007). Trend Micro ships
uct Dynamic Real World Production Test (PDF).
free 'rootkit buster'". ZDNet. Retrieved 2011-02-24.
Archived (PDF) from the original on 2 January 2013. Retrieved 2 January 2014.
[136] Neil J. Rubenking (March 26, 2010). Avira AntiVir Per[115] Guidelines released for antivirus software tests
[116] Harley, David (2011). AVIEN Malware Defense Guide for
the Enterprise. Elsevier. p. 487. ISBN 9780080558660.
Retrieved 2013-06-10.
[117] Kotadia, Munir (July 2006). Why popular antivirus apps
'do not work'". Retrieved 14 April 2010.
[118] The Canadian Press (April 2010). Internet scam uses
adult game to extort cash. CBC News. Archived from the
original on 18 April 2010. Retrieved 17 April 2010.
[119] Researchers up evilness ante with GPU-assisted malware
- Coming to a PC near you, by Dan Goodin
[120] GIBSON RESEARCH CORPORATION SERIES: Security Now!
[121] Cryptolocker Ransomware: What You Need To Know.
Retrieved 2014-03-28.
[122] How Anti-Virus Software Works. Retrieved 2011-02- [143] Nearly 50% of women don't use antivirus. SPAM16.
ghter.
[123] BT Home Hub Firmware Upgrade Procedure. Retrieved 2011-03-06.
[124] The 10 faces of computer malware. July 17, 2009. Retrieved 2011-03-06.
[125] New BIOS Virus Withstands HDD Wipes. 27 March
2009. Retrieved 2011-03-06.
1.9 Bibliography
Szor, Peter (2005), The Art of Computer Virus Research and Defense, Addison-Wesley, ISBN 0-32130454-3
12
Chapter 2
Application security
Asset. A resource of value such as the data in a
database or on the le system, or a system resource.
2.1 Methodology
According to the patterns & practices Improving Web Application Security book, a principle-based approach for
application security includes:[1]
OWASP, a leading application security industry authority, has acknowledged and prioritized the need for mobile
application security, and recommended binary protection
Incorporating security into your software develop- to mitigate the business and technical risks that mobile
ment process
apps face. See Mobile Security Project - Top Ten Mobile
Risks for Top Ten Mobile Risks based on new vulneraNote that this approach is technology / platform indepen- bility statistics in the eld of mobile applications.
dent. It is focused on principles, patterns, and practices. The proportion of mobile devices providing open platform functionality is expected to continue to increase in
future. The openness of these platforms oers signicant
2.2 Threats, Attacks, Vulnerabili- opportunities to all parts of the mobile eco-system by delivering the ability for exible program and service delivties, and Countermeasures
ery options that may be installed, removed or refreshed
multiple times in line with the users needs and requireAccording to the patterns & practices Improving Web Ap- ments. However, with openness comes responsibility and
plication Security book, the following terms are relevant unrestricted access to mobile resources and APIs by apto application security:[1]
plications of unknown or untrusted origin could result in
Securing the network, host and application..
13
14
damage to the user, the device, the network or all of these,
if not managed by suitable security architectures and network precautions. Application security is provided in
some form on most open OS mobile devices (Symbian
OS,[2] Microsoft, [3] BREW, etc.). Industry groups have
also created recommendations including the GSM Association and Open Mobile Terminal Platform (OMTP).[4]
The two types of automated tools associated with application vulnerability detection (application vulnerability scanners) are Penetration Testing Tools (often categorized as Black Box Testing Tools) and static code analyThere are several strategies to enhance mobile application sis tools (often categorized as White Box Testing Tools).
security including
Tools for Black Box Testing include IBM Rational AppScan, HP Application Security Center[5] suite of applications (through the acquisition of SPI Dynamics[6] ), N Application white listing
Stalker Web Application Security Scanner (original de Ensuring transport layer security
velopers of N-Stealth back in 2000), Nikto (open source),
and NTObjectives.
Strong authentication and authorization
[7][8]
Static code analysis tools include Coverity,[9]
Encryption of data when written to memory
Polyspace,[10] ECLAIR,[11] GrammaTech,[12] Fortify
Software, Klocwork,[13] Parasoft,[14] and Veracode.[15]
Sandboxing of applications
According to Gartner Research,[16] "...next-generation
Granting application access on a per-API level
modern Web and mobile applications requires a combination of SAST and DAST techniques, and new in Processes tied to a user ID
teractive application security testing (IAST) approaches
Predened interactions between the mobile applica- have emerged that combine static and dynamic techniques to improve testing..., including: Contrast [17]
tion and the OS
and Quotium Technologies.[18] Because IAST combines
Requiring user input for privileged/elevated access SAST and DAST techniques, the results are highly actionable, can be linked to the specic line of code, and
Proper session handling
can be recorded for replay later for developers.
Vulnerability scanners, and more specically web application scanners, otherwise known as penetration testing
tools (i.e. ethical hacking tools) have been historically
used by security organizations within corporations and
security consultants to automate the security testing of
http request/responses; however, this is not a substitute
for the need for actual source code review. Physical code
reviews of an applications source code can be accomplished manually or in an automated fashion. Given the
common size of individual programs (often 500,000 lines
of code or more), the human brain can not execute a comprehensive data ow analysis needed in order to completely check all circuitous paths of an application program to nd vulnerability points. The human brain is
suited more for ltering, interrupting and reporting the
The advances in professional Malware targeted at the
outputs of automated source code analysis tools available
15
ISO/IEC 9798-2:1999 Information technology -Security techniques -- Entity authentication -- Part
2: Mechanisms using symmetric encipherment algorithms
ISO/IEC 9798-3:1998 Information technology -- Security techniques -- Entity authentication -- Part 3:
Mechanisms using digital signature techniques
ISO/IEC 9798-4:1999 Information technology -- Security techniques -- Entity authentication -- Part 4:
Mechanisms using a cryptographic check function
ISO/IEC 9798-5:2004 Information technology -- Security techniques -- Entity authentication -- Part 5:
Mechanisms using zero-knowledge techniques
ISO/IEC 9798-6:2005 Information technology -- Security techniques -- Entity authentication -- Part 6:
Mechanisms using manual data transfer
ISO/IEC 14888-1:1998 Information technology - Security techniques -- Digital signatures with appendix -- Part 1: General
ISO/IEC 14888-2:1999 Information technology - Security techniques -- Digital signatures with appendix -- Part 2: Identity-based mechanisms
ISO/IEC 14888-3:2006 Information technology - Security techniques -- Digital signatures with appendix -- Part 3: Discrete logarithm based mechanisms
ISO/IEC 27001:2005 and ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements
ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information
security management
ISO/IEC 24762:2008 Information technology -- Security techniques -- Guidelines for information and
communications technology disaster recovery services - now withdrawn.
ISO/IEC 27006:2007 Information technology -- Security techniques -- Requirements for bodies providing audit and certication of information security
management systems
ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for ICT readiness for
Business Continuity
16
ISO/IEC TR 24772:2013 Information technology
Programming languages Guidance to avoiding
vulnerabilities in programming languages through
language selection and use
Gramm-Leach-Bliley Act
PCI Data Security Standard (PCI DSS)
Data security
[17] http://www.ContrastSecurity.com
Database security
[18] http://www.quotium.com
Information security
Trustworthy Computing Security Development
Lifecycle
Web application
Web application framework
XACML
HERAS-AF
2.9 References
[1] Improving Web Application Security: Threats and Countermeasures, published by Microsoft Corporation.
[2] Platform Security Concepts, Simon Higginson.
[3] Windows Phone 8.1 Security Overview
[4] Application Security Framework, Open Mobile Terminal
Platform
[5] Application security: Find web application security vulnerabilities during every phase of the software development lifecycle, HP center
[6] HP acquires SPI Dynamics, CNET news.com
[7] http://www.securityweek.com/
web-application-scanners-challenged-modern-web-technologies
[8] http://www.ntobjectives.com/security-software/
ntospider-application-security-scanner/
[9] http://www.coverity.com/products Coverity Static Analysis
[10] http://www.mathworks.com/products/polyspace/index.
html Polyspace Static Analysis
[11] http://bugseng.com/products/eclair ECLAIR Software
Verication Platform
Chapter 3
Backdoor (computing)
A backdoor in a computer system (or cryptosystem
or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and
so on, while attempting to remain undetected. The
backdoor may take the form of a hidden part of a
program,[1] a separate program (e.g., Back Orice) may
subvert the system through a rootkit[2]
18
3.1.2
tem, and can be inserted during the system booting process; these are also mentioned in Karger & Schell (1974),
and now exist in the form of boot sector viruses.[9]
19
that trust is relative, and the only software one can truly
trust is code where every step of the bootstrapping has
been inspected. This backdoor mechanism is based on
the fact that people only review source (human-written)
code, and not compiled machine code (object code). A
program called a compiler is used to create the second
from the rst, and the compiler is usually trusted to do an
honest job.
3.2.2
Countermeasures
20
[18] Sinegubko, Denis. Joomla Plugin Constructor Backdoor. Securi. Retrieved 13 March 2015.
3.4 References
[1] Chris Wysopal, Chris Eng. Static Detection of Application Backdoors (PDF). Veracode. Retrieved 2015-0314.
[2] .wired.com: How a Crypto Backdoor Pitted the Tech
World Against the NSA (Zetter) 24 Sep 2013
[3] http://blog.erratasec.com/2012/05/
bogus-story-no-chinese-backdoor-in.html
[4] H.E. Petersen, R. Turn. System Implications of Information Privacy. Proceedings of the AFIPS Spring Joint
Computer Conference, vol. 30, pages 291300. AFIPS
Press: 1967.
[5] Security Controls for Computer Systems, Technical Report
R-609, WH Ware, ed, Feb 1970, RAND Corp.
[6] Larry McVoy (November 5, 2003) Linux-Kernel Archive:
Re: BK2CVS problem. ussg.iu.edu
[7] Thwarted Linux backdoor hints at smarter hacks; Kevin
Poulsen; SecurityFocus, 6 November 2003.
[8] replicant.us: Samsung Galaxy Back-door 28 Jan 2014
[9] Karger & Schell 2002.
[20] Interbase Server Contains Compiled-in Back Door Account. http://www.cert.org/''. Retrieved 13 March 2015.
David A. Wheelers Page on Fully Countering Trusting Trust through Diverse DoubleCompilingAuthors 2009 Ph.D. thesis at George
Mason University
Chapter 4
Black hat
Blackhat redirects here.
Blackhat (lm).
4.1 References
[1] Moore, Robert (2005). Cybercrime: Investigating High
Technology Computer Crime. Matthew Bender & Company. p. 258. ISBN 1-59345-303-5.Robert Moore
[2] Moore, Robert (2006). Cybercrime: Investigating HighTechnology Computer Crime (1st ed.). Cincinnati, Ohio:
Anderson Publishing. ISBN 978-1-59345-303-9.
[3] O'Brien, Marakas, James, George (2011). Management
Information Systems. New York, NY: McGraw-Hill/ Irwin. pp. 536537. ISBN 978-0-07-752217-9.
21
Chapter 5
Black Hat Briengs is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with
hackers. The Briengs take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo.[1] An event dedicated to the US federal agencies is organized in Washington, D.C.[2]
such as
5.1 History
Black Hat was founded in 1997 by Je Moss, who also
founded DEF CON. Today, Moss is the Conference
Chair of the Black Hat Review Board.[3] These are considered the premier information security conferences in
the world. Black Hat started as a single annual conference in Las Vegas, Nevada and is now held in multiple
locations around the world.[4]
There is now more focus on tools that can be used or protected, so a new type of conferences called Black Hat Arsenal Briengs has been added since 2011.[11] See here
Blackhat Arsenal Archives since 2011 on ToolsWatch
website.[12]
22
23
[11] https://www.blackhat.com/html/bh-us-11/
bh-us-11-arsenal.html
[12] https://www.toolswatch.org/category/arsenal/
[13] Hanging with hackers can make you paranoid. CNN. 4
August 2009.
[14] Security Expert: PC Media Players Full of Holes. Fox
News. 3 August 2007.
[15] Microsoft Dares Security Experts to Find Holes in Windows Vista. Fox News. 4 August 2006.
5.7 References
[1] https://www.blackhat.com/html/archives.html
[2] Computer Security Conferences Attract Both Hackers,
Anti-Hackers. Fox News. 4 August 2006.
[3] http://www.blackhat.com/review-board.html
[4] http://www.blackhat.com/html/bh-about/about.html
[5] http://www.blackhat.com/html/bh-dc-09/
train-bh-dc-09-index.html
[6] http://www.blackhat.com/html/bh-europe-09/
train-bh-eu-09-index.html
[7] http://news.prnewswire.com/ViewContent.aspx?
ACCT=109&STORY=/www/story/07-10-2009/
0005057983&EDATE=
[8] Commander of U.S. Cyber Command and National Security Agency Director, General Keith Alexander, To
Keynote Day One of Black Hat USA 2013 (Press release). WWBT-TV NBC 12, WorldNow (Gannaway).
May 14, 2013. Retrieved June 13, 2013.
[9] http://blogs.cisco.com/security/black_hat_usa_2009_
summary/
[10] http://blogs.cisco.com/security/black_hat_usa_2010_
summary1/
Ocial website
Chapter 6
Botnet
A botnet is a number of Internet-connected computers
communicating with other similar machines in an eort
to complete repetitive tasks and objectives. This can be
as mundane as keeping control of an Internet Relay Chat
(IRC) channel, or it could be used to send spam email or
participate in distributed denial-of-service attacks. The
word botnet is a combination of the words robot and
network. The term is usually used with a negative or malicious connotation.
Legal botnets
6.1.2
Illegal botnets
Botnets sometimes compromise computers whose security defenses have been breached and control conceded
to a third party. Each such compromised device, known
as a "bot", is created when a computer is penetrated by
software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network
protocols such as IRC and Hypertext Transfer Protocol
(HTTP).[1]
6.2 Recruitment
Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by
luring users into making a drive-by download, exploiting
web browser vulnerabilities, or by tricking the user into
6.3 Organization
While botnets are often named after the malware that created them, multiple botnets typically use the same malware, but are operated by dierent entities.[4]
A botnets originator (known as a "bot herder" or bot
master) can control the group remotely, usually through
IRC, and often for criminal purposes. This server is
known as the command-and-control (C&C) server.
Though rare, more experienced botnet operators program command protocols from scratch. These protocols include a server program, a client program for operation, and the program that embeds the client on the
victims machine. These communicate over a network,
using a unique encryption scheme for stealth and protection against detection or intrusion into the botnet.
A bot typically runs hidden and uses a covert channel
(e.g. the RFC 1459 (IRC) standard, Twitter, or IM) to
communicate with its C&C server. Generally, the perpetrator has compromised multiple systems using various tools (exploits, buer overows, as well as others; see
also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities
and weak passwords. Generally, the more vulnerabilities
a bot can scan and propagate through, the more valuable
it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a botnet is sometimes referred to
as scrumping.
24
25
mining bitcoins, spamdexing, and the theft of application
serial numbers, login IDs, and nancial information such
as credit card numbers.
1. A botnet operator sends out viruses or worms, infecting ordinary users computers, whose payload is
a malicious applicationthe bot.
2. The bot on the infected PC logs into a particular
C&C server.
E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious.
Click fraud occurs when the users computer visits
websites without the users awareness to create false
web trac for personal or commercial gain.
Fast ux is a DNS technique used by botnets to hide
phishing and malware delivery sites behind an everchanging network of compromised hosts acting as
proxies.
4. The spammer provides the spam messages to the operator, who instructs the compromised machines via
the control panel on the web server, causing them to
send out spam messages.
Botnets can be exploited for various other purposes, including denial-of-service attacks, creation or misuse of
SMTP mail relays for spam (see Spambot), click fraud,
26
CHAPTER 6. BOTNET
Exploiting systems by observing users playing online tempts to investigate them, reacting perhaps with a DDoS
games such as poker and see the players cards.[11]
attack on the IP address of the investigator.
Researchers at Sandia National Laboratories are analyzing botnets behavior by simultaneously running one million Linux kernelsa similar scale to a botnetas virtual
6.6 Countermeasures
machines on a 4,480-node high-performance computer
cluster to emulate a very large network, allowing them
The geographic dispersal of botnets means that each reto watch how botnets work and experiment with ways to
cruit must be individually identied/corralled/repaired
stop them.[14]
and limits the benets of ltering. Some botnets use free
DNS hosting services such as DynDns.org, No-IP.com,
and Afraid.org to point a subdomain towards an IRC
server that harbors the bots. While these free DNS ser- 6.7 Historical list of botnets
vices do not themselves host attacks, they provide reference points (often hard-coded into the botnet executable).
Researchers at the University of California, Santa
Removing such services can cripple an entire botnet.
Barbara took control of a botnet that was six times
Some botnets implement custom versions of well-known
smaller than expected. In some countries, it is comprotocols. The implementation dierences can be used
mon that users change their IP address a few times
for detection of botnets. For example, Mega-D features a
in one day. Estimating the size of the botnet by the
slightly modied SMTP protocol implementation for testnumber of IP addresses is often used by researchers,
ing spam capability. Bringing down the Mega-D's SMTP
possibly leading to inaccurate assessments.[37]
server disables the entire pool of bots that rely upon the
same SMTP server.[12]
The botnet server structure mentioned above has inherent
vulnerabilities and problems. For example, nding one 6.8 Trivia
server with one botnet channel can often reveal the other
servers, as well as their bots. A botnet server structure On 4chans technology board, the term botnet is often
that lacks redundancy is vulnerable to at least the tempo- used to indicate proprietary software, bloatware, and even
rary disconnection of that server. However, recent IRC online services with dubious privacy practices.
server software includes features to mask other connected
servers and bots, eliminating that approach.
Security companies such as Aerent Security Labs,
Symantec, Trend Micro, FireEye, Umbra Data, Cyren,
and Damballa have announced oerings to counter botnets. Norton AntiBot was aimed at consumers, but most
target enterprises and/or ISPs. Host-based techniques use
heuristics to identify bot behavior that has bypassed conventional anti-virus software. Network-based approaches
tend to use the techniques described above; shutting down
C&C servers, nullrouting DNS entries, or completely
shutting down IRC servers. BotHunter is software, developed with support from the U.S. Army Research Oce,
that detects botnet activity within a network by analysing
network trac and comparing it to patterns characteristic
of malicious processes.
Some newer botnets are almost entirely P2P. Command
and control is embedded into the botnet rather than relying on external servers, thus avoiding any single point
of failure and evading many countermeasures.[13] Commanders can be identied just through secure keys, and
all data except the binary itself can be encrypted. For
example, a spyware program may encrypt all suspected
passwords with a public key that is hard-coded into it, or
distributed with the bot software. Only with the private
key (known only by the botnet operators) can the data
captured by the bot be read.
Some botnets are capable of detecting and reacting to at-
6.10. REFERENCES
27
6.10 References
[1] Ramneek, Puri (2003-08-08). Bots &; Botnet: An
Overview (PDF). SANS Institute. Retrieved 12 November 2013.
[2] Teresa Dixon Murray. Banks can't prevent cyber attacks
like those hitting PNC, Key, U.S. Bank this week. Cleveland.com. Retrieved 2 September 2014.
[3] Credeur, Mary. Atlanta Business Chronicle, Sta
Writer. bizjournals.com. Retrieved 22 July 2002.
[4] Many-to-Many Botnet Relationships, Damballa, 8 June
2009.
[5] what is a Botnet trojan?". DSL Reports. Retrieved 7
April 2011.
[6] Botnet Communication Topologies, Damballa, 10 June
2009.
[7] Hackers Strengthen Malicious Botnets by Shrinking
Them (PDF). Computer; News Briefs (IEEE Computer
Society). April 2006. Retrieved 12 November 2013. The
size of bot networks peaked in mid-2004, with many using
more than 100,000 infected machines, according to Mark
Sunner, chief technology ocer at MessageLabs.The average botnet size is now about 20,000 computers, he said.
[8] Trojan horse, and Virus FAQ. DSLReports. Retrieved
7 April 2011.
[9] Operation Aurora The Command Structure.
Damballa.com. Retrieved 30 July 2010.
[10] Larkin, Erik (2009-02-10). Fake Infection Warnings
Can Be Real Trouble. PCWorld. Retrieved 10 November 2011.
[11] 8 Jul 2010 (2010-07-08). Korean Poker Hackers Arrested. Poker.gamingsupermarket.com. Retrieved 10
November 2011.
[12] C.Y. Cho, D. Babic, R. Shin, and D. Song. Inference and
Analysis of Formal Models of Botnet Command and Control Protocols, 2010 ACM Conference on Computer and
Communications Security.
[13] Wang, Ping et al (2010). Peer-to-peer botnets. In
Stamp, Mark & Stavroulakis, Peter. Handbook of Information and Communication Security. Springer. ISBN
9783642041174.
[14] Researchers Boot Million Linux Kernels to Help Botnet
Research. IT Security & Network Security News. 200908-12. Retrieved 23 April 2011.
[15] http://phys.org/news/
2015-02-eu-police-malicious-network.html
[16] Infosecurity (UK) - BredoLab downed botnet linked with
Spamit.com. .canada.com. Retrieved 10 November
2011.
[17] How FBI, police busted massive botnet.
ter.co.uk. Retrieved 3 March 2010.
[18] Calculating the Size of the Downadup Outbreak FSecure Weblog : News from the Lab. F-secure.com.
2009-01-16. Retrieved 24 April 2010.
theregis-
28
CHAPTER 6. BOTNET
Chapter 7
Computer crime
Computer crime, or cybercrime, is any crime that involves a computer and a network.[1] The computer may
have been used in the commission of a crime, or it
may be the target.[2] Netcrime is criminal exploitation
of the Internet, inherently a cybercrime.[3] Dr. Debarati
Halder and Dr. K. Jaishankar (2011) dene Cybercrimes
as: Oences that are committed against individuals or
groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental harm, or loss, to the victim directly or indirectly,
using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups)
and mobile phones (SMS/MMS)".[4] Such crimes may
threaten a nations security and nancial health.[5] Issues
surrounding these types of crimes have become highprole, particularly those surrounding hacking, copyright
infringement, child pornography, and child grooming.
There are also problems of privacy when condential information is intercepted or disclosed, lawfully or otherwise. Dr.Debarati Halder and Dr.K.Jaishankar(2011)
further dene cybercrime from the perspective of gender
and dened 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm
the victim psychologically and physically, using modern
telecommunication networks such as internet and mobile
phones.[4]
7.1 Classication
Computer crime encompasses a broad range of activities.
30
through several recent events of geo-strategic signicance. Among those are included, the attack on Estonia's
infrastructure in 2007, allegedly by Russian hackers. In
August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic
and non-kinetic campaign against the country of Georgia.
Fearing that such attacks may become the norm in future
warfare among nation-states, the concept of cyberspace
operations impacts and will be adapted by warghting
military commanders in the future.[12]
Cyberterrorism in general, can be dened as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks
during the holidays can be considered cyberterrorism. As
well there are also hacking activities directed towards individuals, families, organized by groups within networks,
tending to cause fear among people, demonstrate power,
7.1.5 Computer as a target
collecting information relevant for ruining peoples lives,
robberies, blackmailing etc.[10]
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these
crimes requires the technical knowledge of the perpetra7.1.3 Cyberextortion
tors. These crimes are relatively new, having been in existence for only as long as computers have - which exCyberextortion occurs when a website, e-mail server, or plains how unprepared society and the world in general
computer system is subjected to repeated denial of ser- is towards combating these crimes. There are numerous
vice or other attacks by malicious hackers, who demand crimes of this nature committed daily on the internet:
money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyberex- Crimes that primarily target computer networks or detortionists are increasingly attacking corporate websites vices include:
and networks, crippling their ability to operate and de Computer viruses
manding payments to restore their service. More than 20
cases are reported each month to the FBI and many go
Denial-of-service attacks
unreported in order to keep the victims name out of the
public domain. Perpetrators typically use a distributed
Malware (malicious code)
denial-of-service attack.[11]
An example of cyberextortion was the attack on Sony Pic7.1.6
tures of 2014.
7.1.4
Cyberwarfare
Computer as a tool
Information warfare
Phishing scams
Spam
7.1. CLASSIFICATION
31
Propagation of illegal obscene or oensive content, sentence according to the U.S. Sentencing Guidelines
including harassment and threats
Manual 2G1.3(b)(3)[17] for his use of a cell phone to
persuade, induce, entice, coerce, or facilitate the travel
The unsolicited sending of bulk email for commercial of, the minor to engage in prohibited sexual conduct.
Kramer argued that this claim was insucient because
purposes (spam) is unlawful in some jurisdictions.
his charge included persuading through a computer dePhishing is mostly propagated via email. Phishing emails vice and his cellular phone technically is not a computer.
may contain links to other websites that are aected by Although Kramer tried to argue this point, U.S. Senmalware.[14] Or, they may contain links to fake online tencing Guidelines Manual states that the term computer
banking or other websites used to steal private account means an electronic, magnetic, optical, electrochemical,
information.
or other high speed data processing device performing
logical, arithmetic, or storage functions, and includes
any data storage facility or communications facility diObscene or oensive content
rectly related to or operating in conjunction with such
[18]
The content of websites and other electronic communica- device.
tions may be distasteful, obscene or oensive for a variety Connecticut was the rst state to pass a statute making
of reasons. In some instances these communications may it a criminal oense to harass someone by computer.
be legal.
Michigan, Arizona, and Virginia and South Carolina[19]
Over 25 jurisdictions within the USA place limits on cer- have also passed laws banning harassment by electronic
[20][21]
tain speech and ban racist, blasphemous, politically sub- means.
versive, libelous or slanderous, seditious, or inammatory Harassment as dened in the U.S. computer statutes is
material that tends to incite hate crimes.
typically distinct from cyberbullying, in that the former
The extent to which these communications are unlawful usually relates to a persons use a computer or computer
varies greatly between countries, and even within nations. network to communicate obscene, vulgar, profane, lewd,
It is a sensitive area in which the courts can become in- lascivious, or indecent language, or make any suggestion
volved in arbitrating between groups with strong beliefs. or proposal of an obscene nature, or threaten any illegal or
immoral act, while the latter need not involve anything
One area of Internet pornography that has been the target of a sexual nature.
of the strongest eorts at curtailment is child pornography.
Threats
Harassment Whereas content may be oensive in
a non-specic way, harassment directs obscenities and
derogatory comments at specic individuals focusing for
example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyberbullying, cyberstalking, hate crime, online
predator, and stalking). Any comment that may be
found derogatory or oensive is considered harassment.
Harassment targeting women and children in the internet also includes revenge pornography. Dr.Debarati
Halder and Dr.K.Jaishankar (2013) dened online revenge pornography as an act whereby the perpetrator
satises his anger and frustration for a broken relationship through publicising false, sexually provocative portrayal of his/her victim, by misusing the information that
he may have known naturally, and that he may have stored
in his personal computer, or may have been conveyed to
his electronic device by the victim herself, or may have
been stored in the device with the consent of the victim
herself; and which may essentially have been done to publicly defame the victim..[15][16]
There are instances where committing a crime, which involves the use of a computer, can lead to an enhanced
sentence. For example, in the case of United States
v. Neil Scott Kramer, Kramer was served an enhanced
32
reopened under new management, and then shut down by bad.[25] It oers web hosting services and internet aclaw enforcement again).
cess to all kinds of criminal and objectionable activities,
The rise in Internet drug trades could also be attributed to with an individual activities earning up to $150 million in
the lack of face-to-face communication. These virtual ex- one year. It specialized in and in some cases monopolized
changes allow more intimidated individuals to more com- personal identity theft for resale. It is the originator of
fortably purchase illegal drugs. The sketchy eects that MPack and an alleged operator of the now defunct Storm
are often associated with drug trades are severely mini- botnet.
mized and the ltering process that comes with physical On 2 March 2010, Spanish investigators arrested 3 in ininteraction fades away.
fection of over 13 million computers around the world.
The botnet of infected computers included PCs inside
more than half of the Fortune 1000 companies and more
than 40 major banks, according to investigators.
7.2 Documented cases
One of the highest proled banking computer crime occurred during a course of three years beginning in 1970.
The chief teller at the Park Avenue branch of New Yorks
Union Dime Savings Bank embezzled over $1.5 million
from hundreds of accounts.[23]
Diusion of Cybercrime
The broad diusion of cybercriminal activities is an issue in computer crimes detection and prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC
ISIS), technical expertise and accessibility no longer act
as barriers to entry into cybercrime.[32] Indeed, hacking is
much less complex than it was a few years ago, as hacking communities have greatly diused their knowledge
through the Internet. Blogs and communities have hugely
contributed to information sharing: beginners could benet from older hackers knowledge and advice. Furthermore, Hacking is cheaper than ever: before the cloud
computing era, in order to spam one needed a dedicated
server, skills in server management, network conguration and maintenance, knowledge of Internet service
provider standards, etc. By comparison, a mail softwareas-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and
could be easily set up for spam.[33] Jean-Loup Richet explains that cloud computing could be helpful for a cybercriminal as a way to leverage his attack - brute-forcing a
password, improve the reach of a botnet, or facilitating a
spamming campaign.[34]
7.3.2
Investigation
A computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for
criminal purposes, it may contain records of value to
criminal investigators in the form of a logle. In most
countries Internet Service Providers are required, by law,
to keep their logles for a predetermined amount of time.
For example; a European wide directive[35] (applicable to
all EU member states) states that all E-mail trac should
be retained for a minimum of 12 months.
33
United States by oering them work with this company.
Upon completion of the interview, the suspects were arrested outside of the building. Clever tricks like this are
sometimes a necessary part of catching cybercriminals
when weak legislation makes it impossible otherwise.[36]
President Barack Obama released in an executive order
in April 2015 to combat cybercrime. The executive order
allows the United States to freeze assets of convicted cybercriminals and block their economic activity within the
United States. This is some of the rst solid legislation
that combats cybercrime in this way.[37]
7.3.4 Penalties
Penalties for computer related crimes in New York State
can range from a ne and a short period of jail time for
a Class A misdemeanor such as unauthorized use of a
computer up to computer tampering in the rst degree
which is a Class C felony and can carry 3 to 15 years in
prison.[38][39]
However, some hackers have been hired as information
security experts by private companies due to their inside knowledge of computer crime, a phenomenon which
theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the internet or computers, even after they
have been released from prison though as computers
and the internet become more and more central to everyday life, this type of punishment may be viewed as more
and more harsh and draconian. However, nuanced approaches have been developed that manage cyberoender
behavior without resorting to total computer and/or Internet bans.[40] These approaches involve restricting individuals to specic devices which are subject to computer
monitoring and/or computer searches by probation and/or
parole ocers.[41]
Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries, such
as the Philippines, laws against cybercrime are weak or
sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain
undetected. Even when identied, these criminals avoid
being punished or extradited to a country, such as the
United States, that has developed laws that allow for prosecution. While this proves dicult in some cases, agencies, such as the FBI, have uses deception and subterfuge
to catch criminals. For example, two Russian hackers
had been evading the FBI for some time. The FBI set
up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the
Computer trespass
Cyber Cyberbullying
Cyberdefamation law
Cyberheist
Cyberterrorism
Economic and Industrial Espionage
Federal Bureau of Investigation (FBI)
34
Hacking
Immigration and Customs Enforcement (ICE)
Internet homicide
Internet stalking
Internet suicide
Internet War
INTERPOL
[12] http://www.carlisle.army.mil/DIME/documents/War%
20is%20War%20Issue%20Paper%20Final2.pdf
Metasploit Project
Online predator
[15]
Organized crime
Penetration test
Personal Jurisdiction over International Defendants
in US Courts
Police National E-Crime Unit
Protected computer
Techno-thriller
United States Secret Service
White collar crime
Sentencing
Guidelines
Manual
7.5 References
[1] Moore, R. (2005) Cyber crime: Investigating HighTechnology Computer Crime, Cleveland, Mississippi:
Anderson Publishing.
[2] Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p.
392. ISBN 0-201-70719-5.
[3] David Mann And Mike Sutton (2011-11-06).
Netcrime. Bjc.oxfordjournals.org. Retrieved 2011-1110.
[4]
35
Fanski, S. (2009) Computer Misuse: Response, regulation and the law Cullompton: Willan
Glenny, Misha, DarkMarket : cyberthieves, cybercops, and you, New York, NY : Alfred A. Knopf,
2011. ISBN 978-0-307-59293-4
Grabosky, P. (2006) Electronic Crime, New Jersey:
Prentice Hall
Halder, D., & Jaishankar, K. (2011) Cyber crime
and the Victimization of Women: Laws, Rights, and
Regulations. Hershey, PA, USA: IGI Global. ISBN
978-1-60960-830-9
Jaishankar, K. (Ed.) (2011). Cyber Criminology:
Exploring Internet Crimes and Criminal behavior.
Boca Raton, FL, USA: CRC Press, Taylor and Francis Group.
McQuade, S. (2006) Understanding and Managing
Cybercrime, Boston: Allyn & Bacon.
McQuade, S. (ed) (2009) The Encyclopedia of Cybercrime, Westport, CT: Greenwood Press.
Parker D (1983) Fighting Computer Crime, U.S.:
Charles Scribners Sons.
Pattavina, A. (ed) Information Technology and the
Criminal Justice System, Thousand Oaks, CA: Sage.
Paul Taylor. Hackers: Crime in the Digital Sublime
(November 3, 1999 ed.). Routledge; 1 edition. p.
200. ISBN 0-415-18072-4.
Robertson, J. (2010, March 2). Authorities bust 3 in
infection of 13m computers. Retrieved March 26,
2010, from Boston News: Boston.com
Walden, I. (2007) Computer Crimes and Digital Investigations, Oxford: Oxford University Press.
Roln, Daro N. Control, vigilancia y respuesta penal en el ciberespacio, Latin Americans New Security Thinking, Clacso, 2014, pp. 167/182
Richet, J.L. (2013) From Young Hackers to Crackers, International Journal of Technology and Human
Interaction (IJTHI), 9(3), 53-62.
Wall, D.S. (2007) Cybercrimes: The transformation
of crime in the information age, Cambridge: Polity.
Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online, Routledge, London.
Yar, M. (2006) Cybercrime and Society, London:
Sage.
36
Crime
from
le-
7.7.1
Government resources
Chapter 8
Computer security
Computer security, also known as cybersecurity or IT
security, is security applied to computing devices such
as computers and smartphones, as well as computer networks such as private and public networks, including the
whole Internet. The eld includes all the processes and
mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized
access, change or destruction, and is of growing importance due to the increasing reliance of computer systems
in most societies.[1] It includes physical security to prevent theft of equipment and information security to protect the data on that equipment. Those terms generally
do not refer to physical security, but a common belief
among computer security experts is that a physical security breach is one of the worst kinds of security breaches
as it generally allows full access to both data and equipment.
8.1 Vulnerabilities
Main article: Vulnerability (computing)
8.1.1 Backdoors
A backdoor in a computer system, a cryptosystem or an
algorithm, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain
undetected. A special form of asymmetric encryption attacks, known as kleptographic attack, resists to be useful
to the reverse engineer even after it is detected and analyzed.
38
An unauthorized user gaining physical access to a computer (or part thereof) can perform many functions or
install dierent types of devices to compromise security, including operating system modications, software
worms, keyloggers, and covert listening devices. The attacker can also easily download large quantities of data
onto backup media, like CD-R/DVD-R or portable devices such as ash drives, digital cameras or digital audio
8.1.2 Denial-of-service attack
players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable
Main article: Denial-of-service attack
media and read the data from the harddrive(s) this way.
The only way to prevent this is to encrypt the storage meUnlike other exploits, denial of service attacks are not dia and store the key separate from the system. Directused to gain unauthorized access or control of a system. access attacks are the only type of threat to air gapped
They are instead designed to render it unusable. Attack- computers in most cases.
ers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive
times to cause the victim account to be locked, or they
8.1.4 Eavesdropping
may overload the capabilities of a machine or network
and block all users at once. These types of attack are, in
practice, dicult to prevent, because the behaviour of Eavesdropping is the act of surreptitiously listening to a
whole networks needs to be analyzed, not just the be- private conversation, typically between hosts on a nethaviour of small pieces of code. Distributed denial of work. For instance, programs such as Carnivore and
service (DDoS) attacks, where a large number of compro- NarusInsight have been used by the FBI and NSA to
mised hosts (commonly referred to as "zombie comput- eavesdrop on the systems of internet service providers.
ers", used as part of a botnet with, for example, a worm, Even machines that operate as a closed system (i.e., with
trojan horse, or backdoor exploit to control them) are no contact to the outside world) can be eavesdropped
used to ood a target system with network requests, thus upon via monitoring the faint electro-magnetic transmisattempting to render it unusable through resource exhaus- sions generated by the hardware; TEMPEST is a specition, are common. Another technique to exhaust victim cation by the NSA referring to these attacks.
resources is through the use of an attack amplier, where
the attacker takes advantage of poorly designed protocols
on third-party machines, such as NTP or DNS, in order to 8.1.5 Spoong
instruct these hosts to launch the ood. Some vulnerabilities in applications or operating systems can be exploited Spoong of user identity describes a situation in which
to make the computer or application malfunction or crash one person or program successfully masquerades as anto create a denial-of-service.
other by falsifying data.
8.1.3
Direct-access attacks
8.1.6 Tampering
Tampering describes an intentional modication of products in a way that would make them harmful to the consumer.
8.1.7 Repudiation
Repudiation describes a situation where the authenticity
of a signature is being challenged.
Information disclosure (privacy breach or data leak) describes a situation where information, thought to be secure, is released in an untrusted environment.
8.1.9
Privilege escalation
39
Privilege escalation describes a situation where an at- An indirect attack is an attack launched by a third-party
tacker gains elevated privileges or access to resources that computer. By using someone elses computer to launch
an attack, it becomes far more dicult to track down the
were once restricted to them.
actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such
as the Tor onion router system.
8.1.10
Exploits
8.1.11
8.2.3 Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transThe main target is to convince the user by means of psy- portation infrastructure. Security can be compromised
chological ways to disclose secrets such as passwords, by hardware and software malpractice, human error, and
card numbers, etc. by, for example, impersonating a faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage,
bank, a contractor, or a customer.[3]
40
industrial competition, terrorist attack, mechanical mal- and ctional assassination of supreme leader Kim Jongfunction, and human error.[7]
un.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry
range from loss of condentiality to loss of system integrity, which may lead to more serious concerns such
as exltration (data theft or loss), network and air trac
control outages, which in turn can lead to airport closures,
loss of aircraft, loss of passenger life. Military systems
that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or
well funded; for a power outage at an airport alone can
cause repercussions worldwide.[8] One of the easiest and,
arguably, the most dicult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specic radio frequencies. These transmissions may spoof air trac controllers or simply disrupt communications altogether.[9] Controlling aircraft
over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles oshore. Beyond the
radars sight controllers must rely on periodic radio communications with a third party. [10] Another attack vector
of concern is onboard wi systems.[11]
8.2.4
Consumer devices
8.2.6 Automobiles
With physical access to a cars internal controller area network, hackers have demonstrated the ability to disable
the brakes and turn the steering wheel.[13] Computerized
engine timing, cruise control, anti-lock brakes, seat belt
tensioners, door locks, airbags and advanced driver assistance systems make these disruptions possible, and selfdriving cars go even further. Connected cars may use wi
and bluetooth to communicate with onboard consumer
devices, and the cell phone network to contact concierge
and emergency assistance services or get navigational or
entertainment information; each of these networks is a
potential entry point for malware or an attacker.[13] Researchers in 2011 were even able to use a malicious
compact disc in a cars stereo system as a successful attack vector,[14] and cars with built-in voice recognition
or remote assistance features have onboard microphones
which could be used for eavesdropping. A 2015 report
by U.S. Senator Edward Markey criticized manufacturers security measures as inadequate and also highlighted
privacy concerns about driving, location, and diagnostic
data being collected, which is vulnerable to abuse by both
manufacturers and hackers.[15]
8.3 Financial
breaches
cost
of
security
41
dure, or technique that reduces a threat, a vulnerability,
or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting
it so that corrective action can be taken.[19][20] An alternate meaning of countermeasure from the InfosecToday
glossary[21] is:
At the same time, many organizations are improving security and many types of cyber criminals are nding ways
to continue their activities. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware
infections, denial-of-service attacks, password sning,
and web site defacements were signicantly higher than
in the previous two years.[23]
42
cost of technology, such as DNA testing, and improved forensics mean less money for other kinds of
law enforcement, so the overall rate of criminals not
getting dealt with goes up as the cost of the technology increases. In addition, the identication of attackers across a network may require logs from various points in the network and in many countries, the
release of these records to law enforcement (with
the exception of being voluntarily surrendered by a
network administrator or a system administrator) requires a search warrant and, depending on the circumstances, the legal proceedings required can be
drawn out to the point where the records are either
regularly destroyed, or the information is no longer
relevant.
8.4.4
Security by design
43
The principle of least privilege, where each part of 8.4.6 Hardware protection mechanisms
the system has only the privileges that are needed
for its function. That way even if an attacker gains See also: Computer security compromised by hardware
access to that part, they have only limited access to failure
the whole system.
While hardware may be a source of insecurity, such
Automated theorem proving to prove the correctas with microchip vulnerabilities maliciously introduced
ness of crucial software subsystems.
during the manufacturing process,[27][28] hardware-based
Code reviews and unit testing, approaches to make or assisted computer security also oers an alternamodules more secure where formal correctness tive to software-only computer security. Using devices
and methods such as dongles, trusted platform modules,
proofs are not possible.
intrusion-aware cases, drive locks, disabling USB ports,
Defense in depth, where the design is such that more and mobile-enabled access may be considered more sethan one subsystem needs to be violated to compro- cure due to the physical access (or sophisticated backdoor
mise the integrity of the system and the information access) required in order to be compromised. Each of
these is covered in more detail below.
it holds.
Default secure settings, and design to fail secure
rather than fail insecure (see fail-safe for the
equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious,
knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
Audit trails tracking system activity, so that when
a security breach occurs, the mechanism and extent
of the breach can be determined. Storing audit trails
remotely, where they can only be appended to, can
keep intruders from covering their tracks.
Full disclosure of all vulnerabilities, to ensure that
the "window of vulnerability" is kept as short as possible when bugs are discovered.
USB dongles are typically used in software licensing schemes to unlock software capabilities,[29] but
they can also be seen as a way to prevent unauthorized access to a computer or other devices software. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key. The principle is that an encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides a stronger measure of security, since it is harder to hack and replicate the dongle than to simply copy the native software to another machine and use it. Another security application for dongles is to use them for accessing web-based content such as cloud software or
Virtual Private Networks (VPNs).[30] In addition, a
44
8.4.7
45
guards, database servers, and management hosts and are 8.4.9 Capabilities and access control lists
used not only to protect the data stored on these systems
but also to provide a high level of protection for network
Main articles: Access control list and Capability (comconnections and routing services.
puters)
8.4.8
Secure coding
Within computer systems, two of many security models capable of enforcing privilege separation are access
control lists (ACLs) and capability-based security. Using
ACLs to conne programs has been proven to be insecure in many situations, such as if the host computer can
be tricked into indirectly allowing restricted le access, an
issue known as the confused deputy problem. It has also
been shown that the promise of ACLs of giving access
to an object to only one person can never be guaranteed
in practice. Both of these problems are resolved by capabilities. This does not mean practical aws exist in all
ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they
do not introduce aws.
Capabilities have been mostly restricted to research
operating systems, while commercial OSs still use ACLs.
Capabilities can, however, also be implemented at the
language level, leading to a style of programming that is
essentially a renement of standard object-oriented design. An open source project in the area is the E language.
46
8.5.1
Robert Morris and the rst computer 8.5.5 Global surveillance disclosures
worm
8.5.2
Rome Laboratory
In 1994, over a hundred intrusions were made by unidentied crackers into the Rome Laboratory, the US Air
Forces main command and research facility. Using
trojan horses, hackers were able to obtain unrestricted
access to Romes networking systems and remove traces
of their activities. The intruders were able to obtain
classied les, such as air tasking order systems data
and furthermore able to penetrate connected networks of
National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force
Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center
user.[41]
8.5.3
In early 2007, American apparel and home goods company TJX announced that it was the victim of an
unauthorized computer systems intrusion[42] and that
the hackers had accessed a system that stored data on
credit card, debit card, check, and merchandise return
transactions.[43]
8.5.4
Stuxnet attack
Conict of laws in cyberspace[55] has become a major cause of concern for computer security community.
Some of the main challenges and complaints about the
antivirus industry are the lack of global web regulations,
a global base of common rules to judge, and eventually
punish, cyber crimes and cyber criminals. There is no
global cyber law[56] and cyber security treaty[57] that can
be invoked for enforcing global cyber security issues.
International legal issues of cyber attacks[58] are really
tricky and complicated in nature.[59] For instance, even
if an antivirus rm locates the cyber criminal behind
the creation of a particular virus or piece of malware
or again one form of cyber attack, often the local authorities cannot take action due to lack of laws under
which to prosecute.[60][61] This is mainly caused by the
fact that many countries have their own regulations regarding cyber crimes. Authorship attribution for cyber
47
crimes and cyber attacks has become a major problem 8.7.1 Publicprivate cooperation
for international law enforcement agencies.[62]
"[Computer viruses] switch from one country to another, The cybersecurity act of 2010 establishes the creation of
from one jurisdiction to another moving around the an advisory panel, each member of this panel will be apworld, using the fact that we don't have the capability to pointed by the President of the United-States. They must
the pubglobally police operations like this. So the Internet is as represent the private sector, the academic sector,
[68]
lic
sector
and
the
non-prot
organisations.
The
purif someone [had] given free plane tickets to all the onpose
of
the
panel
is
to
advise
the
government
as
well
as
[60]
line criminals of the world.
(Mikko Hyppnen) Use
help
improve
strategies.
of dynamic DNS, fast ux and bullet proof servers have
added own complexities to this situation.[63]
Businesses are eager to expand to less developed countries due to the low cost of labor, says White et al.
(2012). However, these countries are the ones with the
least amount of Internet safety measures, and the Internet Service Providers are not so focused on implementing
those safety measures (2010). Instead, they are putting
their main focus on expanding their business, which exposes them to an increase in criminal activity.[64]
In response to the growing problem of cyber crime, the
European Commission established the European Cybercrime Centre (EC3).[65] The EC3 eectively opened on
1 January 2013 and will be the focal point in the EUs
ght against cyber crime, contributing to faster reaction
to online crimes. It will support member states and the
EUs institutions in building an operational and analytical
capacity for investigations, as well as cooperation with
international partners.[66]
8.7 Government
48
8.8.3
csrc.nist.gov : The Computer Security Division (Computer Security Resource Center) of the
National Institute of Standards and Technology. Its
mission is to provide assistance, guidelines, specications, minimum information security requirements...
8.8.4
On May 12, 2011, the White House sent Congress a proposed cybersecurity law designed to force companies to
do more to fend o cyberattacks, a threat that has been
reinforced by recent reports about vulnerabilities in systems used in power and water utilities.[73]
Executive order 13636 Improving Critical Infrastructure In October 2009, the Department of Homeland Security
Cybersecurity was signed February 12, 2013.
opened the National Cybersecurity and Communications
Integration Center. The center brings together government organizations responsible for protecting computer
8.8.5 White House Cybersecurity Summit networks and networked infrastructure.[77]
President Obama called for a cybersecurity summit, held
FBI
at Stanford University in February 2015.[74]
8.8.6
Government initiatives
49
DoD civilians and contractors, who oversee the commands operationally focused global strategic mission.
The United States Cyber Command, also known as USCYBERCOM, is a sub-unied command subordinate to
USSTRATCOM. Its mission are to plan, coordinate, integrate, synchronize and conduct activities to: direct the
operations and defense of specied Department of Defense information networks and; prepare to, and when
directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure
US/Allied freedom of action in cyberspace and deny the
same to our adversaries.[84]
8.8.8 FCC
The U.S. Federal Communications Commission's role in
cyber security is to strengthen the protection of critical
communications infrastructure, to assist in maintaining
the reliability of networks during disasters, to aid in swift
recovery after, and to ensure that rst responders have
access to eective communications services.[85]
8.8.9 Computer
Team
Emergency
Readiness
Department of Justice
50
8.9.4
Canada
51
protect network security. February 27, 2014, the Chinese
network security and information technology leadership
team is established. The leadership team will focus on national security and long-term development, co-ordination
of major issues related to network security and information technology economic, political, cultural, social, and
military and other elds of research to develop network
security and information technology strategy, planning
and major macroeconomic policy promote national network security and information technology law, and constantly enhance security capabilities.
8.10.1 Europe
CSIRTs in Europe collaborate in the TERENA task
force TF-CSIRT. TERENA's Trusted Introducer service
provides an accreditation and certication scheme for
CSIRTs in Europe. A full list of known CSIRTs in Europe is available from the Trusted Introducer website.
Public Safety Canadas Canadian Cyber Incident Re- 8.10.2 Other countries
sponse Centre (CCIRC) is responsible for mitigating and
responding to threats to Canadas critical infrastructure
CERT Brazil, member of FIRST (Forum for Inciand cyber systems. The CCIRC provides support to
dent Response and Security Teams)
mitigate cyber threats, technical support to respond and
recover from targeted cyber attacks, and provides on CARNet CERT, Croatia, member of FIRST
line tools for members of Canadas critical infrastruc AE CERT, United Arab Emirates
ture sectors.[108] The CCIRC posts regular cyber security
[109]
bulletins on the Public Safety Canada website.
The
SingCERT, Singapore
CCIRC also operates an online reporting tool where individuals and organizations can report a cyber incident.[110]
CERT-LEXSI, France, Canada, Singapore
Canadas Cyber Security Strategy is part of a larger, integrated approach to critical infrastructure protection, and
functions as a counterpart document to the National Strat8.11 Cybersecurity and modern
egy and Action Plan for Critical Infrastructure.[105]
On September 27, 2010, Public Safety Canada partnered with STOP.THINK.CONNECT, a coalition of
non-prot, private sector, and government organizations
dedicated to informing the general public on how to protect themselves online.[111] On February 4, 2014, the
Government of Canada launched the Cyber Security Cooperation Program.[112] The program is a $1.5 million
ve-year initiative aimed at improving Canadas cyber
systems through grants and contributions to projects in
support of this objective.[113] Public Safety Canada aims
to begin an evaluation of Canadas Cyber Security Strategy in early 2015.[105] Public Safety Canada administers
and routinely updates the GetCyberSafe portal for Canadian citizens, and carries out Cyber Security Awareness
Month during October.[114]
warfare
52
Security Administrator
Installs and manages organization-wide security systems. May also take on some of the tasks of a security analyst in smaller organizations.
8.13 Terminology
The following terms used with regards to engineering seSecurity Analyst Analyzes and assesses vulnerabilities cure systems are explained below.
in the infrastructure (software, hardware, networks),
investigates available tools and countermeasures to
Access authorization restricts access to a computer
remedy the detected vulnerabilities, and recomto group of users through the use of authentication
mends solutions and best practices. Analyzes and
systems. These systems can protect either the
assesses damage to the data/infrastructure as a rewhole computer such as through an interactive
sult of security incidents, examines available recovlogin screen or individual services, such as an
ery tools and processes, and recommends solutions.
FTP server. There are many methods for identiTests for compliance with security policies and profying and authenticating users, such as passwords,
cedures. May assist in the creation, implementation,
identication cards, and, more recently, smart cards
and/or management of security solutions.
and biometric systems.
Security Engineer
Anti-virus software consists of computer programs
that attempt to identify, thwart and eliminate
Performs security monitoring, security and data/logs
computer viruses and other malicious software
analysis, and forensic analysis, to detect security
(malware).
incidents, and mounts incident response. Investigates and utilizes new technologies and processes
Applications with known security aws should not
to enhance security capabilities and implement imbe run. Either leave it turned o until it can be
provements. May also review code or perform other
patched or otherwise xed, or delete it and replace it
security engineering methodologies.
with some other application. Publicly known aws
are the main entry used by worms to automatically
Security Architect
break into a system and then spread to other sysDesigns a security system or major components of a setems connected to it. The security website Secunia
provides a search tool for unpatched known aws in
curity system, and may head a security design team
popular products.
building a new security system.
8.13. TERMINOLOGY
Authentication techniques can be used to ensure that
communication end-points are who they say they
are.
Automated theorem proving and other verication
tools can enable critical algorithms and code used in
secure systems to be mathematically proven to meet
their specications.
Backups are a way of securing information; they are
another copy of all the important computer les kept
in another location. These les are kept on hard
disks, CD-Rs, CD-RWs, tapes and more recently on
the cloud. Suggested locations for backups are a reproof, waterproof, and heat proof safe, or in a separate, osite location than that in which the original
les are contained. Some individuals and companies
also keep their backups in safe deposit boxes inside
bank vaults. There is also a fourth option, which
involves using one of the le hosting services that
backs up les over the Internet for both business and
individuals, known as the cloud.
53
Cryptographic techniques can be used to defend
data in transit between systems, reducing the probability that data exchanged between systems can be
intercepted or modied.
Cyberwarfare is an Internet-based conict that involves politically motivated attacks on information
and information systems. Such attacks can, for example, disable ocial websites and networks, disrupt or disable essential services, steal or alter classied data, and criple nancial systems.
Data integrity is the accuracy and consistency of
stored data, indicated by an absence of any alteration
in data between two updates of a data record.[126]
54
Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by
crackers. They can be used to catch crackers or x
vulnerabilities.
L. Jean Camp
Cynthia Dwork
A microkernel is the near-minimum amount of software that can provide the mechanisms to implement
an operating system. It is used solely to provide
very low-level, very precisely dened machine code
upon which an operating system can be developed.
A simple example is the early '90s GEMSOS (Gemini Computers), which provided extremely low-level
machine code, such as segment management, atop
which an operating system could be built. The theory (in the case of segments) was thatrather
than have the operating system itself worry about
mandatory access separation by means of militarystyle labelingit is safer if a low-level, independently scrutinized module can be charged solely
with the management of individually labeled segments, be they memory segments or le system
segments or executable text segments. If software below the visibility of the operating system is
(as in this case) charged with labeling, there is no
theoretically viable means for a clever hacker to subvert the labeling scheme, since the operating system
per se does not provide mechanisms for interfering
with labeling: the operating system is, essentially,
a client (an application, arguably) atop the microkernel and, as such, subject to its restrictions.
Ian Goldberg
Pinging The ping application can be used by potential crackers to nd if an IP address is reachable. If
a cracker nds a computer, they can try a port scan
to detect and attack services on that computer.
Social engineering awareness keeps employees
aware of the dangers of social engineering and/or
having a policy in place to prevent social engineering can reduce successful breaches of the network
and servers.
8.14 Scholars
Lance Cottrell
Lorrie Cranor
Deborah Estrin
Joan Feigenbaum
Sha Goldwasser
Lawrence A. Gordon
Peter Gutmann
Paul Kocher
Monica S. Lam
Brian LaMacchia
Kevin Mitnick
Bruce Schneier
Dawn Song
Gene Spaord
Joseph Steinberg
Moti Yung
Rakshit Tandon
Matt Blaze
Ross J. Anderson
Annie Anton
Content security
Adam Back
Countermeasure (computer)
Daniel J. Bernstein
Stefan Brands
Dancing pigs
55
8.17 References
[1] Reliance spells end of road for ICT amateurs, May 07,
2013, The Australian
[2] http://www.evolllution.com/opinions/
cybersecurity-understanding-online-threat/
[3] Arcos Sergio. Social Engineering (PDF).
[4] Moore, R. (2005) Cybercrime: Investigating HighTechnology Computer Crime, Cleveland, Mississippi:
Anderson Publishing.
[5] J. C. Willemssen, FAA Computer Security. GAO/TAIMD-00-330. Presented at Committee on Science,
House of Representatives, 2000.
[6] Pagliery, Jose. Hackers attacked the U.S. energy grid 79
times this year. CNN Money. Cable News Network. Retrieved 16 April 2015.
[7] P. G. Neumann, Computer Security in Aviation, presented at International Conference on Aviation Safety and
Security in the 21st Century, White House Commission
on Safety and Security, 1997.
[8] J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 6570.
[9] http://www.securityweek.com/
air-traffic-control-systems-vulnerabilities-could-make-unfriendly-skies-blac
[10] http://www.npr.org/blogs/
alltechconsidered/2014/08/04/337794061/
hacker-says-he-can-break-into-airplane-systems-using-in-flight-wi-fi
[11] http://www.reuters.com/article/2014/08/04/
us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804
[12] http://www.npr.org/blogs/
alltechconsidered/2014/08/06/338334508/
is-your-watch-or-thermostat-a-spy-cyber-security-firms-are-on-it
Risk cybernetics
Cyber Insurance
56
[13] http://www.vox.com/2015/1/18/7629603/
car-hacking-dangers
[14] http://www.autosec.org/pubs/cars-usenixsec2011.pdf
[15] http://www.markey.senate.gov/imo/media/doc/
2015-02-06_MarkeyReport-Tracking_Hacking_
CarSecurity%202.pdf
[16] Cashell, B., Jackson, W. D., Jickling, M., & Webel, B.
(2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance
Division. Washington DC: The Library of Congress.
[17] Gordon, Lawrence; Loeb, Martin (November 2002).
The Economics of Information Security Investment.
ACM Transactions on Information and System Security 5
(4): 438-457. doi:10.1145/581271.581274.
[18] Krebs, Brian. Massive Prots Fueling Rogue Antivirus
Market. Washington Post. Retrieved 13 June 2014.
[19] RFC 2828 Internet Security Glossary
[20] CNSS Instruction No. 4009 dated 26 April 2010
[21] InfosecToday Glossary
[22] Symantec. (2010). State of Enterprise Security 2010.
[23] Richardson, R. (2010). 2009 CSI Computer Crime & Security Survey. Computer Security Institute. Computer
Security Institute.
MyFox Twin
[47] Chris Carroll (18 October 2011). Cone of silence surrounds U.S. cyberwarfare. Stars and Stripes. Retrieved
30 October 2011.
[48] John Bumgarner (27 April 2010). Computers as
Weapons of War (PDF). IO Journal. Retrieved 30 October 2011.
[31] Lock and protect your Windows PC. TheWindowsClub.com. Retrieved 2014-03-20.
[32] James Greene (2012). Intel Trusted Execution Technology: White Paper (PDF). Intel Corporation. Retrieved
2013-12-18.
[33] SafeNet ProtectDrive 8.4. SCMagazine.com. 2008-1004. Retrieved 2014-03-20.
[34] Secure Hard Drives: Lock Down Your Data. PCMag.com. 2009-05-11.
8.17. REFERENCES
57
[71]
[72] Senators Say Cybersecurity Bill Has No Kill Switch. Informationweek.com. June 24, 2010. Retrieved June 25,
2010.
[73] Declan McCullagh, CNET. "White House proposes cybersecurity legislation. May 12, 2011. Retrieved May
12, 2011.
[74] http://www.usatoday.com/story/tech/2015/02/13/
obama-cybersecurity-summit-stanford/23328123/
[75] National Cyber Security Division. U.S. Department of
Homeland Security. Retrieved June 14, 2008.
[76] FAQ: Cyber Security R&D Center. U.S. Department
of Homeland Security S&T Directorate. Retrieved June
14, 2008.
[77] AFP-JiJi, U.S. boots up cybersecurity center, October
31, 2009.
[78] Federal Bureau of Investigation - Priorities. Federal Bureau of Investigation.
[79] Internet Crime Complaint Center
[63] Dynamic DNS, Fast Flux, Bullet Proof Servers And Botnet: A Paradise For Cyber Criminals. Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 27 April 2013. Retrieved 6 September
2014.
[64] White, G., & Long, J. (2010). Global information security factors. International Journal of Information Security and Privacy (IJISP), 4(2), 49-60. doi:10.4018/jisp.
2010040104
[65] European Cybercrime Centre set for launch. VirusBulletin.
[67] Kirby, Carrie (June 24, 2011). Former White House aide
backs some Net regulation / Clarke says government, industry deserve 'F' in cybersecurity. The San Francisco
Chronicle.
[69] Text of H.R.4962 as Introduced in House: International Cybercrime Reporting and Cooperation Act - U.S.
Congress. OpenCongress. Retrieved 2013-09-25.
[70] H.R.4962 - International Cybercrime Reporting and Cooperation Act, OpenCongress.org. Retrieved on June 26,
2010.
Retrieved 10
[83] CCIPS.
Infragard.
[90] MAAWG.
[91] Kwanwoo Jun (23 September 2013). Seoul Puts a Price
on Cyberdefense. Wall Street Journal. Dow Jones &
Company, Inc. Retrieved 24 September 2013.
[92] South Korea seeks global support in cyber attack probe.
BBC Monitoring Asia Pacic. 7 March 2011.
[93] Cyber Security Laws In India Needed. Centre Of Excellence For Cyber Security Research And Development In
India (CECSRDI). 9 March 2014. Retrieved 6 September
2014.
58
[94] National Cyber Security Policy Of India 2013 (NCSP [110] Report a Cyber Security Incident. Public Safety
2013)". Centre Of Excellence For Cyber Security ReCanada. Government of Canada. Retrieved 3 November
search And Development In India (CECSRDI). 26 Decem2014.
ber 2013. Retrieved 6 September 2014.
[111] Government of Canada Launches Cyber Security Awareness Month With New Public Awareness Partnership.
[95] Cyber Security Trends And Developments In India
Market Wired (Government of Canada). 27 September
2013 (PDF). Perry4Laws Techno Legal Base (PTLB). 30
2012. Retrieved 3 November 2014.
December 2013. Retrieved 6 September 2014.
[96] National Cyber Security Policy Of India Has Failed To [112] Cyber Security Cooperation Program. Public Safety
Canada. Retrieved 1 November 2014.
Protect Privacy Rights In India. Centre Of Excellence For
Cyber Security Research And Development In India (CEC[113] Cyber Security Cooperation Program. Public Safety
SRDI). 4 July 2013. Retrieved 6 September 2014.
Canada.
[97] Civil Liberties Protection In Cyberspace. Human Rights [114] GetCyberSafe. Get Cyber Safe. Government of Canada.
Protection In Cybersapce. 20 June 2009. Retrieved 6
Retrieved 3 November 2014.
September 2014.
[115] Clayton, Mark. The new cyber arms race. The Christian
[98] Indian Government Is Planning A Legislation Mandating
Science Monitor. Retrieved 16 April 2015.
Strict Cyber Security Disclosure Norms In India. Centre
Of Excellence For Cyber Security Research And Develop- [116] Clayton, Mark. The new cyber arms race. The Christian
Science Monitor. Retrieved 16 April 2015.
ment In India (CECSRDI). 27 March 2013. Retrieved 6
September 2014.
[117] The Growth of Cybersecurity Jobs. Mar 2014. Retrieved 24 April 2014.
[99] Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013. Cyber Laws In
[118] de Silva, Richard (11 Oct 2011). Government vs. ComIndia And Technology Laws And Regulations In India. 7
merce: The Cyber Security Industry and You (Part One)".
April 2014. Retrieved 6 September 2014.
Defence IQ. Retrieved 24 Apr 2014.
[100] Cyber Security Obligations Of Directors Of Indian Com[119] Department of Computer Science. Retrieved April 30,
panies Under Indian Companies Act, 2013. Centre Of
2013.
Excellence For Cyber Security Research And Development
In India (CECSRDI). 6 April 2014. Retrieved 6 Septem- [120] "(Information for) Students. NICCS (US National Iniber 2014.
tiative for Cybercareers and Studies). Retrieved 24 April
2014.
[101] Cyber Security Issues Of E-Commerce Business In India. E-Retailing Laws And Regulations In India. 13 Au- [121] Current Job Opportunities at DHS. U.S. Department of
gust 2014. Retrieved 6 September 2014.
Homeland Security. Retrieved 2013-05-05.
[102] (Press Release) Government of Canada Launches [122] Cybersecurity Training & Exercises. U.S. Department
of Homeland Security. Retrieved 2015-01-09.
Canadas Cyber Security Strategy. Market Wired. 3 October 2010. Retrieved 1 November 2014.
[123] Cyber Security Awareness Free Training and Webcasts.
MS-ISAC (Multi-State Information Sharing & Analysis
[103] Canadas Cyber Security Strategy.
Center. Retrieved 9 January 2015.
[104] Canadas Cyber Security Strategy.
Public Safety
Canada. Government of Canada. Retrieved 1 November [124] Security Training Courses. LearnQuest. Retrieved
2015-01-09.
2014.
[125] Condentiality. Retrieved 2011-10-31.
[105] Action Plan 2010-2015 for Canadas Cyber Security
Strategy. Public Safety Canada. Government of Canada. [126] Data Integrity. Retrieved 2011-10-31.
Retrieved 3 November 2014.
[127] Endpoint Security. Retrieved 2014-03-15.
[106] Cyber Incident Management Framework For Canada.
Public Safety Canada. Government of Canada. Retrieved
3 November 2014.
Public
[109] Cyber Security Bulletins. Public Safety Canada. Retrieved 1 November 2014.
Chapter 9
Computer worm
This article is about malware. For the data storage device, see Write Once Read Many. For other uses, see
worm (disambiguation).
A computer worm is a standalone malware computer
59
60
may have made these systems more secure, it generated
considerable network trac, rebooted the machine in the
course of patching it, and did its work without the consent of the computers owner or user. Regardless of their
payload or their writers intentions, most security experts
regard all worms as malware.
Several worms, like XSS worms, have been written to research how worms spread. For example, the eects of
changes in social activity or user behavior. One study
proposed what seems to be the rst computer worm
that operates on the second layer of the OSI model
(Data link Layer), it utilizes topology information such
as Content-addressable memory (CAM) tables and Spanning Tree information stored in switches to propagate and
probe for vulnerable nodes until the enterprise network is
covered.[11]
9.4 History
61
Computer virus
Helpful worm
Spam
Timeline of notable computer viruses and worms
9.6 References
[1] Barwise, Mike. What is an internet worm?". BBC. Retrieved 9 September 2010.
[2] Dierence between a computer virus and a computer
worm. USCB SicienceLine.
[3] Ray, Tiernan (February 18, 2004). Business & Technology: E-mail viruses blamed as spam rises sharply. The
Seattle Times.
[4] McWilliams, Brian (October 9, 2003). Cloaking Device
Made for Spammers. Wired.
[5] Unavailable.
[6] Uncovered: Trojans as Spam Robots. hiese online.
2004-02-21. Archived from the original on 2009-05-28.
Retrieved 2012-11-02.
[7] Hacker threats to bookies probed. BBC News. February
23, 2004.
[8] Computer Worm Information and Removal Steps. Veracode. Retrieved 2015-04-04.
[9] Sony Ships Sneaky DRM Software.
2005-11-01. Retrieved 2012-06-10.
Pcworld.com.
Malware Guide Guide for understanding, removing and preventing worm infections on Vernalex.com.
The 'Worm' Programs Early Experience with
a Distributed Computation, John Shoch and Jon
Hupp, Communications of the ACM, Volume 25 Issue 3 (March 1982), pages 172180.
The Case for Using Layered Defenses to Stop
Worms, Unclassied report from the U.S. National
Security Agency (NSA), 18 June 2004.
Worm Evolution, paper by Jago Maniscalchi on Digital Threat, 31 May 2009.
Chapter 10
Crimeware
Vulnerabilities in Web applications. The Bankash.G
Trojan, for example, exploited an Internet Explorer
vulnerability to steal passwords and monitor user input on webmail and online commerce sites.[3]
Targeted attacks sent via SMTP. These socialengineered threats often arrive disguised as a valid
e-mail messages and include specic company information and sender addresses. The malicious emails use social engineering to manipulate users to
open the attachment and execute the payload.[4]
Remote exploits that exploit vulnerabilities on
servers and clients
10.1 Examples
10.3 Concerns
Sarbanes-Oxley Act
Health Insurance Portability and Accountability Act
(HIPAA)
Gramm-Leach-Bliley Act
Family Educational Rights and Privacy Act
10.5 References
[1] Crimeware: Understanding New Attacks and Defenses.
informit.
[2] "Cyberthieves Silently Copy Your Password" [The New
York Times]
[3] Symantec Internet Security Report, Vol. IX, March 2006,
p. 71
[4] "Protecting Corporate Assets from E-mail Crimeware"
Avinti, Inc., p.1,
[5] CSI/FBI Computer Crime and Security Survey 2005, p.15
63
Chapter 11
Cryptovirology
Cryptovirology is a eld that studies how to use
cryptography to design powerful malicious software. The
eld was born with the observation that public-key cryptography can be used to break the symmetry between
what a malware analyst sees regarding malware and what
the malware creator sees. The former sees a public key
in the malware whereas the latter sees the public key as
well as the corresponding private key since the malware
designer created the key pair for the attack. The public
key allows the malware to perform trapdoor one-way operations on the victims computer that only the malware
creator can undo.
The rst attack that was identied in the eld is called
cryptoviral extortion.[1] In this attack a virus, worm,
or trojan hybrid encrypts the victims les and the victim must pay the malware author to receive the needed
session key (which is encrypted under the malware creators public key that is contained in the malware). The
victim needs the session key if the les are needed and
there are no backups of them.
The eld also encompasses covert attacks in which the attacker secretly steals private information such as private
keys. An example of the latter type of attack are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the
attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that nds
it can use it. Kleptography, a subeld of cryptovirology,
is the study of asymmetric back doors in key generation
algorithms, digital signature algorithms, key exchanges,
and other cryptographic algorithms. The NIST Dual EC
DRBG random bit generator has an alleged asymmetric
backdoor in it. The EC-DRBG algorithm utilizes the
discrete-log kleptogram from Kleptography. There is a
misconception that cryptovirology is mostly about extortion attacks (overt attacks). In fact, the vast majority of
cryptovirology attacks are covert in nature.
When the public key is fake, the attacker gets no plaintext from the trojan. So whats the use? A spoong attack is possible in which some trojans are released that
11.1 General information
use real public keys and steal data and some trojans are
released that use fake public keys and do not steal data.
Cryptovirology was born in academia.[1][2] However, Many months after the trojans are discovered and anapractitioners have recently expanded the scope of the eld lyzed, the attacker anonymously posts the witnesses of
64
65
non-encryption for the fake public keys. This proves that 11.4 Other uses of cryptography
those trojans never in fact exltrated data. This casts
enabled malware
doubt on the true nature of future strains of malware that
contain such public keys, since the keys could be real
or fake. This attack implies a fundamental limitation on Apart from cryptoviral extortion, there are other potential uses[2] of cryptoviruses. They are used in deniable
proving data theft.
password snatching, used with cryptocounters, used with
There are many other attacks in the eld of cryptovirology private information retrieval and used in secure comthat are not mentioned here.
munication between dierent instances of a distributed
cryptovirus.
Chapter 12
DEF CON
This article is about the computer security convention. several tracks of speakers about computer- and crackingFor other uses, see Defcon (disambiguation).
related subjects, as well as social events and contests in
DEF CON (also written as DEFCON or Defcon) is everything from creating the longest Wi-Fi connection
and cracking computer systems to who can most eectively cool a beer in the Nevada heat. Other contests
include lockpicking, robotics-related contests (discontinued), art, slogan, coee wars (not currently running),
scavenger hunt and Capture the Flag. Capture the Flag
(CTF) is perhaps the best known of these contests. It is a
hacking competition where teams of crackers attempt to
attack and defend computers and networks using certain
software and network structures. CTF has been emulated
at other cracking conferences as well as in academic and
military contexts.
67
12.1 History
12.2.4 2007
The court issued a temporary restraining order prohibiting the students from disclosing the material for a period of ten days, despite the fact the material had already
been disseminated to DefCon attendees at the start of the
show.
12.2.5 2008
Main article: Massachusetts Bay Transportation Authority v. Anderson
MIT students Zack Anderson, R.J. Ryan and Alessandro Chiesa were to present a session entitled The
Anatomy of a Subway Hack: Breaking Crypto RFIDS
and Magstripes of Ticketing Systems. The presentation description included the phrase Want free subway
rides for life?" and promised to focus on the Boston T
subway.[8] However, the Massachusetts Bay Transit Authority (MBTA) sued the students and MIT in United
A semi-ctionalized account of DefCon II, Cyber Christ States District Court in Massachusetts on August 8,
Meets Lady Luck written by Winn Schwartau demon- claiming that the students violated the Computer Fraud
strates some of the early DefCon culture.[5]
and Abuse Act (CFAA) by delivering information to
conference attendees that could be used to defraud the
MBTA of transit fares.[9][10]
12.2.1
1999
On July 10, 1999, the Cult of the Dead Cow hacker collective released Back Orice 2000 at DEF CON 7, in
what was, at the time, the largest presentation in DEF
CON history.
12.2.2
2001
12.2.6 2009
12.2.3
2005
12.2.7 2011
On July 31, 2005, Cisco used legal threats to suppress Security company HBGary Federal used legal threats to
Mike Lynn from presenting at DEF CON about aws he prevent former CEO Aaron Barr from attending a panel
discussion at the conference.[14]
had found in the Cisco IOS used on routers.[6]
68
12.2.8
2012
DEF CON 7 was held at the Alexis Park Resort July 911, 1999.
2000s:
DEF CON 8 was held at the Alexis Park Resort July 2830, 2000.
DEF CON 9 was held at the Alexis Park Resort July 1315, 2001.
DEF CON 10 was held at the Alexis Park Resort August 24, 2002.
DEF CON 11 was held at the Alexis Park Resort August 13, 2003.
DEF CON 12 was held at the Alexis Park Resort July 30 - August 1, 2004.
DEF CON 13 was held at the Alexis Park Resort July 2931, 2005.
DEF CON 14 was held at the Riviera Hotel &
Casino August 46, 2006.
DEF CON 15 was held at the Riviera Hotel &
Casino August 35, 2007.
DEF CON 16 was held at the Riviera Hotel &
Casino August 810, 2008.
DEF CON 17 was held at the Riviera Hotel &
Casino July 30 - August 2, 2009.
2010s:
12.2.9
2013
On July 11, 2013, Je Moss posted a statement,[17] located on the DEF CON blog, titled Feds, We Need Some
Time Apart. It stated that I think it would be best for everyone involved if the feds call a time-out and not attend
DEF CON this year.[18] This was the rst time in the organizations history that it had asked federal authorities
not to attend.[17]
Actor Will Smith visited the convention to study the DEF
CON culture for an upcoming movie role.[19]
DEF CON 4 was held at the Monte Carlo Resort and Casino July 2628, 1996.
12.5 References
[1] HNS. The Vulnerability Economy. Help Net Security.
Retrieved 2008-08-27.
[2] Zetter, Kim (3 August 2007). Dateline Mole Allegedly
at DefCon with Hidden Camera -- Updated: Mole Caught
on Tape. Wired Blog Network. Retrieved 2007-08-15.
According to DefCon sta, Madigan had told someone
she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigans plans. Federal law enforcement agents from FBI,
DoD, United States Postal Inspection Service and other
agencies regularly attend DefCon to gather intelligence on
the latest techniques of hackers.
[3] DEFCON 15 FAQs. Retrieved 9 Feb 2011. Lots of
people come to DEFCON and are doing their job; security
professionals, federal agents, and the press.
[4] Je Moss (July 30, 2007). The Story of DEFCON. Retrieved 9 Feb 2011.
[5] Winn Schwartau. Cyber Christ Meets Lady Luck
(PDF). Retrieved 9 Feb 2011.
[6] Lamos, Rob (31 July 2005). Exploit writers team up to
target Cisco routers. Security Focus. Retrieved 2004-0731.
[7] Cassel, David (4 August 2007). Transcript: Michelle
Madigans run from Defcon. Tech.Blorge.com. Retrieved 2007-08-15.
[8] Lundin, Leigh (2008-08-17). Dangerous Ideas. MBTA
v DefCon 16. Criminal Brief. Retrieved 2010-10-07.
[9] Jeschke, Rebecca (2008-08-09). MIT Students Gagged
by Federal Court Judge. Press Room. Las Vegas: EFF.
[10] Massachusetts Bay Transit Authority v. Zack Anderson,
RJ Ryan, Alessandro Chiesa, and the Massachusetts Institute of Technology (United States District Court District
of Massachusetts). Text
[11] Race to Zero. Contest concept.
[12] McMillan, Robert (April 2008). Security Vendors Slam
Defcon Virus Contest. IDG News Service.
[13] Malicious ATM Catches Hackers | Threat Level | WIRED
[14] Legal Threat Pushes Former HBGary Federal CEO Out
Of DEFCON. Business Security. Retrieved 8/10/2011.
Check date values in: |accessdate= (help)
[15] Greenberg, Andy. "Watch Top U.S. Intelligence Ocials
Repeatedly Deny NSA Spying On Americans Over The
Last Year (Videos). Forbes. June 6, 2013. Retrieved on
June 11, 2013. Eight months later, Senator Ron Wyden
quoted[...]"
[16] Wagenseil, Paul. "Hackers Don't Believe NSA Chiefs
Denial of Domestic Spying. (Archive) NBC News. August 1, 2012. Retrieved on June 13, 2013.
[17] Whitney, Lance. "Defcon to feds: 'We need some time
apart'. CNET. July 11, 2013. Retrieved on July 12, 2013.
69
Chapter 13
13.1 Classication
There are several methods of classifying exploits. The
most common is by how the exploit contacts the vulnerable software. A remote exploit works over a network and exploits the security vulnerability without any
prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually
increases the privileges of the person running the exploit
past those granted by the system administrator. Exploits
against client applications also exist, usually consisting
of modied servers that send an exploit if accessed with
a client application. Exploits against client applications
may also require some interaction with the user and thus
may be used in combination with the social engineering
method. Another classication is by the action against
the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples.
Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to
use several exploits, rst to gain low-level access, then
to escalate privileges repeatedly until one reaches root.
Normally a single exploit can only take advantage of a
specic software vulnerability. Often, when an exploit is
published, the vulnerability is xed through a patch and
the exploit becomes obsolete until newer versions of the
software become available. This is the reason why some
black hat hackers do not publish their exploits but keep
them private to themselves or other hackers. Such exploits are referred to as zero day exploits and to obtain
access to such exploits is the primary desire of unskilled
attackers, often nicknamed script kiddies.[1]
13.1.2 Pivoting
Pivoting refers to a method used by penetration testers
that uses the compromised system to attack other systems on the same network to avoid restrictions such as
rewall congurations, which may prohibit direct access
to all machines. For example, if an attacker compromises
a web server on a corporate network, the attacker can then
use the compromised web server to attack other systems
on the network. These types of attacks are often called
multi-layered attacks. Pivoting is also known as island
hopping.
Pivoting can further be distinguished into proxy pivoting
and VPN pivoting:
70
13.3. REFERENCES
Typically, the proxy or VPN applications enabling pivoting are executed on the target computer as the payload
(software) of an exploit.
13.3 References
[1] Whitman,Michael (2012). Chapter 2: The Need for Security. Principles of Information Security, Fourth Edition. Boston, Mass: Course Technology. p. 53.
[2] Metasploit Framework Pivoting, Digital Bond: Metasploit
Basics Part 3: Pivoting and Interfaces
71
Chapter 14
Firewall (computing)
FORWARD PATH
Application Layer
xfrm
clone packet
(e.g. ipsec)
Protocol Layer
decode
Network Layer
OUTPUT PATH
local
process
xfrm/socket
lookup
filter
input
mangle
by Jan Engelhardt
(based in part on Joshua Snyder's graph)
Last updated 2014-Feb-28; Linux 2.6.36+
no clone to
AF_PACKET
routing
decision
input
raw
prerouting
conntrack
raw
prerouting
conntrack
clone packet
taps (e.g.
AF_PACKET)
(start)
mangle
prerouting
nat
prerouting
Link Layer
ingress
(qdisc)
bridge
check
broute
brouting
nat
prerouting
mangle
prerouting
nat
prerouting
mangle
routing
decision
forward
mangle
filter
input
bridging
decision
forward
filter
forward
mangle
forward
filter
forward
nat
output
nat
postrouting
mangle
postrouting
nat
postrouting
conntrack
filter
output
mangle
postrouting
filter
forward
filter
forward
raw
output
xfrm
encode
mangle
postrouting
nat
postrouting
nat
postrouting
mangle
output
reroute
check
xfrm
lookup
nat
output
filter
output
nat
postrouting
clone packet
Other NF parts
Other Networking
egress
(qdisc)
AF_PACKET
interface
output
14.1 History
14.1. HISTORY
73
colleagues[5] that read, We are currently under at- the rewall exists to block telnet access, then the rewall
tack from an Internet VIRUS! It has hit Berkeley, will block the TCP protocol for port number 23.[10]
UC San Diego, Lawrence Livermore, Stanford, and
NASA Ames.
74
Web Application Firewall (WAF). WAF attacks may be for simple lters that require less time to lter than to
implemented in the tool WAF Fingerprinting utilizing look up a session. They may also be necessary for ltertiming side channels (WAFFle).[14]
ing stateless network protocols that have no concept of a
session. However, they cannot make more complex decisions based on what stage communications between hosts
have reached.
14.2 Types
Newer rewalls can lter trac based on many packet
attributes like source IP address, source port, destination
IP address or port, destination service like WWW or FTP.
They can lter based on protocols, TTL values, netblock
of originator, of the source, and many other attributes.
Commonly used packet lters on various versions of
Unix are IPFilter (various), ipfw (FreeBSD/Mac OS X),
NPF (NetBSD), PF (OpenBSD, and some other BSDs),
iptables/ipchains (Linux).
14.2.2 Application-layer
Main article: Application layer rewall
14.2.1
14.4. REFERENCES
limitations, application rewalls are beginning to be supplanted by a new generation of application rewalls that
rely on mandatory access control (MAC), also referred to
as sandboxing, to protect vulnerable services.[17]
14.2.3
Proxies
75
Comparison of rewalls
Computer security
Distributed rewall
Egress ltering
End-to-end connectivity
Firewall pinhole
Firewalls and Internet Security
Golden Shield Project
Guard (information security)
IP fragmentation attacks
List of Unix-like router or rewall distributions
Next-Generation Firewall
Mangled packet
Personal rewall
Screened-subnet rewall
Unidirectional network
Unied threat management
Virtual rewall
Vulnerability scanner
14.2.4
14.4 References
[1] Oppliger, Rolf (May 1997). Internet Security: FIREWALLS and BEYOND. Communications of the ACM
40 (5): 94. doi:10.1145/253769.253802.
[2] What is Firewall?". Retrieved 2015-02-12.
[3] Denition of Firewall, Check Point Resources
[4] Ingham, Kenneth; Forrest, Stephanie (2002). A History and Survey of Network Firewalls (PDF). Retrieved
2011-11-25.
[5] Firewalls by Dr.Talal Alkharobi
[6] RFC 1135 The Helminthiasis of the Internet
[7] Ingham, Kenneth; Forrest, Stephanie (2002). A History
and Survey of Network Firewalls (PDF). p. 4. Retrieved
2011-11-25.
[8] TCP vs. UDP By Erik Rodriguez
[9] William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin (2003). "Google Books Link". Firewalls and Internet
Security: repelling the wily hacker
[10] Aug 29, 2003 Virus may elude computer defenses by
Charles Duhigg, Washington Post
76
[11] Proceedings of National Conference on Recent Developments in Computing and Its Applications, August 1213,
2009. I.K. International Pvt. Ltd. 2009-01-01. Retrieved
2014-04-22.
[12] Conway, Richard (204). Code Hacking: A Developers
Guide to Network Security. Hingham, Massachusetts:
Charles River Media. p. 281. ISBN 1-58450-314-9.
[13] Chang, Rocky (October 2002). Defending Against
Flooding-Based Distributed Denial-of-Service Attacks:
A Tutorial. IEEE Communications Magazine 40 (10):
4243. doi:10.1109/mcom.2002.1039856.
[14] WAFFle: Fingerprinting Filter Rules of Web Application Firewalls. 2012.
[15] Firewalls. MemeBridge. Retrieved 13 June 2014.
[16] Software Firewalls: Made of Straw? Part 1 of 2.
Symantec Connect Community. 2010-06-29. Retrieved
2014-03-28.
[17] Auto Sandboxing. Comodo Inc. Retrieved 2014-08-28.
[18] Advanced Security: Firewall. Microsoft. Retrieved
2014-08-28.
Chapter 15
Grey hat
The term "grey hat" or "gray hat" in Internet slang refers
to a computer hacker or computer security expert whose
ethical standards fall somewhere between purely altruistic
and purely malicious. The term began to be used in the
late 1990s, derived from the concepts of "white hat" and
"black hat" hackers.[1] When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not divulge its existence until it has been xed,
whereas the black hat will illegally exploit it and/or tell
others how to do so. The grey hat will neither illegally
exploit it, nor tell others how to do so. [2]
L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to
protect the vast number of users of its operating system.
[9]
Finally, Mike Nash, Director of Microsofts server
group, stated that grey hat hackers are much like technical
people in the independent software industry in that they
are valuable in giving us feedback to make our products
better. [10]
The phrase grey hat was used by the hacker group L0pht
in a 1999 interview with The New York Times[11] to describe their hacking activities.
15.1 History
77
78
15.2 Examples
In April 2000, hackers known as "{}" and Hardbeat
gained unauthorized access to Apache.org.[15] They chose
to alert Apache crew of the problems rather than try to
damage the Apache.org servers.[16]
In June 2010, a group of computer experts known
as Goatse Security exposed a aw in AT&T security
which allowed the e-mail addresses of iPad users to be
revealed.[17] The group revealed the security aw to the
media soon after notifying AT&T. Since then, the FBI
opened an investigation into the incident and raided the
house of weev, the groups most prominent member.[18]
15.5 References
In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were logging where the user
visits. Apple released a statement saying that the iPad
and iPhone were only logging the towers that the phone
could access. [19] There have been numerous articles on
the matter and it has been viewed as a minor security issue. This instance would be classied as grey hat because although the experts could have used this for malicious intent, the issue was reported. [20]
[1] De, Chu (2002). White Hat? Black Hat? Grey Hat?".
ddth.com. Jelsoft Enterprises. Retrieved 2015-02-19.
In August 2013 Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of
Mark Zuckerberg, Facebooks CEO, in order to force action to correct a bug he discovered which allowed him
to post to any users page without their consent. He had
tried repeatedly to inform Facebook of this bug only to
be told by Facebook that the issue was not a bug. After
this incident, Facebook corrected this vulnerability which
could have been a powerful weapon in the hands of professional spammers. Shreateh was not compensated by
Facebooks White Hat program because he violated their
policies making this a grey hat incident. [21]
[2] Regalado (et al.) (2015). Grey Hat Hacking: The Ethical
Hackers Handbook (4th ed.). New York: McGraw-Hill
Education. p. 18.
[3] Fuller, Johnray; Ha, John; Fox, Tammy (2003). Red Hat
Enterprise Linux 3 Security Guide. Product Documentation. Red Hat. Section (2.1.1). Retrieved 2015-02-16.
[5] Moore, Robert (2011). Cybercrime: investigating hightechnology computer crime (2nd ed.). Burlington, MA:
Anderson Publishing. p. 25.
[6] A E (2014). Grey Hat SEO 2014: The Most Eective and
Safest Techniques of 10 Web Developers. Secrets to Rank
High including the Fastest Penalty Recoveries. Research &
Co. ASIN B00H25O8RM.
[7] De, Chu (2002). White Hat? Black Hat? Grey Hat?".
ddth.com. Jelsoft Enterprises. Retrieved 2015-02-19.
[8] Def Con Communications Presents The Black Hat Briefings. blackhat.com. blackhat.com. 1996.
[9] Lange, Larry (15 July 1997). Microsoft Opens Dialogue
With NT Hackers. blackhat.com. blackhat.com. Retrieved 2015-03-31.
[10] Lange, Larry (22 September 1997). The Rise of the Underground Engineer. blackhat.com. blackhat.com. Retrieved 2015-03-31.
[11] HacK, CouNterHaCk. New York Times Magazine. 3
October 1999. Retrieved 6 January 2011.
[12] Digitalsec.net #Phrack High Council. 20 August 2002.
The greyhat-IS-whitehat List
[13] The thin gray line. CNET News. 23 September 2002.
Retrieved 6 January 2011.
[14] EFF.org Electronic Frontier Foundation (EFF). 20 August
2008. A 'Grey Hat' Guide
[15] Michelle Finley (2013-03-28).
Wired.com. Retrieved 2013-11-01.
Wired.com.
15.5. REFERENCES
79
Chapter 16
Hacker
16.3 People
16.3.1 Real
16.1 Technology
Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment
16.2 Entertainment
Hackers: Heroes of the Computer Revolution, 1984
book by Stephen Levy
16.3.2 Fictional
Hackers (anthology), a 1996 anthology of short stories edited by Jack Dann and Gardner Dozois
Hackers (lm), 1995 MGM lm starring Jonny Lee
Miller and Angelina Jolie
80
16.4 Other
Hacker Brewery, and its beer, since 1972 merged
into Hacker-Pschorr Brewery
Hacker-Craft, boats made by the Hacker Boat Company
Hacker Radio Ltd, a British manufacturer of consumer electronics products
81
Chapter 17
17.1 History
Further information: Timeline of computer security
hacker history
Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement that published the Technological Assistance Program (TAP) newsletter. TAP was a phone phreaking
newsletter that taught techniques for unauthorized exploration of the telephone network. Many people from the
phreaking community are also active in the hacking community even today, and vice versa.
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while
working for a security company which makes security
software. The term white hat in Internet slang refers
to an ethical hacker. This classication also includes individuals who perform penetration tests and vulnerability
assessments within a contractual agreement. The ECCouncil,[8] also known as the International Council of
Electronic Commerce Consultants, is one of those organizations that have developed certications, courseware,
classes, and online training covering the diverse arena of
ethical hacking.[7]
17.2 Classications
82
17.3. ATTACKS
break into secure networks to destroy, modify, or steal
data; or to make the network unusable for those who are
authorized to use the network. Black hat hackers are also
referred to as the crackers within the security industry
and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or the manufacturer for patches to
be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained
control over a system, they may apply patches or xes to
the system only to keep their reigning control. Richard
Stallman invented the denition to express the maliciousness of a criminal hacker versus a white hat hacker who
performs hacking duties to identify places to repair.[11]
17.2.3
Grey hat
83
17.2.8 Hacktivist
A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.
Hacktivism can be divided into two main groups:
Cyberterrorism Activities involving website defacement or denial-of-service attacks; and,
17.2.4
Elite hacker
17.2.5
Script kiddie
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using
automated tools written by others (usually by other black
hat hackers), hence the term script (i.e. a prearranged
plan or set of activities) kiddie (i.e. kid, childan individual lacking knowledge and experience, immature),[13]
usually with little understanding of the underlying concept.
17.2.6
Neophyte
17.3 Attacks
Main article: Computer security
A typical approach in an attack on Internet-connected
system is:
1. Network enumeration: Discovering information
about the intended target.
2. Vulnerability analysis: Identifying potential ways of
attack.
3. Exploitation: Attempting to compromise the system
by employing the vulnerabilities found through the
vulnerability analysis.[18]
A neophyte ("newbie", or noob) is someone who is new In order to do so, there are several recurring tools of the
to hacking or phreaking and has almost no knowledge or trade and techniques used by computer criminals and seexperience of the workings of technology and hacking.[10] curity experts.
84
17.3.1
Security exploits
thereby treated as a trusted system by a user or another program usually to fool programs, systems
or users into revealing condential information, such
as user names and passwords.
A security exploit is a prepared application that takes advantage of a known weakness.[19] Common examples of Rootkit A rootkit is a program that uses low-level, hardto-detect methods to subvert control of an operating
security exploits are SQL injection, cross-site scripting
system from its legitimate operators. Rootkits usuand cross-site request forgery which abuse security holes
ally obscure their installation and attempt to prevent
that may result from substandard programming practice.
their removal through a subversion of standard sysOther exploits would be able to be used through File
tem security. They may include replacements for
Transfer Protocol (FTP), Hypertext Transfer Protocol
system binaries, making it virtually impossible for
(HTTP), PHP, SSH, Telnet and some Web pages. These
them to be detected by checking process tables.
are very common in Web site and Web domain hacking.
17.3.2
Techniques
Intimidation As in the angry supervisor technique above, the hacker convinces the person who answers the phone
that their job is in danger unless they help
them. At this point, many people accept
that the hacker is a supervisor and give
them the information they seek.
85
use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used
for legitimate purposes, even to enhance computer
security. For example, a business may maintain a
keylogger on a computer used at a point of sale to
detect evidence of employee fraud.
Tools and Procedures
A thorough examination of hacker tools and
procedures may be found in Cengage Learnings E|CSA certication workbook.[20]
86
Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many
network security books and web sites. He is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
Gary McKinnon is a Scottish hacker facing
extradition to the United States to face criminal
charges. Many people in the UK have called on the
authorities to be lenient with McKinnon, who suffers from Asperger syndrome.[21]
Kevin Mitnick is a computer security consultant and
author, formerly the most wanted computer criminal
in United States history.[22]
DEF CON, HoHoCon (Christmas), ShmooCon (February), BlackHat, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE. Local Hackfest groups
organize and compete to develop their skills to send a
team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker
groups became popular in the early 1980s, providing access to hacking information and resources and a place
to learn from other members. Computer bulletin board
systems (BBSs), such as the Utopias, provided platforms
for information-sharing via dial-up modem. Hackers
could also gain credibility by being aliated with elite
groups.[24]
India
17.7.2 Netherlands
Article 138ab of Wetboek van Strafrecht prohibits
computervredebreuk, which is dened as intruding
an automated work or a part thereof with intention
and against the law. Intrusion is dened as access by
means of:
17.6 Customs
The computer underground[1] has produced its own specialized slang, such as 1337speak. Its members often
advocate freedom of information, strongly opposing the
principles of copyright, as well as the rights of free speech
and privacy. Writing software and performing other activities to support these views is referred to as hacktivism.
Some consider illegal cracking ethically justied for these
goals; a common form is website defacement. The computer underground is frequently compared to the Wild
West.[23] It is common for hackers to use aliases to conceal their identities.
17.6.1
By technical means
By the use of stolen usernames and passwords.
Maximum imprisonment is one year or a ne of the fourth
category.[25]
87
Hacker magazines
17.8.2
Hackers in ction
Books
The cyberpunk novels of William Gibson
especially the Sprawl trilogyare very popular
with hackers.[28]
Helba from the .hack manga and anime series
WarGames
Weird Science
The Fifth Estate
Who Am I No System Is Safe (lm)
88
17.10 References
[1] Sterling, Bruce (1993). Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN
1-4043-0641-2.
[2] Blomquist, Brian (May 29, 1999). FBIs Web Site
Socked as Hackers Target Feds. New York Post.
[3] The Hackers Dictionary. Retrieved 23 May 2013.
[4] Political notes from 2012: SeptemberDecember. stallman.org
[5] Raymond, Eric S. Jargon File: Cracker. Coined ca.
1985 by hackers in defense against journalistic misuse of
hacker
[6] Cliord, D. (2011). Cybercrime: The Investigation,
Prosecution and Defense of a Computer-Related Crime.
Durham, North Carolina: Carolina Academic Press.
ISBN 1594608539.
[7] Wilhelm, Douglas (2010). 2. Professional Penetration
Testing. Syngress Press. p. 503. ISBN 978-1-59749-4250.
[8] EC-Council. eccouncil.org
[10] Moore, Robert (2006). Cybercrime: Investigating HighTechnology Computer Crime (1st ed.). Cincinnati, Ohio:
Anderson Publishing. ISBN 978-1-59345-303-9.
[27] Hackers and Viruses: Questions and Answers. Scienzagiovane. University of Bologna. 12 November 2012.
Retrieved 21 February 2014.
[28] Staples, Brent (May 11, 2003). A Prince of Cyberpunk Fiction Moves Into the Mainstream. The New York
Times. Mr. Gibsons novels and short stories are worshiped by hackers
89
Chapter 18
Hacker (term)
Hacker is a term that is used to mean a variety of dierent
things in computing. Depending on the context, the term
can refer to a person in any one of several distinct (but
not completely disjoint) communities and subcultures:[1]
90
91
machine in a love-hate relationship... They're kids who
tended to be brilliant but not very interested in conventional goals[...] Its a term of derision and also the ultimate compliment.[9]
on security mechanisms of computer and network systems. While including those who endeavor to strengthen
such mechanisms, it is more often used by the mass media
and popular culture to refer to those who seek access despite these security measures. That is, the media portrays
the 'hacker' as a villain. Nevertheless, parts of the subculture see their aim in correcting security problems and
use the word in a positive sense. White hat is the name
given to ethical computer hackers, who utilize hacking in
a helpful way. White hats are becoming a necessary part
of the information security eld.[12] They operate under a
code, which acknowledges that breaking into other peoples computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is
still an interesting activity that can be done ethically and
legally. Accordingly, the term bears strong connotations
that are favorable or pejorative, depending on the context.
92
the 1980s. It is implicated with 2600: The Hacker Quarterly and the alt.2600 newsgroup.
In 1980, an article in the August issue of Psychology
Today (with commentary by Philip Zimbardo) used the
term hacker in its title: The Hacker Papers. It was
an excerpt from a Stanford Bulletin Board discussion
on the addictive nature of computer use. In the 1982
lm Tron, Kevin Flynn (Je Bridges) describes his intentions to break into ENCOMs computer system, saying I've been doing a little hacking here. CLU is the
software he uses for this. By 1983, hacking in the sense
of breaking computer security had already been in use
as computer jargon,[13] but there was no public awareness about such activities.[14] However, the release of the
lm WarGames that year, featuring a computer intrusion
into NORAD, raised the public belief that computer security hackers (especially teenagers) could be a threat to
national security. This concern became real when, in the
same year, a gang of teenage hackers in Milwaukee, Wisconsin, known as The 414s, broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, SloanKettering Cancer Center and Security Pacic Bank.[15]
The case quickly grew media attention,[15][16] and 17year-old Neal Patrick emerged as the spokesman for the
gang, including a cover story in Newsweek entitled Beware: Hackers at play, with Patricks photograph on the
cover.[17] The Newsweek article appears to be the rst use
of the word hacker by the mainstream media in the pejorative sense.
Pressured by media coverage, congressman Dan Glickman called for an investigation and began work on new
laws against computer hacking.[18][19] Neal Patrick testied before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and
six bills concerning computer crime were introduced in
the House that year.[19] As a result of these laws against
computer criminality, white hat, grey hat and black hat
hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral
conicts are expressed in The Mentor's "The Hacker
Manifesto", published 1986 in Phrack.
Use of the term hacker meaning computer criminal was
also advanced by the title Stalking the Wily Hacker,
an article by Cliord Stoll in the May 1988 issue of the
Communications of the ACM. Later that year, the release
by Robert Tappan Morris, Jr. of the so-called Morris
worm provoked the popular media to spread this usage.
The popularity of Stolls book The Cuckoos Egg, published one year later, further entrenched the term in the
publics consciousness.
93
from the everyday English sense to cut or shape by or as
if by crude or ruthless strokes [Merriam-Webster] and is
even used among users of the positive sense of hacker
who produces cool or neat hacks. In other words to
hack at an original creation, as if with an axe, is to forcet it into being usable for a task not intended by the original creator, and a hacker would be someone who does
this habitually. (The original creator and the hacker may
be the same person.) This usage is common in both programming, engineering and building. In programming,
hacking in this sense appears to be tolerated and seen as
a necessary compromise in many situations. Some argue
that it should not be, due to this negative meaning; others argue that some kludges can, for all their ugliness and
imperfection, still have hack value.
94
pose the lawmakers did not foresee. All of these uses now producing the strange, dis-harmonic digital tones that bealso have spread beyond MIT as well.
came part of the techno music style. Companies take
dierent attitudes towards such practices, ranging from
open acceptance (such as Texas Instruments for its graphing calculators and Lego for its Lego Mindstorms robotics
18.4 Home computer hackers
gear) to outright hostility (such as Microsoft's attempts to
lock out Xbox hackers or the DRM routines on Blu-ray
Main article: Hacker (hobbyist)
Disc players designed to sabotage compromised players.)
In yet another context, a hacker is a computer hobbyist
who pushes the limits of software or hardware. The home
computer hacking subculture relates to the hobbyist home
computing of the late 1970s, beginning with the availability of MITS Altair. An inuential organization was the
Homebrew Computer Club. However, its roots go back
further to amateur radio enthusiasts. The amateur radio
slang referred to creatively tinkering to improve performance as hacking already in the 1950s.[27]
A large overlaps between hobbyist hackers and the programmer subculture hackers existed during the Homebrew Clubs days, but the interests and values of both
communities somewhat diverged. Today, the hobbyists focus on commercial computer and video games,
software cracking and exceptional computer programming (demo scene). Also of interest to some members
of this group is the modication of computer hardware
and other electronic devices, see modding.
In this context, a hack refers to a program that (sometimes illegally) modies another program, often a video
game, giving the user access to features otherwise inaccessible to them. As an example of this use, for Palm
OS users (until the 4th iteration of this operating system), a hack refers to an extension of the operating system which provides additional functionality. Term also
refers to those people who cheat on video games using
special software. This can also refer to the jailbreaking
of iPhones.
18.6. FILMOGRAPHY
ing a back door into the system with the latter password.
He named his invention the "Trojan horse". Furthermore,
Thompson argued, the C compiler itself could be modied to automatically generate the rogue code, to make detecting the modication even harder. Because the compiler is itself a program generated from a compiler, the
Trojan horse could also be automatically installed in a
new compiler program, without any detectable modication to the source of the new compiler. However, Thompson disassociated himself strictly from the computer security hackers: I would like to criticize the press in its
handling of the 'hackers,' the 414 gang, the Dalton gang,
etc. The acts performed by these kids are vandalism at
best and probably trespass and theft at worst. ... I have
watched kids testifying before Congress. It is clear that
they are completely unaware of the seriousness of their
acts.[30]
The programmer subculture of hackers sees secondary
circumvention of security mechanisms as legitimate if it
is done to get practical barriers out of the way for doing
actual work. In special forms, that can even be an expression of playful cleverness.[31] However, the systematic and primary engagement in such activities is not one
of the actual interests of the programmer subculture of
hackers and it does not have signicance in its actual
activities, either.[29] A further dierence is that, historically, members of the programmer subculture of hackers were working at academic institutions and used the
computing environment there. In contrast, the prototypical computer security hacker had access exclusively to a
home computer and a modem. However since the mid1990s, with home computers that could run Unix-like operating systems and with inexpensive internet home access being available for the rst time, many people from
outside of the academic world started to take part in the
programmer subculture of hacking.
Since the mid-1980s, there are some overlaps in ideas
and members with the computer security hacking community. The most prominent case is Robert T. Morris, who was a user of MIT-AI, yet wrote the Morris
worm. The Jargon File hence calls him a true hacker
who blundered.[32] Nevertheless, members of the programmer subculture have a tendency to look down on and
disassociate from these overlaps. They commonly refer
disparagingly to people in the computer security subculture as crackers, and refuse to accept any denition of
hacker that encompasses such activities. The computer
security hacking subculture on the other hand tends not
to distinguish between the two subcultures as harshly, instead acknowledging that they have much in common including many members, political and social goals, and a
love of learning about technology. They restrict the use
of the term cracker to their categories of script kiddies
and black hat hackers instead.
All three subcultures have relations to hardware modications. In the early days of network hacking, phreaks
were building blue boxes and various variants. The pro-
95
grammer subculture of hackers has stories about several hardware hacks in its folklore, such as a mysterious
'magic' switch attached to a PDP-10 computer in MITs
AI lab, that, when turned o, crashed the computer.[33]
The early hobbyist hackers built their home computers
themselves, from construction kits. However, all these
activities have died out during the 1980s, when the phone
network switched to digitally controlled switchboards,
causing network hacking to shift to dialing remote computers with modems, when pre-assembled inexpensive
home computers were available, and when academic institutions started to give individual mass-produced workstation computers to scientists instead of using a central
timesharing system. The only kind of widespread hardware modication nowadays is case modding.
An encounter of the programmer and the computer security hacker subculture occurred at the end of the 1980s,
when a group of computer security hackers, sympathizing with the Chaos Computer Club (who disclaimed any
knowledge in these activities), broke into computers of
American military organizations and academic institutions. They sold data from these machines to the Soviet
secret service, one of them in order to fund his drug addiction. The case could be solved when Cliord Stoll, a
scientist working as a system administrator, found ways
to log the attacks and to trace them back (with the help of
many others). 23, a German lm adaption with ctional
elements, shows the events from the attackers perspective. Stoll described the case in his book The Cuckoos
Egg and in the TV documentary The KGB, the Computer,
and Me from the other perspective. According to Eric
S. Raymond, it nicely illustrates the dierence between
'hacker' and 'cracker'. Stolls portrait of himself, his lady
Martha, and his friends at Berkeley and on the Internet
paints a marvelously vivid picture of how hackers and the
people around them like to live and how they think.[34]
18.6 Filmography
WarGames (1983)
Sneakers (1992)
The Net (1995)
Hackers (1995)
Pirates of Silicon Valley (1999)
Track Down (2000)
Swordsh (2001)
Antitrust (2001)
The Social Network (2010)
Blackhat (2015)
96
18.8 References
[1] Lwgren, Jonas (February 23, 2000). Hacker culture(s):
Origins. Retrieved 2008-10-18.
[2] Raymond, Eric (25 August 2000). The Early Hackers.
A Brief History of Hackerdom. Thyrsus Enterprises. Retrieved 6 December 2008.
Hacks.mit.edu.
Retrieved
18.9.1
Computer security
97
18.9.2
Chapter 19
Hacker group
Hacker groups began to ourish in the early 1980s, with
the advent of the home computer. Prior to that, the term
hacker was simply a referral to any computer hobbyist.
The hacker groups were out to make names for themselves, and were often spurred on by their own press.
This was a heyday of hacking, at a time before there was
much law against computer crime. Hacker groups provided access to information and resources, and a place
to learn from other members.[1] Hackers could also gain
credibility by being aliated with an elite group.[1] The
names of hacker groups parody large corporations, governments, police and criminals;[2] and often used specialized orthography.[2]
19.2 References
[1] Thomas, Douglas (2003). Hacker Culture. University of
Minnesota Press. p. 90. ISBN 978-0-8166-3346-3.
[2] Sterling, Bruce (1993). Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN
1-4043-0641-2.
98
Chapter 20
Hacker Manifesto
The Conscience of a Hacker (also known as The Hacker
Manifesto) is a small essay written January 8, 1986
by a computer security hacker who went by the handle (or pseudonym) of The Mentor (born Loyd Blankenship), who belonged to the 2nd generation of Legion of
Doom.[1]
Considered a cornerstone of hacker culture,[4] The Manifesto acts as a guideline to hackers across the globe, especially those new to the eld. It serves as an ethical foundation for hacking, and asserts that there is a point to hacking that supersedes selsh desires to exploit or harm other
people, and that technology should be used to expand our
horizons and try to keep the world free.
A poster of the Hacker Manifesto is displayed in The Social Network in Mark Zuckerbergs dorm room.
Phrack
I was going through hacking withdrawal,
and Craig/Knight Lightning needed something
for an upcoming issue of Phrack. I was reading The Moon is a Harsh Mistress and was very
taken with the idea of revolution.[1]
20.3 Related
The Hacker Ethic
20.4 References
I was just in a computer I shouldnt have
been. And [had] a great deal of empathy for
my friends around the nation that were also in
the same situation. This was post-WarGames,
the movie, so pretty much the only public perception of hackers at that time was hey, were
going to start a nuclear war, or play tic-tac-toe,
one of the two, and so I decided I would try to
write what I really felt was the essence of what
we were doing and why we were doing it.[5][6]
99
100
Chapter 21
Hacking tool
A hacking tool is a program designed to assist with 21.3 Hacking Linux
hacking, or a piece of software which can be used for
hacking purposes.
Although not much is said about threats to the Linux sysExamples include Nmap, Nessus, John the Ripper, p0f, tem, they do exist and could increase in the future. One
and Winzapper.[1] Bribes have also been described as of the biggest threats to the Linux system is given by the
among the most potent hacking tools, due to their po- so-called Rootkits. These are programs that have special
tential exploitation in social engineering attacks.[2] Occa- privileges and are able to hide to the system administrasionally, common software such as ActiveX is exploited tor.
as a hacking tool as well.[3][4]
One way to counteract rootkits is by Tiger (security softHacking tools such as Cain and Abel, however, are well ware) program. This is a set of scripts that allow us to
known as Script Kiddie Tools. Script kiddies are people monitor whether a program on your computer privileges
who follow instructions from a manual, without realis- has changed recently.
ing how it happens. These Script Kiddies have been an
enormous threat to computer security as there are many
hacking tools and keyloggers up for download which are 21.4 References
free.
[1] Top 15 Security/Hacking Tools and Utilities, July 23,
2007.
[2] New hacking tool: chocolate, Munir Kotadia, Zdnet, Apr.
20, 2004.
21.1 Worms
Chapter 22
Keystroke logging
22.1 Application
22.1.1
Software-based keyloggers
22.1. APPLICATION
keyboard events.[3] A more recent example
simply polls the BIOS for pre-boot authentication PINs that have not been cleared from
memory.[4]
Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the
web browsing on submit events. These happen when
the user nishes lling in a form and submits it
usually by clicking a button or hitting enter. This
records form data before it is passed over the Internet.
Memory injection based: Memory Injection
(MitB)-based keyloggers alter memory tables associated with the browser and other system functions
to perform their logging functions. By patching the
memory tables or injecting directly into memory,
this technique can be used by malware authors who
are looking to bypass Windows UAC (User Account
Control). The Zeus and Spyeye Trojans use this
method exclusively.[5] Non-Windows systems have
analogous protection mechanisms that need to be
thwarted somehow by the keylogger.
Packet analyzers: This involves capturing network
trac associated with HTTP POST events to retrieve unencrypted passwords. This is made more
dicult when connecting via HTTPS, which is one
of the reasons HTTPS was invented.
Remote access software keyloggers
These are local software keyloggers with an
added feature that allows access to the locally
recorded data from a remote location. Remote
communication may be achieved using one of
these methods:
Data is uploaded to a website, database
or an FTP server.
Data is periodically emailed to a predened email address.
Data is wirelessly transmitted by means
of an attached hardware system.
The software enables a remote login to
the local machine from the Internet or the
local network, for data logs stored on the
target machine to be accessed.
Most of these aren't stopped by HTTPS encryption because that only protects data in transit between computers; this is a threat in your own computer - the one connected to the keyboard.
103
of writing activities,[8] including Inputlog, Scriptlog, and
Translog.
In terms of legitimate uses, Keystroke logging can be a
suitable research instrument in a number of writing contexts. These include studies on cognitive writing processes, description of writing strategies, the writing development of children with and without writing diculties, spelling, rst and second language writing, and
specialist skill areas such as translation and subtitling.
Keystroke logging be used in research specically on
writing, it can also be integrated in educational domains
for second language learning, programming skills, and
typing skills.
Related features
Software keyloggers may be augmented with features that
capture user information without relying on keyboard key
presses as the sole input. Some of these features include:
Clipboard logging. Anything that has been copied
to the clipboard can be captured by the program.
Screen logging. Screenshots are taken in order to
capture graphics-based information. Applications
with screen logging abilities may take screenshots
of the whole screen, just one application or even
just around the mouse cursor. They may take these
screenshots periodically or in response to user behaviours (for example, when a user has clicked the
mouse). A practical application used by some keyloggers with this screen logging ability is to take
small screenshots around where a mouse has just
clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen
keyboard without screenshot protection.
Programmatically capturing the text in a control.
The Microsoft Windows API allows programs to
request the text 'value' in some controls. This
means that some passwords may be captured, even
if they are hidden behind password masks (usually
asterisks).[9]
The recording of every program/folder/window
opened including a screenshot of each and every
website visited, also including a screenshot of each.
The recording of search engines queries, instant
messenger conversations, FTP downloads and other
Internet-based activities (including the bandwidth
used).
104
A hardware-based keylogger.
Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a
computer system.
Firmware-based: BIOS-level rmware that handles
keyboard events can be modied to record these
events as they are processed. Physical and/or rootlevel access is required to the machine, and the software loaded into the BIOS needs to be created for
the specic hardware that it will be running on.[10]
Keyboard hardware: Hardware keyloggers are used
for keystroke logging by means of a hardware circuit
that is attached somewhere in between the computer
keyboard and the computer, typically inline with the
keyboards cable connector. There are also USB
connectors based Hardware keyloggers as well as
ones for Laptop computers (the Mini-PCI card plugs
into the expansion slot of a laptop). More stealthy
implementations can be installed or built into standard keyboards, so that no device is visible on the
external cable. Both types log all keyboard activity to their internal memory, which can be subsequently accessed, for example, by typing in a secret
22.3. CRACKING
105
an approach that can be used to capture passwords As of 2013, Russian special services still use
or PINs. A strategically placed camera, such as typewriters.[29][31][32]
a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being
entered.[18][19]
22.3 Cracking
Physical evidence: For a keypad that is used only
to enter a security code, the keys which are in actual use will have evidence of use from many ngerprints. A passcode of four digits, if the four digits in question are known, is reduced from 10,000
possibilities to just 24 possibilities (104 versus 4!
(factorial of 4)). These could then be used on separate occasions for a manual brute force attack.
106
Also, keylogger program authors may be able to up- but it could potentially defeat hook- and API-based keydate the code to adapt to countermeasures that may have loggers.
proven to be eective against them.
22.4.1
Anti keyloggers
22.4.3
22.4.8
On-screen keyboards
107
Most on-screen keyboards (such as the on-screen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to
type text. Software key loggers can log these typed characters sent from one program to another.[38] Additionally, keylogging software can take screenshots of what is
displayed on the screen (periodically, and/or upon each 22.4.13 Non-technological methods
mouse click), which means that although certainly a useful security measure, an on-screen keyboard will not pro- Alternating between typing the login credentials and typtect from all keyloggers.
ing characters somewhere else in the focus window[40]
can cause a keylogger to record more information than
they need to, although this could easily be ltered out by
an attacker. Similarly, a user can move their cursor using
22.4.9 Keystroke interference software
the mouse during typing, causing the logged keystrokes
[39]
to be in the wrong order e.g., by typing a password beKeystroke interference software is also available.
These programs attempt to trick keyloggers by introduc- ginning with the last letter and then using the mouse to
ing random keystrokes, although this simply results in move the cursor for each subsequent letter. Lastly, somethe keylogger recording more information than it needs one can also use context menus to remove, cut, copy, and
to. An attacker has the task of extracting the keystrokes paste parts of the typed text without using the keyboard.
of interestthe security of this mechanism, specically An attacker who is able to capture only parts of a password will have a smaller key space to attack if he chose
how well it stands up to cryptanalysis, is unclear.
to execute a brute-force attack.
22.4.10
Speech recognition
Another very similar technique uses the fact that any selected text portion is replaced by the next key typed. e.g.,
if the password is secret, one could type s, then some
dummy keys asdfsd. Then, these dummies could be selected with the mouse, and the next character from the
password e is typed, which replaces the dummies asdfsd.
Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since
there are no typing or mouse movements involved. The
weakest point of using voice-recognition software may be
how the software sends the recognized text to target soft- These techniques assume incorrectly that keystroke logware after the recognition took place.
ging software cannot directly monitor the clipboard, the
selected text in a form, or take a screenshot every time a
keystroke or mouse click occurs. They may however be
22.4.11 Handwriting recognition and eective against some hardware keyloggers.
mouse gestures
Also, many PDAs and lately tablet PCs can already
convert pen (also called stylus) movements on their
touchscreens to computer understandable text successfully. Mouse gestures use this principle by using mouse
movements instead of a stylus. Mouse gesture programs
convert these strokes to user-denable actions, such as
typing text. Similarly, graphics tablets and light pens can
be used to input these gestures, however these are less
common everyday.
The same potential weakness of speech recognition applies to this technique as well.
108
Spyware
Trojan horse
Virtual keyboard
22.6 References
[1] Keylogger. Oxford dictionaries.
[2] What is a Keylogger?". PC Tools.
[13] Jeremy Kirk (2008-12-16). Tampered Credit Card Terminals. IDG News Service. Retrieved 2009-04-19.
[14] Andrew Kelly (2010-09-10). Cracking Passwords using
Keyboard Acoustics and Language Modeling (PDF).
[15] Sarah Young (14 September 2005). Researchers recover typed text using audio recording of keystrokes. UC
Berkeley NewsCenter.
[16] Remote monitoring uncovered by American techno activists. ZDNet. 2000-10-26. Retrieved 2008-09-23.
[17] Martin Vuagnoux and Sylvain Pasini (2009-06-01).
Compromising Electromagnetic Emanations of Wired
and Wireless Keyboards. Lausanne: Security and Cryptography Laboratory (LASEC).
[18] ATM camera. snopes.com. Retrieved 2009-04-19.
109
Chapter 23
110
23.3. REFERENCES
111
[16] Elinor Mills (June 23, 2009). Q&A: Mark Abene, from
'Phiber Optik' to security guru. CNET Networks. Retrieved June 28, 2009.
[17] American owns up to hijacking PCs. BBC News. January 24, 2006. Retrieved June 22, 2009.
23.3 References
[1] Bruce Sterling (1993). The Hacker CrackdownLaw and
Disorder on the Electronic Frontier (January 1994 ed.).
Project Gutenberg. p. 336. ISBN 0-553-56370-X.
[2] Paul Taylor. Hackers: Crime in the Digital Sublime
(November 3, 1999 ed.). Routledge; 1 edition. p. 200.
ISBN 0-415-18072-4.
[3] Steve Mizrach (2009). The electronic discourse of the
computer underground. Florida International University.
Retrieved May 10, 2009. Gordon Meyer, a sociologist
who has since left academia but continues to be involved
in the computer industry (and to publish the Computer
Underground Digest), wrote in his seminal paper The Social Organization of the Computer Underground that the
computer underground consists of actors in three roles
computer hackers, phone phreaks, and software pirates.
[4] Interview with Chris Davis. Public Broadcasting Service. 2001. Retrieved May 9, 2009.
[5] Brian Blomquist (May 29, 1999). FBI'S web site socked
as hackers target feds. New York Post. Retrieved May
8, 2009.
[26] Tony Long (February 7, 2007). February 7, 2000: Maaboys Moment. Wired. Retrieved May 23, 2009.
[27] Maaboy given eight months. The Register. September
13, 2001. Retrieved May 23, 2009.
[28] FBI Facts and Figure 2003. Federal Bureau of Investigation. April 2003. Archived from the original on March
26, 2007. Retrieved March 27, 2007.
[29] Chad Davis, Global Hell Hacker, Sentenced to Six
Months in Prison, Three Years Probation., For Air Force
Network Hacks. United States Department of Justice.
March 1, 2000. Retrieved May 11, 2009.
[30] Hack to the future. Melbourne: The Age. May 25,
2003. Retrieved August 23, 2008.
[31] John Leyden (July 6, 2001). "Bill Gates hacker escapes
jail. The Register. Retrieved September 11, 2008.
[13] Crazy-Long Hacker Sentence Upheld. Wired (magazine). July 11, 2006. Retrieved January 22, 2012.
[33] Poulsen, Kevin (April 6, 2007). Court Okays CounterHack of eBay Hackers Computer. Wired News. Retrieved April 21, 2010.
112
Chapter 24
Phreaking
This article is about the manipulation of telephone call to nd secret documents. They snuck into telephone
routing. For the use of telephone technology to steal company buildings at night and wired up their own teleinformation, see Phone hacking.
phones. They built clever little electronic devices called
blue boxes, black boxes, and red boxes to help them explore the network and make free phone calls. They hung
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, out on early conference call circuits and loop arounds
to communicate with one another. They wrote their own
or explore telecommunication systems, such as equipment and systems connected to public telephone net- newsletters to spread information.
works. The term phreak is a portmanteau of the words
phone and freak, and may also refer to the use of various
audio frequencies to manipulate a phone system. Phreak,
phreaker, or phone phreak are names used for and by individuals who participate in phreaking.
Prior to 1984, long-distance telephone calls were a premium item, with archaic regulations. In some locations,
calling across the street counted as long distance.[2] To report that a phone call was long distance meant an elevated
importance universally accepted as, the calling party is
The term rst referred to groups who had reverse engi- paying by the minute to speak to the called party; transneered the system of tones used to route long-distance act business quickly.
calls. By re-creating these tones, phreaks could switch Phreaking consisted of techniques to evade the longcalls from the phone handset, allowing free calls to be distance charges. This evasion was illegal; the crime was
made around the world. To ease the creation of these called toll fraud.[3]
tones, electronic tone generators known as blue boxes became a staple of the phreaker community, including future Apple Inc. cofounders Steve Jobs and Steve Woz- 24.1.1 Switch hook and tone dialer
niak.
The blue box era came to an end with the ever increasing Possibly one of the rst phreaking methods was switchuse of computerized phone systems which sent dialling hooking. It allows placing calls from a phone where the
information on a separate, inaccessible channel. By the rotary dial or keypad has been disabled by a key lock
1980s, much of the system in the US and Western Europe or other means to prevent unauthorized calls from that
had been converted. Phreaking has since become closely phone. It is done by rapidly pressing and releasing the
linked with computer hacking.[1] This is sometimes called switch hook to open and close the subscriber circuit, simthe H/P culture (with H standing for hacking and P stand- ulating the pulses generated by the rotary dial. Even
most current telephone exchanges support this method, as
ing for phreaking).
they need to be backward compatible with old subscriber
hardware.[4]
24.1 History
Phone phreaking got its start in the late 1950s in the
United States. Its golden age was the late 1960s and early
1970s. Phone phreaks spent a lot of time dialing around
the telephone network to understand how the phone system worked. They listened to the pattern of tones to gure out how calls were routed. They read obscure telephone company technical journals. They learned how to
impersonate operators and other telephone company personnel. They dug through telephone company trash bins
113
114
24.1.3
Multi frequency
24.1. HISTORY
A controversially suppressed article How to Build a
'Phone Phreaks box in Ramparts Magazine (June,
1972) touched o a restorm of interest in phreaking.
This article published simple schematic plans of a black
box used to make free long-distance phone calls, and included a very short parts list that could be used to construct one. Bell sued Ramparts, forcing the magazine
to pull all copies from shelves, but not before numerous
copies were sold and many regular subscribers received
them.
24.1.5
Computer hacking
115
116
pick up another phone line, call their answering service,
and bridge the two lines together. This gave the appearance to the caller that they were directly forwarded to the
companys answering service. The switching equipment
would typically reset the line after the call had hung up
and timed out back to dial tone, so the caller could simply wait after the answering service had disconnected, and
would eventually get a usable dial tone from the second
line. Phreakers recognized the opportunity this provided,
and they would spend hours manually dialing businesses
after hours, attempting to identify faulty diverters. Once
a phreaker had access to one of these lines, he could use
it for one of many purposes. In addition to completing
phone calls anywhere in the world at the businesses expense, they could also dial 1-900 phone sex/entertainment
numbers, as well as use the phone line to harass their enemies without fear of being traced. Victimized small businesses were usually required to foot the bill for the long
distance calls, as it was their own private equipment (not
phone company security aws) that allowed such fraud
to occur. By 1993, call forwarding was oered to nearly
every business line subscriber, making these diverters obsolete. As a result, hackers stopped searching for the few
remaining ones, and this method of toll fraud died.
117
ing lines which phreaks could not access. This system is
known as Common Channel Interoce Signaling. Classic phreaking with the 2600 Hz tone continued to work
in more remote locations into the 1980s, but was of little
use in North America by the 1990s.
The last 2600 Hz-controlled trunk in the continental
United States was operated by the independent Northern
Telephone Company with an N2 Carrier system serving
Wawina, Minnesota until June 15, 2006, when it was
replaced by T1 carrier.[19] The last 2600 Hz-controlled
trunks in North America were located in Livengood,
Alaska, survived another 5 years, and were nally retired
in March 2011.[20]
In fact, Bell responded fairly quickly, but in a more targeted fashion. Looking on local records for inordinately
long calls to directory service or other hints that phreakers were using a particular switch, lters could then be in- [8]
stalled to block eorts at that end oce. Many phreakers
were forced to use pay telephones as the telephone company technicians regularly tracked long-distance toll free
calls in an elaborate cat-and-mouse game. AT&T instead [9]
turned to the law for help, and a number of phreaks were
caught by the government.
[10]
118
[13] ""Secrets of the Little Blue Box": The 1971 article about
phone hacking that inspired Steve Jobs.. Archived from
the original on 2011-11-03. Retrieved 2011-10-12.
[14] Welcome to Woz.org. Retrieved 2008-06-21.
[15] Youth International Party Line (YIPL) / Technological
American Party (TAP), New York FBI les 100-NY179649 and 117-NY-2905 (3.2 Mbytes). (PDF). Retrieved 2013-11-30.
[16] Cheshires Book - TAP.HTML. Retrieved 2008-06-21.
[17] W32.Bugbear.B Worm Identied As Targeting Banks
| Scoop News. Scoop.co.nz. 2003-06-09. Retrieved
2014-07-24.
[18] Angela Moscaritolo (2011-03-18). AT&T sues two over
scheme to steal customer data. SC Magazine. Retrieved
2014-07-24.
[19] Telephone World - Sounds & Recordings from Wawina,
MN. Phworld.org. Retrieved 2013-11-30.
[20] The death of Livengood - Old Skool Phreaking - Binary
Revolution Forums. Binrev.com. Retrieved 2013-11-30.
Chapter 25
Rootkit
A rootkit is a stealthy type of software, typically
malicious, designed to hide the existence of certain processes or programs from normal methods of detection
and enable continued privileged access to a computer.[1]
The term rootkit is a concatenation of root (the traditional name of the privileged account on Unix operating
systems) and the word kit (which refers to the software components that implement the tool). The term
rootkit has negative connotations through its association with malware.[1]
using tools such as Tripwire that had not been compromised to access the same information.[4][5] Lane Davis
and Steven Dake wrote the earliest known rootkit in 1990
for Sun Microsystems' SunOS UNIX operating system.[6]
In the lecture he gave upon receiving the Turing award in
1983, Ken Thompson of Bell Labs, one of the creators
of Unix, theorized about subverting the C compiler in a
Unix distribution and discussed the exploit. The modied compiler would detect attempts to compile the Unix
login command and generate altered code that would accept not only the users correct password, but an additional "backdoor" password known to the attacker. Additionally, the compiler would detect attempts to compile a new version of the compiler, and would insert the
same exploits into the new compiler. A review of the
source code for the login command or the updated compiler would not reveal any malicious code.[7] This exploit
was equivalent to a rootkit.
25.1 History
The term rootkit or root kit originally referred to a maliciously modied set of administrative tools for a Unixlike operating system that granted "root" access.[3] If an
intruder could replace the standard administrative tools
on a system with a rootkit, the intruder could obtain root
access over the system whilst simultaneously concealing
these activities from the legitimate system administrator.
These rst-generation rootkits were trivial to detect by
119
120
25.2 Uses
Modern rootkits do not elevate access,[3] but rather are
used to make another software payload undetectable by
adding stealth capabilities.[8] Most rootkits are classied
as malware, because the payloads they are bundled with
are malicious. For example, a payload might covertly
steal user passwords, credit card information, computing resources, or conduct other unauthorized activities. A
small number of rootkits may be considered utility applications by their users: for example, a rootkit might cloak
a CD-ROM-emulation driver, allowing video game users
to defeat anti-piracy measures that require insertion of the
original installation media into a physical optical drive
to verify that the software was legitimately purchased,
which can be very inconvenient even to those who did
legitimately purchase it.
25.3. TYPES
121
User-Mode
25.3 Types
Further information: Ring (computer security)
There are at least ve types of rootkit, ranging from those
at the lowest level in rmware (with the highest privileges), through to the least privileged user-based variants
that operate in Ring 3. Hybrid combinations of these
may occur spanning, for example, user mode and kernel
mode.[24]
25.3.1
Interception of messages.
Debuggers.
Exploitation of security vulnerabilities.
Function hooking or patching of commonly used
APIs, for example, to hide a running process or le
that resides on a lesystem.[26]
...since user mode applications all run in
their own memory space, the rootkit needs to
perform this patching in the memory space
of every running application. In addition, the
rootkit needs to monitor the system for any
new applications that execute and patch those
programs memory space before they fully
execute.
Windows Rootkit Overview, Symantec[3]
User mode
User-mode rootkits run in Ring 3, along with other applications as user, rather than low-level system processes.[25]
They have a number of possible installation vectors to
intercept and modify the standard behavior of application programming interfaces (APIs). Some inject a
dynamically linked library (such as a .DLL le on Windows, or a .dylib le on Mac OS X) into other processes,
and are thereby able to execute inside any target process
to spoof it; others with sucient privileges simply overwrite the memory of a target application. Injection mechanisms include:[25]
Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system, including both the
kernel and associated device drivers. Most operating systems support kernel-mode device drivers, which execute
with the same privileges as the operating system itself.
As such, many kernel-mode rootkits are developed as device drivers or loadable modules, such as loadable kernel modules in Linux or device drivers in Microsoft Windows. This class of rootkit has unrestricted security access, but is more dicult to write.[27] The complexity
Use of vendor-supplied application extensions. For makes bugs common, and any bugs in code operating
example, Windows Explorer has public interfaces at the kernel level may seriously impact system stabilthat allow third parties to extend its functionality.
ity, leading to discovery of the rootkit.[27] One of the rst
122
widely known kernel rootkits was developed for Windows The only known defenses against bootkit attacks are
NT 4.0 and released in Phrack magazine in 1999 by Greg the prevention of unauthorized physical access to the
Hoglund.[28][29][30]
systema problem for portable computersor the use
Platform Module congured to protect the
Kernel rootkits can be especially dicult to detect and of a Trusted
[45]
boot
path.
remove because they operate at the same security level as
the operating system itself, and are thus able to intercept
or subvert the most trusted operating system operations.
Any software, such as antivirus software, running on the 25.3.3 Hypervisor level
compromised system is equally vulnerable.[31] In this sitRootkits have been created as Type II Hypervisors in
uation, no part of the system can be trusted.
academia as proofs of concept. By exploiting hardware
A rootkit can modify data structures in the Windows ker- virtualization features such as Intel VT or AMD-V, this
nel using a method known as direct kernel object manip- type of rootkit runs in Ring 1 and hosts the target opulation (DKOM).[32] This method can be used to hide erating system as a virtual machine, thereby enabling the
processes. A kernel mode rootkit can also hook the rootkit to intercept hardware calls made by the original
System Service Descriptor Table (SSDT), or modify the operating system.[5] Unlike normal hypervisors, they do
gates between user mode and kernel mode, in order to not have to load before the operating system, but can load
cloak itself.[3] Similarly for the Linux operating system, into an operating system before promoting it into a vira rootkit can modify the system call table to subvert ker- tual machine.[5] A hypervisor rootkit does not have to
nel functionality.[33] Its common that a rootkit creates a make any modications to the kernel of the target to subhidden, encrypted lesystem in which it can hide other vert it; however, that does not mean that it cannot be demalware or original copies of les it has infected.[34]
tected by the guest operating system. For example, timOperating systems are evolving to counter the threat of ing dierences may be detectable in CPU instructions.[5]
kernel-mode rootkits. For example, 64-bit editions of The SubVirt laboratory rootkit, developed jointly by
Microsoft Windows now implement mandatory signing Microsoft and University of Michigan researchers, is an
of all kernel-level drivers in order to make it more dicult academic example of a virtual machinebased rootkit
for untrusted code to execute with the highest privileges (VMBR),[46] while Blue Pill is another.
in a system.[35]
In 2009, researchers from Microsoft and North Carolina
Bootkits
A kernel-mode rootkit variant called a bootkit can infect startup code like the Master Boot Record (MBR),
Volume Boot Record (VBR) or boot sector, and in this
way, can be used to attack full disk encryption systems.
An example is the Evil Maid Attack, in which an attacker installs a bootkit on an unattended computer, replacing the legitimate boot loader with one under his control. Typically the malware loader persists through the
transition to protected mode when the kernel has loaded,
and is thus able to subvert the kernel.[36][37][38][39] For
example, the Stoned Bootkit subverts the system by
using a compromised boot loader to intercept encryption keys and passwords.[40] More recently, the Alureon
rootkit has successfully subverted the requirement for 64bit kernel-mode driver signing in Windows 7 by modifying the master boot record.[41] Although not malware in
the sense of doing something the user doesn't want, certain Vista Loader or Windows Loader software works
in a similar way by injecting an ACPI SLIC (System Licensed Internal Code) table in the RAM-cached version
of the BIOS during boot, in order to defeat the Windows
Vista and Windows 7 activation process.[42][43] This vector of attack was rendered useless in the (non-server)
versions of Windows 8, which use a unique, machinespecic key for each system, that can only be used by that
one machine.[44]
State University demonstrated a hypervisor-layer antirootkit called Hooksafe, which provides generic protection against kernel-mode rootkits.[47]
25.5. DETECTION
implements out-of-band management, giving administrators remote administration, remote management, and
remote control of PCs with no involvement of the host
processor or BIOS, even when the system is powered o.
Remote administration includes remote power-up and
power-down, remote reset, redirected boot, console redirection, pre-boot access to BIOS settings, programmable
ltering for inbound and outbound network trac, agent
presence checking, out-of-band policy-based alerting, access to system information, such as hardware asset information, persistent event logs, and other information that
is stored in dedicated memory (not on the hard drive)
where it is accessible even if the OS is down or the PC is
powered o. Some of these functions require the deepest level of rootkit, a second non-removable spy computer
built around the main computer. Sandy Bridge and future
chipsets have the ability to remotely kill and restore a lost
or stolen PC via 3G. Hardware rootkits built into the
chipset can help recover stolen computers, remove data,
or render them useless, but they also present privacy and
security concerns of undetectable spying and redirection
by management or hackers who might gain control.
123
a rootkit to disable the event logging capacity of an operating system, in an attempt to hide evidence of an attack. Rootkits can, in theory, subvert any operating system activities.[59] The perfect rootkit can be thought of
as similar to a "perfect crime": one that nobody realizes
has taken place.
Rootkits also take a number of measures to ensure their
survival against detection and cleaning by antivirus software in addition to commonly installing into Ring 0
(kernel-mode), where they have complete access to a system. These include polymorphism, stealth techniques, regeneration, and disabling anti-malware software.[60]
25.5 Detection
The fundamental problem with rootkit detection is that if
the operating system has been subverted, particularly by
a kernel-level rootkit, it cannot be trusted to nd unauthorized modications to itself or its components.[59] Actions
such as requesting a list of running processes, or a list of
les in a directory, cannot be trusted to behave as expected. In other words, rootkit detectors that work while
running on infected systems are only eective against
rootkits that have some defect in their camouage, or that
run with lower user-mode privileges than the detection
software in the kernel.[27] As with computer viruses, the
detection and elimination of rootkits is an ongoing struggle between both sides of this conict.[59]
Detection can take a number of dierent approaches,
including signatures (e.g. antivirus software), integrity
checking (e.g. digital signatures), dierence-based detection (comparison of expected vs. actual results), and
behavioral detection (e.g. monitoring CPU usage or network trac). For kernel-mode rootkits, detection is considerably more complex, requiring careful scrutiny of the
System Call Table to look for hooked functions where the
malware may be subverting system behavior,[61] as well
as forensic scanning of memory for patterns that indicate
hidden processes.
Unix rootkit detection oerings include Zeppoo,[62]
chkrootkit, rkhunter and OSSEC. For Windows,
detection tools include Microsoft Sysinternals
RootkitRevealer,[63] Avast! Antivirus, Sophos AntiRootkit,[64] F-Secure,[65] Radix,[66] GMER,[67] and
WindowsSCOPE. Any rootkit detectors that prove effective ultimately contribute to their own ineectiveness,
as malware authors adapt and test their code to escape
detection by well-used tools.[Notes 1]
Detection by examining storage while the suspect operating system is not operational can miss rootkits not recognised by the checking software, as the rootkit is not active
and suspicious behavior is suppressed; conventional antimalware software running with the rootkit operational
may fail if the rootkit hides itself eectively.
124
25.5.1
A rootkit may detect the presence of a such dierencebased scanner or virtual machine (the latter being commonly used to perform forensic analysis), and adjust
its behaviour so that no dierences can be detected.
Dierence-based detection was used by Russinovich's
RootkitRevealer tool to nd the Sony DRM rootkit.[1]
The best and most reliable method for operating-systemlevel rootkit detection is to shut down the computer suspected of infection, and then to check its storage by
booting from an alternative trusted medium (e.g. a rescue
CD-ROM or USB ash drive).[68] The technique is eective because a rootkit cannot actively hide its presence if
25.5.5
it is not running.
25.5.2
Integrity checking
Behavioral-based
The behavioral-based approach to detecting rootkits attempts to infer the presence of a rootkit by looking for
rootkit-like behavior. For example, by proling a system,
dierences in the timing and frequency of API calls or in
overall CPU utilization can be attributed to a rootkit. The
method is complex and is hampered by a high incidence
of false positives. Defective rootkits can sometimes introduce very obvious changes to a system: the Alureon
rootkit crashed Windows systems after a security update
exposed a design aw in its code.[69][70]
Logs from a packet analyzer, rewall, or intrusion prevention system may present evidence of rootkit behaviour in
a networked environment.[24]
25.5.3
Signature-based
25.5.4
Dierence-based
125
to be copied oor, alternatively, a forensic examination performed.[24] Lightweight operating systems such
as Windows PE, Windows Recovery Console, Windows
Recovery Environment, BartPE, or Live Distros can be
Similarly, detection in rmware can be achieved by com- used for this purpose, allowing the system to be cleaned.
puting a cryptographic hash of the rmware and compar- Even if the type and nature of a rootkit is known, maning it to a whitelist of expected values, or by extending the ual repair may be impractical, while re-installing the
hash value into Trusted Platform Module (TPM) cong- operating system and applications is safer, simpler and
uration registers, which are later compared to a whitelist quicker.[83]
of expected values.[73] The code that performs hash, compare, or extend operations must also be protectedin this
context, the notion of an immutable root-of-trust holds
that the very rst code to measure security properties of 25.7 Public availability
a system must itself be trusted to ensure that a rootkit or
bootkit does not compromise the system at its most fun- Like much malware used by attackers, many rootkit
implementations are shared and are easily available on
damental level.[74]
the Internet. It is not uncommon to see a compromised system in which a sophisticated, publicly available rootkit hides the presence of unsophisticated worms
25.5.6 Memory dumps
or attack tools apparently written by inexperienced
Forcing a complete dump of virtual memory will cap- programmers.[24]
ture an active rootkit (or a kernel dump in the case of a Most of the rootkits available on the Internet originated
kernel-mode rootkit), allowing oine forensic analysis to as exploits or as academic proofs of concept to demonbe performed with a debugger against the resulting dump strate varying methods of hiding things within a computer
le, without the rootkit being able to take any measures to system and of taking unauthorized control of it.[85] Often
cloak itself. This technique is highly specialized, and may not fully optimized for stealth, such rootkits sometimes
require access to non-public source code or debugging leave unintended evidence of their presence. Even so,
symbols. Memory dumps initiated by the operating sys- when such rootkits are used in an attack, they are often
tem cannot always be used to detect a hypervisor-based eective. Other rootkits with keylogging features such
rootkit, which is able to intercept and subvert the lowest- as GameGuard are installed as part of online commercial
level attempts to read memory[5] a hardware device, games.
such as one that implements a non-maskable interrupt,
may be required to dump memory in this scenario.[75][76]
25.8 Defenses
25.6 Removal
Manual removal of a rootkit is often too dicult for a typical computer user,[25] but a number of security-software
vendors oer tools to automatically detect and remove
some rootkits, typically as part of an antivirus suite. As of
2005, Microsofts monthly Windows Malicious Software
Removal Tool is able to detect and remove some classes
of rootkits.[77][78] Some antivirus scanners can bypass le
system APIs, which are vulnerable to manipulation by
a rootkit. Instead, they access raw lesystem structures
directly, and use this information to validate the results
from the system APIs to identify any dierences that may
be caused by a rootkit.[Notes 2][79][80][81][82]
There are experts who believe that the only reliable
way to remove them is to re-install the operating system from trusted media.[83][84] This is because antivirus
and malware removal tools running on an untrusted system may be ineective against well-written kernel-mode
rootkits. Booting an alternative operating system from
trusted media can allow an infected system volume to be
mounted and potentially safely cleaned and critical data
System hardening represents one of the rst layers of defence against a rootkit, to prevent it from being able to
install.[86] Applying security patches, implementing the
principle of least privilege, reducing the attack surface
and installing antivirus software are some standard security best practices that are eective against all classes of
malware.[87]
New secure boot specications like Unied Extensible
Firmware Interface are currently being designed to address the threat of bootkits.
For server systems, remote server attestation using technologies such as Intel Trusted Execution Technology
(TXT) provide a way of validating that servers remain
in a known good state. For example, Microsoft Bitlocker
encrypting data-at-rest validates servers are in a known
good state on bootup. PrivateCore vCage is a software oering that secures data-in-use (memory) to avoid
bootkits and rootkits by validating servers are in a known
good state on bootup. The PrivateCore implementation
works in concert with Intel TXT and locks down server
system interfaces to avoid potential bootkits and rootkits.
126
25.10 Notes
[1] The process name of Sysinternals RootkitRevealer was
targeted by malware; in an attempt to counter this countermeasure, the tool now uses a randomly generated process
name.
[2] In theory, a suciently sophisticated kernel-level rootkit
could subvert read operations against raw lesystem data
structures as well, so that they match the results returned
by APIs.
25.11 References
[11] Spyware Detail: XCP.Sony.Rootkit. Computer Associates. 2005-11-05. Archived from the original on 201209-21. Retrieved 2010-08-19.
[12] Russinovich, Mark (2005-10-31). Sony, Rootkits and
Digital Rights Management Gone Too Far. TechNet
Blogs. Microsoft. Archived from the original on 201207-07. Retrieved 2010-08-16.
[13] Sonys long-term rootkit CD woes. BBC News. 200511-21. Archived from the original on 2012-07-15. Retrieved 2008-09-15.
[14] Felton, Ed (2005-11-15). Sonys Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs.
Archived from the original on 2012-09-05.
[15] Knight, Will (2005-11-11). Sony BMG sued over cloaking software on music CD. New Scientist (Sutton, UK:
Reed Business Information). Archived from the original
on 2012-09-21. Retrieved 2010-11-21.
[16] Kyriakidou, Dina (March 2, 2006). ""Greek Watergate
Scandal Sends Political Shockwaves. Reuters. Retrieved
2007-11-24.
[17] Vassilis Prevelakis, Diomidis Spinellis (July 2007). The
Athens Aair. Archived from the original on 2012-0921.
[2] http://www.technibble.com/
how-to-remove-a-rootkit-from-a-windows-system/
[20] Steve Hanna (September 2007). Using Rootkit Technology for Honeypot-Based Malware Detection (PDF).
CCEID Meeting.
[21] Russinovich, Mark (6 February 2006). Using Rootkits
to Defeat Digital Rights Management. Winternals. SysInternals. Archived from the original on 31 August 2006.
Retrieved 2006-08-13.
[6] Andrew Hay, Daniel Cid, Rory Bray (2008). OSSEC HostBased Intrusion Detection Guide. Syngress. p. 276. ISBN
1-59749-240-X.
[24] Anson, Steve; Bunting, Steve (2007). Mastering Windows Network Forensics and Investigation. John Wiley and
Sons. pp. 7374. ISBN 0-470-09762-0.
[10] Stuxnet Introduces the First Known Rootkit for Industrial Control Systems. Symantec. 2010-08-06. Archived
from the original on 2012-09-11. Retrieved 2010-12-04.
25.11. REFERENCES
127
128
129
Chapter 26
Script kiddie
In programming culture a script kiddie or skiddie[1]
(also known as skid, script bunny,[2] script kitty)[3] is an
unskilled individual who uses scripts or programs developed by others to attack computer systems and networks,
and deface websites. It is generally assumed that script
kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own, and that their
objective is to try to impress their friends or gain credit
in computer-enthusiast communities.[4] The term is generally considered to be pejorative.
In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are dened
as
The more immature but unfortunately often just as dangerous exploiter of security
lapses on the Internet. The typical script
kiddy uses existing and frequently well known
and easy-to-nd techniques and programs or
scripts to search for and exploit weaknesses
in other computers on the Internetoften
randomly and with little regard or perhaps
even understanding of the potentially harmful
consequences.[5]
26.3 References
[1] Leyden, John (February 21, 2001). Virus toolkits are
skiddie menace. The Register.
[2] Script bunny - denition. SpywareGuide.com.
Script kiddies have at their disposal a large number of effective, easily downloadable programs capable of breaching computers and networks.[4] Such programs have
included remote denial-of-service WinNuke,[6] trojans
Back Orice, NetBus, Sub7,[7] and ProRat, vulnerability
scanner/injector kit Metasploit,[8] and often software intended for legitimate security auditing.[9] A survey of college students in 2010, supported by the UKs Association
of Chief Police Ocers, indicated a high level of interest
in beginning hacking: 23% of 'uni' students have hacked
into IT systems [...] 32% thought hacking was 'cool' [...]
28% considered it to be easy.[10]
Script kiddies vandalize websites both for the thrill of
it and to increase their reputation among their peers.[4]
Some more malicious script kiddies have used virus
130
[3] Baldwin, Clare; Christie, Jim (July 9, 2009). Cyber attacks may not have come from North Korea. San Francisco; Reuters.com.
[4] Lemos, Robert (July 12, 2000). Script kiddies: The Nets
cybergangs. ZDNet. Retrieved 2007-04-24.
[5] Mead, Nancy R.; Hough, Eric D.; Stehney, Theodore
R. III (May 16, 2006). Security Quality Requirements Engineering (SQUARE) Methodology CMU/SEI2005-TR-009 (PDF). Carnegie Mellon University, DOD.
CERT.org.
[6] Klevinsky, T. J. ; Laliberte, Scott; Gupta, Ajay (2002).
Hack I.T.: security through penetration testing. AddisonWesley. ISBN 978-0-201-71956-7.
[7] Granneman, Scott (January 28, 2004). A Visit from the
FBI - We come in peace. The Register.
131
Chapter 27
Spyware
Spyware is software that aims to gather information
about a person or organization without their knowledge
and that may send such information to another entity
without the consumers consent, or that asserts control
over a computer without the consumers knowledge.[1]
132
133
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as
various user practices which reduce the chance of getting
A spyware program is rarely alone on a computer: an af- spyware on a system.
fected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of sys- Nonetheless, spyware remains a costly problem. When a
tem performance. A spyware infestation can create sig- large number of pieces of spyware have infected a Winnicant unwanted CPU activity, disk usage, and network dows computer, the only remedy may involve backing up
trac. Stability issues, such as applications freezing, user data, and fully reinstalling the operating system. For
failure to boot, and system-wide crashes are also com- instance, some spyware cannot be completely removed by
mon. Spyware, which interferes with networking soft- Symantec, Microsoft, PC Tools.
ware, commonly causes diculty connecting to the Internet.
134
135
and what spyware researcher Ben Edelman terms aliate daily basis, like spyware.[20][21] It can be removed with
fraud, a form of click fraud. Stealware diverts the pay- the RemoveWGA tool.
ment of aliate marketing revenues from the legitimate
aliate to the spyware vendor.
Spyware which attacks aliate networks places the spyware operators aliate tag on the users activity replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user
has their choices thwarted, a legitimate aliate loses revenue, networks reputations are injured, and vendors are
harmed by having to pay out aliate revenues to an afliate who is not party to a contract.[10] Aliate fraud is
a violation of the terms of service of most aliate marketing networks. As a result, spyware operators such as
180 Solutions have been terminated from aliate networks including LinkShare and ShareSale. Mobile devices can also be vulnerable to chargeware, which manipulates users into illegitimate mobile charges.
136
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising.
When users follow a broken link or enter an erroneous URL, they see a page of advertisements.
However, because password-protected Web sites
(HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it
impossible for the user to access password-protected
sites.[28]
Spyware such as Look2Me hides inside systemcritical processes and start up even in safe mode.
With no process to terminate they are harder to detect and remove, which is a combination of both spyware and a rootkit. Rootkit technology is also seeing
increasing use,[29] as newer spyware programs also
have specic countermeasures against well known
anti-malware products and may prevent them from
running or being installed, or even uninstall them.
Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has
been the subject of thousands of complaints to the
Federal Trade Commission (FTC), the Washington
State Attorney Generals Oce, the Better Business
Bureau, and other agencies. Consumers complained
they were held hostage by a cycle of oversized popup windows demanding payment of at least $29.95,
claiming that they had signed up for a three-day
free trial but had not cancelled before the trial period was over, and were thus obligated to pay.[30][31]
The FTC led a complaint, since settled, against
Movieland and eleven other defendants charging
them with having engaged in a nationwide scheme
to use deception and coercion to extract payments
from consumers.[32]
137
AntiVirus Gold
ContraVirus
MacSweeper
Pest Trap
PSGuard
Spy Wiper
Spydawn
Kazaa[40]
Spylocked
Morpheus[41]
Spysheri
WeatherBug[42]
SpyShredder
WildTangent[43][44]
Spyware Quake
SpywareStrike
27.6.1
UltimateCleaner
WinAntiVirus Pro 2006
DivX[45]
WorldAntiSpy
[43]
FlashGet[46][47][48][49][50][51]
magicJack[52]
WinFixer[55]
138
27.8.2
Administrative sanctions
US FTC actions
The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers
sued Claria for replacing advertisements, but settled out
of court.
Courts have not yet had to decide whether advertisers
can be held liable for spyware that displays their ads.
In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with
the spyware rm. Rather, they have contracted with an
advertising agency, which in turn contracts with an online subcontractor who gets paid by the number of impressions or appearances of the advertisement. Some
major rms such as Dell Computer and Mercedes-Benz
have sacked advertising agencies that have run their ads
in spyware.[70]
27.10. REFERENCES
139
27.10 References
[1] FTC Report (2005). ""
[2] SPYWARE ""
[3] Basil Cupa, Trojan Horse Resurrected: On the Legality of
the Use of Government Spyware (Govware), LISS 2013,
pp. 419-428
Retrieved
[5] Jeremy Reimer (20 July 2007). The tricky issue of spyware with a badge: meet 'policeware'". Ars Technica.
[24] "CoolWebSearch.
Parasite information database.
Archived from the original on January 6, 2006. Retrieved
September 4, 2008.
140
Viruss-
[61] "CHAPTER 715 Computer Spyware and Malware Protection". nxtsearch.legis.state.ia.us. Retrieved May 11,
2011.
[62] Chapter
19.270
RCW:
Computer
spyware.
apps.leg.wa.gov. Retrieved November 14, 2006.
[63] Gross, Grant. US lawmakers introduce I-Spy bill. InfoWorld, March 16, 2007. Retrieved March 24, 2007.
[64] See Federal Trade Commission v. Sperry & Hutchinson
Trading Stamp Co.
[65]
[66] See Court Orders Halt to Sale of Spyware (FTC press release Nov. 17, 2008, with links to supporting documents).
[67] OPTA, Besluit van het college van de Onafhankelijke
Post en Telecommunicatie Autoriteit op grond van artikel
15.4 juncto artikel 15.10 van de Telecommunicatiewet tot
oplegging van boetes ter zake van overtredingen van het
gestelde bij of krachtens de Telecommunicatiewet from 5
november 2007, http://opta.nl/download/202311+boete+
verspreiding+ongewenste+software.pdf
[68] State Sues Major Spyware Distributor (Press release).
Oce of New York State Attorney General. April 28,
2005. Retrieved September 4, 2008. Attorney General
Spitzer today sued one of the nations leading internet
marketing companies, alleging that the rm was the source
of spyware and adware that has been secretly installed
on millions of home computers.
[69] Gormley, Michael. Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general. Yahoo!
News. June 15, 2005. Archived from the original on June
22, 2005.
[70] Gormley, Michael (June 25, 2005). Major advertisers
caught in spyware net. USA Today. Retrieved September
4, 2008.
[71] Festa, Paul. "See you later, anti-Gators?". News.com. October 22, 2003.
[72] "Gator Information Center". pcpitstop.com November 14,
2005.
[73] Initial LANrev System Findings, LMSD Redacted
Forensic Analysis, L-3 Services prepared for Ballard
Spahr (LMSDs counsel), May 2010. Retrieved August
15, 2010.
[74] Doug Stanglin (February 18, 2010). School district accused of spying on kids via laptop webcams. USA Today.
Retrieved February 19, 2010.
[75] Suit: Schools Spied on Students Via Webcam. CBS
NEWS. March 8, 2010.
141
27.12 Categories
Chapter 28
28.2 1930s
28.4 1970s
28.2.1
28.4.1 1971
1932
Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Rycki broke the Enigma machine
code.
28.2.2
1939
28.5. 1980S
143
28.5.2
1983
The 414s break into 60 computer systems at institutions ranging from the Los Alamos National Laboratory to Manhattans Memorial Sloan-Kettering Cancer Center.[6] The incident appeared as the cover
story of Newsweek with the title Beware: Hackers at play, possibly the rst mass-media use of the
term hacker in the context of computer security.[7] 28.5.4 1985
As a result, the U.S. House of Representatives held
KILOBAUD is re-organized into The P.H.I.R.M.,
hearings on computer security and passed several
and begins sysopping hundreds of BBSs throughout
laws.
the United States, Canada, and Europe.
The group KILOBAUD is formed in February,
The online 'zine Phrack is established.
kicking o a series of other hacker groups which
form soon after.
The Hackers Handbook is published in the UK.
The movie WarGames introduces the wider public
to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed
abilities to bring the world to a screeching halt by
launching nuclear ICBMs.
The U.S. House of Representatives begins hearings
on computer security hacking.[8]
144
28.5.5
1986
28.5.7
1988
28.6. 1990S
145
Publication of a hacking instruction manual for penetrating TRW credit reporting agency by Innite
Possibilities Society (IPS) gets Dr. Ripco, the sysop
of Ripco BBS mentioned in the IPS manual, arrested by the US Secret Service.[20]
28.6.3
1993
28.6.4
June: Eligible Receiver 97 tests the American governments readiness against cyberattacks.
December: Information Security publishes rst issue.
1994
AOHell is released, a freeware application that allows a burgeoning community of unskilled script
kiddies to wreak havoc on America Online. For 28.6.8 1998
days, hundreds of thousands of AOL users nd
January: Yahoo! noties Internet users that anyone
their mailboxes ooded with multi-megabyte email
visiting its site in recent weeks might have downbombs and their chat rooms disrupted with spam
loaded a logic bomb and worm planted by hackers
messages.
claiming a logic bomb will go o if Kevin Mitnick
is not released from prison.
28.6.5
1995
January:
XXXII
[21]
28.6.6
1996
Hackers alter Web sites of the United States Department of Justice (August), the CIA (October), and
the U.S. Air Force (December).
Canadian hacker group, Brotherhood, breaks into
the Canadian Broadcasting Corporation.
February: The Internet Software Consortium proposes the use of DNSSEC (domain-name system security extensions) to secure DNS servers.
May 19: The seven members of the hacker think
tank known as L0pht testies in front of the US
congressional Government Aairs committee on
Weak Computer Security in Government.
June: Information Security publishes its rst annual
Industry Survey, nding that nearly three-quarters
of organizations suered a security incident in the
previous year.
146
October: "U.S. Attorney General Janet Reno announces National Infrastructure Protection Center.
28.7 2000s
28.7.1 2000
28.6.9
1999
September: teenage hacker Jonathan James be The Electronic Civil Disobedience project, an oncomes rst juvenile to serve jail time for hacking.
line political performance-art group, attacks the
Pentagon calling it conceptual art and claiming it to
be a protest against the U.S. support of the suppres- 28.7.2 2001
sion of rebels in southern Mexico by the Mexican
government. ECD uses the FloodNet software to
Microsoft becomes the prominent victim of a new
bombard its opponents with access requests.
type of hack that attacks the domain name server. In
these denial-of-service attacks, the DNS paths that
U.S. President Bill Clinton announces a $1.46 biltake
users to Microsofts Web sites are corrupted.
lion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies
and encourage the private sector to do the same.
January 7: an international coalition of hackers
(including CULT OF THE DEAD COW, 2600 's
sta, Phrack's sta, L0pht, and the Chaos Computer Club) issued a joint statement () condemning
the LoUs declaration of war. The LoU responded
by withdrawing its declaration.
A hacker interviewed by Hilly Rose during the Art
Bell Coast-to-Coast Radio Show exposes a plot by
Al-Qaida to derail Amtrak trains. This results in
ALL trains being forcibly stopped over Y2K as a
safety measure.
March: The Melissa worm is released and quickly
becomes the most costly malware outbreak to date.
July: CULT OF THE DEAD COW releases Back
Orice 2000 at DEF CON
June: The Bush administration les a bill to create the Department of Homeland Security, which,
among other things, will be responsible for protecting the nations critical IT infrastructure.
28.7. 2000S
147
28.7.5
2004
March: Myron Tereshchuk is arrested for attempting to extort $17 million from Micropatent.
July: North Korea claims to have trained 500 hackers who successfully crack South Korean, Japanese,
and their allies computer systems.[24]
28.7.6
2005
April 2: Rafael Nez aka RaFa a notorious member of the hacking group World of Hell is arrested
following his arrival at Miami International Airport
for breaking into the Defense Information Systems
Agency computer system on June 2001.[25]
28.7.8
September 13: Cameron Lacroix is sentenced to 11
months for gaining access to T-Mobile USAs network and exploiting Paris Hiltons Sidekick.[26]
November 3: Jeanson James Ancheta, whom prosecutors say was a member of the Botmaster Underground, a group of script kiddies mostly noted for
their excessive use of bot attacks and propagating
vast amounts of spam, was taken into custody after
being lured to FBI oces in Los Angeles.[27]
2007
148
28.7.9
2008
28.7.10
2009
28.8 2010s
28.8.1
2010
28.9. REFERENCES
January 6: Hacker group The Hacker Encrypters
found and reported an open SQLi exploit on Facebook. The results of the exploit have been posted on
Pastebin.[50]
January 7: Team Appunity, a group of Norwegians
hackers, got arrested for breaking into and publishing the user database of Norways largest prostitution website.[51]
February 3: Marriott was hacked by a new age
ideologist, Attila Nemeth who was resisting against
the New World Order where Corporations Rule the
World. As a response Marriott reported him to the
United States Secret Service.[52]
February 8: Foxconn is hacked by rising hacker
group, Swagg Security, releasing a massive amount
of data including email logins, server logins, and
even more alarming - bank account credentials of
large companies like Apple and Microsoft. Swagg
Security stages the attack just as a Foxconn protest
ignites against terrible working conditions[53]
May 4: A lot of important Turkish Websites
are hacked by F0RTYS3V3N (Turkish Hacker) .
Google, Yandex, Microsoft, Gmail, Msn, Hotmail,
PayPal Turkish representative oces ' s Websites
hacked in one shot.[54]
149
October 27: NSAs website shut down after the inltration of a Japanese elite hacker Daisuke Dan.[60]
28.8.5 2014
February 7: The Bitcoin exchange Mt.Gox led for
bankruptcy after $460 million was apparently stolen
by hackers due to weaknesses in [their] system and
another $27.4 million went missing from its bank
accounts.[61]
October: The White House computer system is
hacked by Russians.
November 28: The website of a major provider
of Telecommunications Services in the Philippines
Globe Telecom usually known as GLOBE was
hacked to acquaint for the poor internet connection
service they are distributing.[62]
28.9 References
[1] Marks, Paul (December 27, 2011). Dot-dash-diss: The
gentleman hackers 1903 lulz. New Scientist. Retrieved
January 11, 2012.
[2] untitled1.html. Retrieved 14 March 2015.
[3] http://osvdb.org/show/osvdb/23257
28.8.4
2013
[4] David Price: Blind Whistling Phreaks and the FBIs Historical Reliance on Phone Tap Criminality CounterPunch,
June 30, 2008
[5] http://archive.wired.com/science/discoveries/news/
2001/02/41630?currentPage=all
[6] Elmer-DeWitt, Philip (August 29, 1983). The 414 Gang
Strikes Again. Time. p. 75.
[7] Beware: Hackers at play. Newsweek. September 5,
1983. pp. 4246, 48.
[8] Timeline: The U.S. Government and Cybersecurity.
Washington Post. May 16, 2003. Retrieved 2006-04-14.
Check date values in: |year= / |date= mismatch (help)
[9] Thompson, Ken (October 1983). Reections on Trusting
Trust (PDF). 1983 Turing Award Lecture. ACM.
[10] 2600: The Hacker Quarterly (Volume 2, Number 8, August 1985)". Retrieved 14 March 2015.
150
[15] Cli Stoll (1989). The cuckoos egg. New York: Doubleday. ISBN 0-370-31433-6.
[16] Burger, R.: Computer viruses - a high tech disease, Abacus/Data Becker GmbH (1988), ISBN 1-55755-043-3
[17] Spaord, E.H.: The Internet Worm Program: An Analysis, Purdue Technical Report CSD-TR-823 (undated)
[18] Eichin, M.W. and Rochlis, J.A.: With Microscope and
Tweezers: An Analysis of the Internet Virus of November
1988, MIT(1989)
[19] Bill Apro & Graeme Hammond (2005). Hackers: The
Hunt for Australias Most Infamous Computer Cracker.
Five Mile Press. ISBN 1-74124-722-5.
[20] Esquibel, Bruce (1994-10-08). ""Operation Sundevil is
nally over for Dr. Ripco. Electronic Frontier Foundation. Retrieved 2009-03-08.
[21] Recent Large Name Phreaker Busts by Anonymous.
EmpireTimes. March 11, 1995.
[22] http://www.nap.edu/html/trust/trust-1.htm
[42] Eduard Kovacs (26 September 2011). 700,000 InMotion Websites Hacked by TiGER-M@TE. softpedia. Retrieved 14 March 2015.
[44] Alaa Ashkar. PA Telecommunications minister: Palestinian Internet Under Hacking Attacks. IMEMC. Retrieved 2011-11-02.
Internethaber.
Re-
[48] http://hitechanalogy.com/
saudi-hacker-0xomar-threatens-israel-release-01-million-credit-card-numbe
[49] Israeli hacker retaliates to credit card hacking. BBC
News. January 12, 2012.
[50] Results of the Facebook exploit on pastebin - http://
pastebin.com/z5YgWanz
[51] Kripos.
"(Norwegian) Tre personer siktet for
datainnbrudd. Kripos. Retrieved 2012-04-25.
[52] Marriott,Hack,Extortion, Arrest and important websites
hacked. Feb 3, 2012.
[53] Garside, Juliette (February 9, 2012). Apple supplier
Foxconn hacked in factory conditions protest. The
Guardian (London).
[54] Google,Microsoft,Yandex,Paypal and important websites hacked. May 4, 2012.
[55] USA Gov., Farmers Ins., Mastercard and + Hacked!
Pastebin - http://pastebin.com/AP2M5cDX
[56] BBC
http://www.bbc.co.uk/news/
world-us-india-8533906955
[57] New Times Broward-Palm Beach - http://blogs.
browardpalmbeach.com/pulp/2013/02/anonymous_
hacked_burger_king_horse_meat.php
[58] Gizmodohttp://gizmodo.com/5985385/
jeeps-twitter-account-has-been-hacked
[59] ZATAZ
http://archives.zataz.com/news/23303/
fbi--faille--fuite--data-leak.html
[60] ZATAZ
http://archives.zataz.com/news/23139/
nsa--oD-Defense-Connect-online.html
[61] The Inside Story of Mt. Gox, Bitcoins $460 Million Disaster - WIRED. WIRED. Retrieved 14 March 2015.
[62] http://www.coorms.com/2014/11/
globe-website-was-hacked-by-bloodsec-hackers.html
151
Chapter 29
Using
computer
cryptocurrencies [8]
Using the infected computer as proxy for illegal activities and/or attacks on other computers.
resources
for
mining
29.4. REFERENCES
153
Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP
address. The hosts computer may or may not show the
internet history of the sites viewed using the computer as
a proxy. The rst generation of anonymizer Trojan horses
tended to leave their tracks in the page view histories of
the host computer. Later generations of the Trojan horse
tend to cover their tracks more eciently. Several versions of Sub7 have been widely circulated in the US and
Europe and became the most widely distributed examples
of this type of Trojan horse.[9]
Remote administration
Privacy-invasive software
Reverse connection
Rogue security software
Social engineering (security)
Spam
Spyware
Timeline of computer viruses and worms
29.4 References
Carnegie Mellon University (1999): CERT Advisory CA-1999-02 Trojan Horses, Retrieved on
2009-06-10.
[1] Landwehr, C. E; A. R Bull; J. P McDermott; W. S Choi
(1993). A taxonomy of computer program security aws,
with examples. DTIC Document. Retrieved 2012-04-05.
[2] Trojan Horse Denition. Retrieved 2012-04-05.
[5] Trojan Horse: [coined By MIT-hacker-turned-NSAspook Dan Edwards] N.. Retrieved 2012-04-05.
[6] What is the dierence between viruses, worms, and Trojans?". Symantec Corporation. Retrieved 2009-01-10.
[7] VIRUS-L/comp.virus Frequently Asked Questions
(FAQ) v2.00 (Question B3: What is a Trojan Horse?)".
9 October 1995. Retrieved 2012-09-13.
[8] Robert McMillan (2013): Trojan Turns Your PC Into Bitcoin Mining Slave, Retrieved on 2015-02-01
[9] Jamie Crapanzano (2003): Deconstructing SubSeven,
the Trojan Horse of Choice, SANS Institute, Retrieved
on 2009-06-11
[10] Vincentas (11 July 2013). Trojan Horse in SpyWareLoop.com. Spyware Loop. Retrieved 28 July 2013.
154
Chapter 30
Vulnerability (computing)
In computer security, a vulnerability is a weakness information resources that support the organizations miswhich allows an attacker to reduce a systems information sion[4]
assurance. Vulnerability is the intersection of three eleIETF RFC 2828 dene vulnerability as:[5]
ments: a system susceptibility or aw, attacker access to
the aw, and attacker capability to exploit the aw.[1] To
A aw or weakness in a systems design, impleexploit a vulnerability, an attacker must have at least one
mentation, or operation and management that
applicable tool or technique that can connect to a system
could be exploited to violate the systems secuweakness. In this frame, vulnerability is also known as
rity policy
the attack surface.
Vulnerability management is the cyclical practice of
identifying, classifying, remediating, and mitigating The Committee on National Security Systems of United
vulnerabilities.[2] This practice generally refers to soft- States of America dened vulnerability in CNSS Instruction No. 4009 dated 26 April 2010 National Inforware vulnerabilities in computing systems.
mation Assurance Glossary:[6]
A security risk may be classied as a vulnerability. The
use of vulnerability with the same meaning of risk can
Vulnerability Weakness in an IS, system selead to confusion. The risk is tied to the potential of
curity procedures, internal controls, or implea signicant loss. Then there are vulnerabilities withmentation that could be exploited
out risk: for example when the aected asset has no
value. A vulnerability with one or more known instances
of working and fully implemented attacks is classied as Many NIST publications dene vulnerability in IT con[7]
[8]
an exploitable vulnerability a vulnerability for which test in dierent publications: FISMApedia term pro[9]
vide
a
list.
Between
them
SP
800-30,
give
a
broader
an exploit exists. The window of vulnerability is the
time from when the security hole was introduced or mani- one:
fested in deployed software, to when access was removed,
a security x was available/deployed, or the attacker was
A aw or weakness in system security procedisabledsee zero-day attack.
dures, design, implementation, or internal controls that could be exercised (accidentally trigSecurity bug (security defect) is a narrower concept: there
gered or intentionally exploited) and result in a
are vulnerabilities that are not related to software: hardsecurity breach or a violation of the systems seware, site, personnel vulnerabilities are examples of vulcurity policy.
nerabilities that are not software security bugs.
Constructs in programming languages that are dicult to
use properly can be a large source of vulnerabilities.
30.1 Denitions
ISO 27005 denes vulnerability as:[3]
A weakness of an asset or group of assets that
can be exploited by one or more threats
where an asset is anything that has value to the organization, its business operations and their continuity, including
155
156
states. If generic, the vulnerability may characterize many vulnerable states; if specic, it may
characterize only one...
National Information Assurance Training and Education
Center denes vulnerability: [14][15]
A weakness in automated system security procedures, administrative controls, internal controls, and so forth, that could be exploited by a
threat to gain unauthorized access to information or disrupt critical processing. 2. A weakness in system security procedures, hardware
design, internal controls, etc. , which could be
exploited to gain unauthorized access to classied or sensitive information. 3. A weakness
in the physical layout, organization, procedures,
personnel, management, administration, hardware, or software that may be exploited to cause
harm to the ADP system or activity. The presence of a vulnerability does not in itself cause
harm; a vulnerability is merely a condition or set
of conditions that may allow the ADP system or
activity to be harmed by an attack. 4. An assertion primarily concerning entities of the internal
environment (assets); we say that an asset (or
class of assets) is vulnerable (in some way, possibly involving an agent or collection of agents);
we write: V(i,e) where: e may be an empty set.
5. Susceptibility to various threats. 6. A set
of properties of a specic internal entity that, in
union with a set of properties of a specic external entity, implies a risk. 7. The characteristics
of a system which cause it to suer a denite
degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of eects in an unnatural (manmade) hostile environment.
30.5. CAUSES
157
inadequate recruiting process
inadequate security awareness
site
area subject to ood
30.4 Classication
Vulnerabilities are classied according to the asset class
they are related to:[3]
hardware
susceptibility to humidity
susceptibility to dust
susceptibility to soiling
susceptibility to unprotected storage
software
insucient testing
lack of audit trail
network
unprotected communication lines
insecure network architecture
personnel
30.5 Causes
Complexity: Large, complex systems increase the
probability of aws and unintended access points[18]
Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases
the probability an attacker has or can nd the knowledge and tools to exploit the aw[19]
Connectivity: More physical connections, privileges, ports, protocols, and services and time each
of those are accessible increase vulnerability[12]
Password management aws: The computer user
uses weak passwords that could be discovered by
brute force. The computer user stores the password on the computer where a program can access
it. Users re-use passwords between many programs
and websites.[18]
Fundamental operating system design aws: The
operating system designer chooses to enforce suboptimal policies on user/program management. For
example operating systems with policies such as
default permit grant every program and every user
full access to the entire computer.[18] This operating
system aw allows viruses and malware to execute
commands on behalf of the administrator.[20]
Internet Website Browsing: Some internet websites
may contain harmful Spyware or Adware that can
be installed automatically on the computer systems.
After visiting those websites, the computer systems
become infected and personal information will be
collected and passed on to third party individuals.[21]
Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an
application.[18]
158
Unchecked user input: The program assumes that
all user input is safe. Programs that do not check
user input can allow unintended direct execution
of commands or SQL statements (known as Buer
overows, SQL injection or other non-validated
inputs).[18]
Not learning from past mistakes:[22][23] for example most vulnerabilities discovered in IPv4 protocol software were discovered in the new IPv6 Responsible disclosure (many now refer to it as 'coordinated disclosure' because the rst is a biased word) of
implementations.[24]
vulnerabilities is a topic of great debate. As reported by
The research has shown that the most vulnerable point The Tech Herald in August 2010, "Google, Microsoft,
in most information systems is the human user, opera- TippingPoint, and Rapid7 have recently issued guidelines
how they will deal with disclotor, designer, or other human:[25] so humans should be and statements addressing
[27]
sure
going
forward.
considered in their dierent roles as asset, threat, information resources. Social engineering is an increasing security concern.
A responsible disclosure rst alerts the aected vendors condentially before alerting CERT two weeks later,
which grants the vendors another 45 day grace period before publishing a security advisory.
Physical security is a set of measures to protect physically the information asset: if somebody can get physical
access to the information asset, it is quite easy to make
resources unavailable to its legitimate users.
The time of disclosure of a vulnerability is dened differently in the security community and industry. It is
most commonly referred to as a kind of public disclosure of security information by a certain party. Usually,
159
the personnel
Time-of-check-to-time-of-use bugs
management
Symlink races
software
Privilege escalation
160
30.12 References
[1] The Three Tenets of Cyber Security. U.S. Air Force
Software Protection Initiative. Retrieved 2009-12-15.
[2] Foreman, P: Vulnerability Management, page 1. Taylor &
Francis Group, 2010. ISBN 978-1-4398-0150-5
[3] ISO/IEC, Information technology -- Security techniquesInformation security risk management ISO/IEC FIDIS
27005:2008
[4] British Standard Institute, Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and
models for information and communications technology
security management BS ISO/IEC 13335-1-2004
[5] Internet Engineering Task Force RFC 2828 Internet Security Glossary
[6] CNSS Instruction No. 4009 dated 26 April 2010
[7] FISMApedia. smapedia.org.
[8] "Term:Vulnerability". smapedia.org.
[9] NIST SP 800-30 Risk Management Guide for Information
Technology Systems
[32]
[33] Jesse Ruderman Race conditions in security dialogs.
squarefree.com.
[34] lcamtufs blog. lcamtuf.blogspot.com.
161
Chapter 31
31.6. REFERENCES
Metasploit
Such methods identify and exploit known vulnerabilities,
and attempt to evade security to gain entry into secured
areas. They are able to do this by hiding software and
system 'back-doors that could be used as a link to the
information or access the non-ethical hacker, also known
as 'black-hat' or 'grey-hat', may want to reach.
31.4 Employment
The United States National Security Agency oers certications such as the CNSS 4011. Such a certication covers orderly, ethical hacking techniques and teammanagement. Aggressor teams are called red teams.
Defender teams are called blue teams.[3]
31.4.1
Eric Corley
Przemysaw Frasunek
Raphael Gray
Barnaby Jack
Kevin Mitnick
Robert Tappan Morris
Kevin Poulsen
163
IT risk
Wireless identity theft
31.6 References
[1] What is white hat? - a denition from Whatis.com.
Searchsecurity.techtarget.com. Retrieved 2012-06-06.
[2] Knight, William (16 October 2009).
License to
Hack. InfoSecurity 6 (6): 3841. doi:10.1016/s17426847(09)70019-9.
[3] What is a White Hat?". Secpoint.com. 2012-03-20. Retrieved 2012-06-06.
[4] Palmer, C.C. (2001). Ethical Hacking (PDF). IBM Systems Journal 40 (3): 769. doi:10.1147/sj.403.0769.
Chapter 32
32.1 Denition
The Jargon File, an inuential but not universally accepted compendium of hacker slang, denes hacker as
A person who enjoys exploring the details of programmable systems and stretching their capabilities, as
opposed to most users, who prefer to learn only the minimum necessary.[8] The Request for Comments (RFC)
1392, the Internet Users Glossary, amplies this meanA hacker is one who enjoys the intellectual challenge
ing as A person who delights in having an intimate unof creatively overcoming and circumventing limitations
derstanding of the internal workings of a system, comof programming systems and who tries to extend their
puters and computer networks in particular.[9]
capabilities.[3] The act of engaging in activities (such as
programming or other media[4] ) in a spirit of playfulness As documented in the Jargon File, these hackers are disand exploration is termed hacking. However the dening appointed by the mass media and general publics usage
characteristic of a hacker is not the activities performed of the word hacker to refer to security breakers, callthemselves (e.g. programming), but the manner in which ing them crackers instead. This includes both good
it is done: Hacking entails some form of excellence, crackers ("white hat hackers") who use their computer
for example exploring the limits of what is possible,[5] security related skills and knowledge to learn more about
thereby doing something exciting and meaningful.[4] Ac- how systems and networks work and to help to discover
tivities of playful cleverness can be said to have hack and x security holes, as well as those more evil crackvalue and are termed hacks[5] (examples include pranks ers ("black hat hackers") who use the same skills to author
at MIT intended to demonstrate technical aptitude and harmful software (like viruses, trojans, etc.) and illegally
inltrate secure systems with the intention of doing harm
cleverness).
to the system.[10] The programmer subculture of hackers,
Richard Stallman explains about hackers who program:
in contrast to the cracker community, generally sees computer security related activities as contrary to the ideals of
the original and true meaning of the hacker term that inWhat they had in common was mainly love
stead related to playful cleverness.[10]
of excellence and programming. They wanted
to make their programs that they used be as
good as they could. They also wanted to make
32.2 History
them do neat things. They wanted to be able
to do something in a more exciting way than
The word hacker derives from the seventeenth century
anyone believed possible and show Look how
word of a lusty laborer who harvested elds by dogged
wonderful this is. I bet you didn't believe this
and rough swings of his hoe. Although the idea of hackcould be done.[6]
ing has existed long before the term hackerwith the
most notable example of Lightning Ellsworth, it was not
Hackers from this subculture tend to emphatically dif- a word that the rst programmers used to describe themferentiate themselves from what they pejoratively call selves. In fact, many of the rst programmers were often"crackers"; those who are generally referred to by me- times from the engineering or physics background. But
dia and members of the general public using the term from about 1945 onward (and especially during the crehacker, and whose primary focusbe it to malign or ation of the rst ENIAC computer) some programmers
benevolent purposeslies in exploiting weaknesses in realized that their expertise in computer software and
computer security.[7]
technology had evolved not just into a profession, but into
A hacker is an adherent of the subculture that originally emerged in academia in the 1960s, around the
Massachusetts Institute of Technology (MIT)'s Tech
Model Railroad Club (TMRC)[1] and MIT Articial Intelligence Laboratory.[2]
164
165
a passion (46).[3]
It was not until the 1960s that the term hackers began
to be used to describe procient computer programmers.
Therefore, the fundamental characteristic that links all
who identify themselves as hackers are ones who enjoy "the intellectual challenge of creatively overcoming
and circumventing limitations of programming systems
and who tries to extend their capabilities (47).[3] With
this denition in mind, it can be clear where the negative
implications of the word hacker and the subculture of
hackers came from.
Some common nicknames among this culture include
crackers who are unskilled thieves who mainly rely on
luck. Others include phreakwhich refers to a type of
skilled crackers and warez d00dzwhich is a kind of
cracker that acquires reproductions of copyrighted software. Within all hackers are tiers of hackers such as
the samurai who are hackers that hire themselves out
for legal electronic locksmith work. Furthermore, there The Glider, proposed as an emblem of the hacker community
by Eric S. Raymond.
are other hackers that are hired to test security which are
called sneakers or tiger teams.
Before communications between computers and computer users were as networked as they are now, there were
multiple independent and parallel hacker subcultures, often unaware or only partially aware of each others existence. All of these had certain important traits in common:
The concentration of academic hacker subculture has paralleled and partly been driven by the commoditization
Playful cleverness, taking the serious humorously of computer and networking technology, and has in turn
accelerated that process. In 1975, hackerdom was scatand the humor seriously
tered across several dierent families of operating systems and disparate networks; today it is largely a Unix and
These sorts of subcultures were commonly found at
TCP/IP phenomenon, and is concentrated around variacademic settings such as college campuses. The MIT
ous operating systems based on free software and openArticial Intelligence Laboratory, the University of Calsource software development.
ifornia, Berkeley and Carnegie Mellon University were
particularly well-known hotbeds of early hacker culture.
They evolved in parallel, and largely unconsciously, until
the Internet, where a legendary PDP-10 machine at MIT, 32.3 Ethics and principles
called AI, that was running ITS, provided an early meeting point of the hacker community. This and other developments such as the rise of the free software movement Main article: Hacker ethic
and community drew together a critically large population
and encouraged the spread of a conscious, common, and Many of the values and tenets of the free and open source
systematic ethos. Symptomatic of this evolution were an software movement stem from the hacker ethics that orig Distaste for authority
166
inated at MIT[11] and at the Homebrew Computer Club. 32.5 Hack value
The hacker ethics were chronicled by Steven Levy in
Hackers: Heroes of the Computer Revolution[12] and in Hack value is the notion used by hackers to express that
other texts in which Levy formulates and summarizes something is worth doing or is interesting.[15] This is
general hacker attitudes:
something that hackers often feel intuitively about a problem or solution.
Access to computers-and anything that might teach An aspect of hack value is performing feats for the sake
you something about the way the world works- of showing that they can be done, even if others think it
should be unlimited and total.
is dicult. Using things in a unique way outside their intended purpose is often perceived as having hack value.
All information should be free.
Examples are using a dot matrix impact printer to produce musical notes, using a atbed scanner to take ultra Hackers should be judged by their hacking, not bo- high-resolution photographs or using an optical mouse as
barcode reader.
gus criteria such as degrees, age, race, or position.
A solution or feat has hack value if it is done in a way
that has nesse, cleverness or brilliance, which makes
creativity an essential part of the meaning. For exam Computers can change your life for the better.
ple, picking a dicult lock has hack value; smashing a
lock does not. As another example, proving Fermats last
theorem by linking together most of modern mathematHacker ethics are concerned primarily with sharing,
ics has hack value; solving a combinatorial problem by
openness, collaboration, and engaging in the hands-on
exhaustively trying all possibilities does not. Hacking is
imperative.[12]
not using process of elimination to nd a solution; its the
Linus Torvalds, one of the leaders of the open source process of nding a clever solution to a problem.
movement (known primarily for developing the Linux
kernel), has noted in the book The Hacker Ethic[13] that
these principles have evolved from the known Protestant
32.6 See also
ethics and incorporates the spirits of capitalism, as introduced in the early 20th century by Max Weber.
Cowboy coding: software development without the
use of strict software development methodologies
You can create art and beauty on a computer.
Demoscene
History of free software
Unix philosophy
32.7 References
[1] TMRC - Hackers
[2] Words to Avoid (or Use with Care) Because They Are
Loaded or Confusing (gnu.org)
[3] Gehring, Verna (2004). The Internet In Public Life. Maryland: Rowman & Littleeld Publishers. pp. 4356. ISBN
0742542335.
[4] The Hacker Community and Ethics: An Interview with
Richard M. Stallman, 2002 (gnu.org)
[5] On Hacking (stallman.org)
[6] Richard Stallman: interview as shown in Hackers Wizards of the Electronic Age
[7] Raymond, Eric (2008-01-08). How To Become A
Hacker. Thyrsus Enterprises. Retrieved 2008-03-16.
167
Levy, Steven. Hackers: Heroes of the Computer
Revolution. Garden City, NY: Anchor Press /
Doubleday. ISBN 9780385191951.
Raymond, Eric S..
The Cathedral and the
Bazaar. Cambridge, MA: O'Reilly Media. ISBN
9781565927247.
Stoll, Cli. The Cuckoos Egg. New York, NY:
Doubleday. ISBN 9780385249461.
Chapter 33
Hacker ethic
For the book, see The Hacker Ethic. For uses in com- The free software movement was born in the early 1980s
puter security hacking, see Hacker (computer security), from followers of the hacker ethic. Its founder, Richard
Hacker Manifesto, and White hat (computer security)
Stallman, is referred to by Steven Levy as the last true
hacker.[3] Modern hackers who hold true to the hacker
Hacker ethic is a term for the moral values and philos- ethicsespecially the Hands-On Imperativeare usually
ophy that are common in the hacker community. The supporters of free and open source software. This is beearly hacker culture and resulting philosophy originated cause free and open source software allows hackers to get
at the Massachusetts Institute of Technology (MIT) in the access to the source code used to create the software, to
1950s and 1960s. The term hacker ethic is attributed to allow it to be improved or reused in other projects.
journalist Steven Levy as described in his 1984 book ti- Richard Stallman describes:
tled Hackers: Heroes of the Computer Revolution. The key
points within this ethic are access, freedom of informaThe hacker ethic refers to the feelings of
tion, and improvement to quality of life.
right and wrong, to the ethical ideas this community of people hadthat knowledge should
While some tenets of hacker ethic were described in other
be shared with other people who can benet
texts like Computer Lib/Dream Machines (1974) by Ted
from it, and that important resources should be
Nelson, Levy appears to have been the rst to document
utilized rather than wasted.[4]
both the philosophy and the founders of the philosophy.
Levy explains that MIT housed an early IBM 704
computer inside the Electronic Accounting Machinery and states more precisely that hacking (which Stallman
(EAM) room in 1959. This room became the staging denes as playful cleverness) and ethics are two separate
grounds for early hackers, as MIT students from the Tech issues:
Model Railroad Club sneaked inside the EAM room afJust because someone enjoys hacking does
ter hours to attempt programming the 30-ton, 9-foot-tall
not mean he has an ethical commitment to
(2.7 m) computer.
treating other people properly. Some hackers
The MIT group dened a hack as a project undertaken or
care about ethicsI do, for instancebut that
a product built to fulll some constructive goal, but also
is not part of being a hacker, it is a separate
[1]
with some wild pleasure taken in mere involvement.
trait. [...] Hacking is not primarily about an
The term hack arose from MIT lingo, as the word had
ethical issue.
long been used to describe college pranks that MIT stu[...] hacking tends to lead a signicant number
dents would regularly devise. However, Levys hacker
of hackers to think about ethical questions in
ethic also has often been quoted out of context and misa certain way. I would not want to completely
understood to refer to hacking as in breaking into comdeny all connection between hacking and views
puters, and so many sources incorrectly imply that it is deon ethics.[5]
scribing the ideals of white-hat hackers. However, what
Levy is talking about does not necessarily have anything
particular to do with computer security, but addresses
33.1 The hacker ethics
broader issues.
The hacker ethic was described as a new way of life,
with a philosophy, an ethic and a dream. However, the As Levy summarized in the preface of Hackers,[6]the genelements of the hacker ethic were not openly debated eral tenets or principles of hacker ethic include:
and discussed; rather they were implicitly accepted and
Sharing
silently agreed upon.[2]
Openness
168
169
tasks with few instructions.[15] A programs code
was considered to hold a beauty of its own, having
been carefully composed and artfully arranged.[16]
Learning to create programs which used the least
amount of space almost became a game between
the early hackers.[13]
170
was placed outside of Leopolds Records in Berkeley, Homebrew Computer Club and the Peoples Computer
California.
Company helped hackers network, collaborate, and share
Another sharing of resources occurred when Bob Al- their work.
brecht provided considerable resources for a non-prot
organization called the Peoples Computer Company
(PCC). PCC opened a computer center where anyone
could use the computers there for fty cents per hour.
The concept of community and collaboration is still relevant today, although hackers are no longer limited to
collaboration in geographic regions. Now collaboration
takes place via the Internet. Eric S. Raymond identies
This second generation practice of sharing contributed and explains[22]this conceptual shift in The Cathedral and
to the battles of free and open software. In fact, when the Bazaar:
Bill Gates' version of BASIC for the Altair was shared
Before cheap Internet, there were some geamong the hacker community, Gates claimed to have lost
ographically
compact communities where the
a considerable sum of money because few users paid for
culture
encouraged
Weinbergs egoless prothe software. As a result, Gates wrote an Open Letter
gramming,
and
a
developer
could easily attract
[19][20]
to Hobbyists.
This letter was published by several
a
lot
of
skilled
kibitzers
and
co-developers.
computer magazines and newsletters, most notably that of
Bell
Labs,
the
MIT
AI
and
LCS
labs, UC
the Homebrew Computer Club where much of the sharBerkeley:
these
became
the
home
of
innovaing occurred.
tions that are legendary and still potent.
Raymond also notes that the success of Linux coincided
with the wide availability of the World Wide Web. The
Many of the principles and tenets of hacker ethic con- value of community is still in high practice and use today.
tribute to a common goal: the Hands-On Imperative. As
Levy described in Chapter 2, Hackers believe that essential lessons can be learned about the systemsabout the 33.2 Levys true hackers
worldfrom taking things apart, seeing how they work,
and using this knowledge to create new and more inter- Levy identies several true hackers who signicantly
esting things.[21]
inuenced the hacker ethic. Some well-known true
Employing the Hands-On Imperative requires free ac- hackers include:
cess, open information, and the sharing of knowledge. To
John McCarthy: Co-founder of the MIT Articial
a true hacker, if the Hands-On Imperative is restricted,
Intelligence Lab and Stanford AI Laboratory
then the ends justify the means to make it unrestricted
so that improvements can be made. When these princi Bill Gosper: Mathematician and hacker
ples are not present, hackers tend to work around them.
Richard Greenblatt: Programmer and early designer
For example, when the computers at MIT were protected
of LISP machines
either by physical locks or login programs, the hackers
there systematically worked around them in order to have
Richard Stallman: Programmer and political activist
access to the machines. Hackers assumed a willful blindwho is well known for GNU, Emacs and the Free
[10]
ness in the pursuit of perfection.
Software Movement
This behavior was not malicious in nature: the MIT hackers did not seek to harm the systems or their users. This Levy also identied the hardware hackers (the secdeeply contrasts with the modern, media-encouraged im- ond generation, mostly centered in Silicon Valley) and
age of hackers who crack secure systems in order to steal the game hackers (or the third generation). All three
information or complete an act of cyber-vandalism.
generations of hackers, according to Levy, embodied the
principles of the hacker ethic. Some of Levys secondgeneration hackers include:
33.1.2
Hands-On Imperative
33.1.3
Throughout writings about hackers and their work processes, a common value of community and collaboration
is present. For example, in Levys Hackers, each generation of hackers had geographically based communities where collaboration and sharing occurred. For the
hackers at MIT, it was the labs where the computers
were running. For the hardware hackers (second generation) and the game hackers (third generation) the geographic area was centered in Silicon Valley where the
33.5. FOOTNOTES
Lee Felsenstein: A hardware hacker and co-founder
of Community Memory and Homebrew Computer
Club; a designer of the Sol-20 computer
John Draper: A legendary gure in the computer
programming world. He wrote EasyWriter, the rst
word processor.
171
Free software movement
Free software philosophy
33.5 Footnotes
[1] Hackers. pg 9
[14] http://gabriellacoleman.org/biella/
Coleman-Golub-Hacker-Practice.pdf
[15] Hackers. pg 31
[16] Hackers. pg 3031
[17] Hackers. pg 33
[18] Hackers. pg 36
[19] Charles Leadbetter (2008). We-Think. Prole Books.
[20] Fiona Macdonald (12 March 2008). Get a fair share of
creativity. Metro.
[21] Hackers, pages 2736.
33.6 References
Himanen, Pekka (2001). The Hacker Ethic and the
Spirit of the Information Age. New York: Random
House. ISBN 0375505660. OCLC 45393052.
Levy, Steven (2001). Hackers: Heroes of the Computer Revolution (updated ed.). New York: Penguin
Books. ISBN 0141000511. OCLC 47216793.
172
173
Text
Antivirus software Source: http://en.wikipedia.org/wiki/Antivirus%20software?oldid=661991271 Contributors: Bryan Derksen, Zundark, Danny, Fubar Obfusco, William Avery, DennisDaniels, Edward, Pnm, Tannin, Tgeorgescu, Minesweeper, CesarB, Ronz, Yaronf,
Rlandmann, Whkoh, Stefan-S, Nikai, IMSoP, RickK, Pedant17, Furrykef, Tempshill, Omegatron, Pakaran, Shantavira, Robbot, Chealer,
Boy b, Calimero, RedWolf, Altenmann, KellyCoinGuy, Iaen, Delpino, Lzur, David Gerard, Fabiform, Graeme Bartlett, Laudaka, Eran,
Noone~enwiki, Rick Block, AlistairMcMillan, Solipsist, Wmahan, Utcursch, SoWhy, Beland, Piotrus, Cynical, Gscshoyru, TonyW, Hobart, Eisnel, Discospinster, Rich Farmbrough, ESkog, JoeSmack, Evice, Aecis, Chungy, PhilHibbs, Sietse Snel, Femto, Perfecto, Stesmo,
Longhair, Orbst, Richi, TheProject, Troels Nybo~enwiki, Timsheridan, Hagerman, Alansohn, CyberSkull, Conan, PatrickFisher, Babajobu, Stephen Turner, Snowolf, Wtmitchell, Downlode, Rotring, Nightstallion, Umapathy, Woohookitty, Mindmatrix, Armando, Robwingeld, Pol098, Urod, Isnow, Kralizec!, Pictureuploader, Palica, Matturn, Cuvtixo, Kbdank71, Yurik, Ryan Norton, Rjwilmsi, DirkvdM,
RainR, FlaBot, JiFish, RexNL, Gurch, DavideAndrea, ChongDae, Born2cycle, Melancholie, Ahunt, Peterl, Gwernol, YurikBot, Wavelength, Borgx, Grizzly37, Wfried, Arado, TheDoober, Piet Delport, SpuriousQ, Akhristov, Claunia, NawlinWiki, Hm2k, Badagnani, Arichnad, Vlad, Bota47, Bokonon~enwiki, BazookaJoe, GraemeL, Peter, Fourohfour, Hirebrand, Jaysbro, Eptin,
robot, Dunxd, Cumbiagermen, Firewall-guy, SmackBot, Although, JurgenHadley, J7, Dxco, Relaxing, Easygoeasycome, Gilliam, JorgePeixoto, Lakshmin,
Gary09202000, Chris the speller, Egladkih, Morte, EncMstr, Jerome Charles Potts, Bigs slb, DHN-bot~enwiki, Uniwares, Darth Panda,
Frap, JonHarder, Korinkami, 03vaseyj, SundarBot, Cybercobra, Valenciano, Mwtoews, Ihatetoregister, Oo7jeep, Gobonobo, Capmo,
NongBot~enwiki, 16@r, Erotml, Beetstra, Doczilla, Qu4rk, Caiaa, Hu12, DabMachine, SimonD, Phantomnecro, UncleDouggie, CapitalR, Kirill Chiryasov, Courcelles, Tawkerbot2, FleetCommand, CmdrObot, BENNYSOFT, Jesse Viviano, NaBUru38, Chrisahn, Cydebot,
Gogo Dodo, Xxhopingtearsxx, AcceleratorX, Tawkerbot4, Khattab01~enwiki, Ohadgliksman, The Mad Bomber, SpK, Neustradamus,
Mikewax, TAG.Odessa, Dimo414, Thijs!bot, Jdivakarla, Leedeth, LemonMan, Saibo, Dalahst, TurboForce, Dawnseeker2000, Mentisto, AntiVandalBot, Sjconrad-mchedrawe, Gkhan, Serpents Choice, JAnDbot, Meinsla, MER-C, Tushard mwti, .anacondabot, Raanoo,
Penubag, Bongwarrior, Lotusv82, Proland, The Kinslayer, JohnLai, Gomm, Xeolyte, Chris G, DerHexer, Hdt83, MartinBot, STBot, CliC,
FDD, Icenine378, CommonsDelinker, Emilinho~enwiki, J.delanoy, Pharaoh of the Wizards, Dinoguy1000, Public Menace, Jesant13, Turbulencepb, Neon white, Ripdog2121, Tokyogirl79, 5theye, Patrickjk, AntiSpamBot, Dougmarlowe, DadaNeem, Pandawelch, White 720,
Jamesontai, Idioma-bot, Javeed Safai, Melovfemale, VolkovBot, AlnoktaBOT, Philip Trueman, DoorsAjar, TXiKiBoT, Emedlin1, Mujdat61, Vipinhari, Technopat, Anonymous Dissident, Qxz, Corvus cornix, LeaveSleaves, Natg 19, Tmalcomv, Haseo9999, C45207, Ngantengyuen, LittleBenW, Fredtheyingfrog, Lonwolve, Wrldwzrd89, Sahilm, Derekcslater, Newspartnergroup, Swaq, Sephiroth storm, Yintan, Miremare, Mothmolevna, Jerryobject, Flyer22, PolarBot, Nosferatus2007, Askild, Topicle, OKBot, Plati, Samker, PrimeYoshi, Escape
Orbit, Arnos78, Martarius, Tanvir Ahmmed, Leahtwosaints, ClueBot, Kl4m, The Thing That Should Not Be, IceUnshattered, Trotline,
Spuernase, Mild Bill Hiccup, Ka vijay, LizardJr8, ChandlerMapBot, Georgest23, Rockfang, DragonBot, Excirial, Socrates2008, Pavix,
Tyler, Pladook, Jotterbot, JamieS93, ChrisHodgesUK, DanielPharos, Versus22, Johnuniq, SoxBot III, SF007, Sensiblekid, XLinkBot,
Rror, Mavenkatesh, Svarya, HexaChord, Addbot, Xp54321, Wizho, Mortense, Nuno Brito, Softfreak, Sergey AMTL, Vatrena ptica, CanadianLinuxUser, Fluernutter, Ankitguptajaipur, Kueensrche, NjardarBot, WorldlyWebster, MrOllie, CarsracBot, FluyWhiteCat, Womanitoba, ChenzwBot, Jasper Deng, Mike A Quinn, Tide rolls, Luckas Blade, Teles, Luckas-bot, Yobot, THEN WHO WAS PHONE?,
Wonder, AnomieBOT, Jim1138, DMWuCg, Roastingpan, Bluerasberry, Materialscientist, Police267, Kalamkaar, Eumolpo, Cameron
Scott, Misi91, Avun, XZeroBot, Rwmoekoe, S0aasdf2sf, Frosted14, SassoBot, ReformatMe, Mathonius, VB.NETLover, TheRyan95,
Shadowjams, Diablosblizz, Samwb123, G7yunghi, FrescoBot, GunAlchemist, WPANI, Yuyujoke, Mi8ka, HJ Mitchell, Craig Pemberton,
Franklin.online2006, Expertour, HamburgerRadio, Redrose64, SuperAntivirus, Marnegro, Pinethicket, HRoestBot, Skyerise, Paulsterne,
A8UDI, Ma2001, Kostes32, One666, Seam123, AntonST, , Meaghan, Salvidrim!, Ravensburg13, Cnwilliams, Trappist the monk, Lamarmote, Miiszmylove, LogAntiLog, Lotje, Wikipandaeng, Vrenator, TBloemink, Neshemah, Diannaa, Hornlitz, Execter, Teenboi001, Mean
as custard, RjwilmsiBot, Ripchip Bot, Panda Madrid, Enauspeaker, DASHBot, EmausBot, John of Reading, WikitanvirBot, Immunize,
Philtweir, Heracles31, Dinhtuydzao, Ibbn, Ryanxo, Tommy2010, Emenid, Elison2007, F, Mats131, ElationAviation, Makecat, Skyinfo,
Yabba67, Rickraptor707, Diame, ChuispastonBot, Pastore Italy, EdoBot, Kandr8, Petrb, ClueBot NG, Lzeltser, TheKaneDestroyer, Jack
Greenmaven, Satellizer, LK20, Dfarrell07, Multiwikiswat, Piyush1992, JuventiniFan, Malijinx, Widr, Hsinghsarao, Joseph843, Helpful
Pixie Bot, Dwe0008, HMSSolent, Krenair, Jeza87, Janendra, Arthurnyc, AvocatoBot, Thekillerpenguin, Teksquisite, Irfanshaharuddin,
TheMw2Genius, Kremnin, Newmen1020304050, BattyBot, Justincheng12345-bot, JC.Torpey, Divonnais, Farqad, IddiKlu, Nisha1987,
Rohaneknathshinde459, Garamond Lethe, JYBot, Dark Silver Crow, Codename Lisa, Cryptodd, Pcguru66, K1ngXSp3c1al, Lugia2453,
Kumarworld2, Sourov0000, Seo100, M.R.V model, Gautamcool12, Faizan, I am One of Many, Ryan889, Matt.Sharp98, Jakec, Eddymck1,
Ashajose0002, Assumelation, Ginsuloft, Quenhitran, Dannyruthe, MetalFusion81, Robevans123, Monkbot, TerryAlex, Xpasindu123,
Thetechgirl, Williamahendric, Jacbizer, Pue7275, Deanwalt123, Rom broke, Drop knowhow, Seanpatrickgray and Anonymous: 645
Application security Source: http://en.wikipedia.org/wiki/Application%20security?oldid=654320542 Contributors: SimonP, Charles
Matthews, Psychonaut, DavidCary, Kravietz, Hillel, AliveFreeHappy, Discospinster, Rhobite, Enric Naval, JYolkowski, Bobrayner,
OwenX, Mindmatrix, Halovivek, Vegaswikian, Pseudomonas, Welsh, Tjarrett, Slicing, NielsenGW, Rwwww, Algae, Tyler Oderkirk,
SmackBot, Ohnoitsjamie, Frap, JonHarder, IronGargoyle, Iridescent, Sander Sde, Tedmarynicz, OnPatrol, Blackjackmagic, Njan,
Aarnold200, Dawnseeker2000, Obiwankenobi, Dman727, Robina Fox, Toutoune25, JLEM, Grabon~enwiki, IronAlloy, JEMLA,
DatabACE, Maurice Carbonaro, Maxgleeson, Alanfeld, Philip Trueman, Felmon, Pryderi100, NEUrOO, M4gnum0n, Friendlydata, Dosco,
Swtechwr, Wiscoplay, Dcunited, Raysecurity, Paulmnguyen, Dthomsen8, Mitch Ames, Ha runner, Bookbrad, Eheitzman, Jnarvey, Yobot,
Fraggle81, Nickbell79, AnomieBOT, Fhuonder, Stationcall, Mwd, FrescoBot, Nageh, Geofhill, Amey.anekar, Hnguyen322, Trappist the
monk, Vrenator, Mr.moyal, Super n1c, We hope, ClueBot NG, Widr, RachidBM, BG19bot, MatthewJPJohnson, Swameticul, Xena77,
Mdann52, Tohimanshu, Triomio, Isoron27000, Roberto Bagnara, Truehorizon, Securechecker1, Jpickel, MuscleheadNev, Chrisdmiller5,
Greenmow and Anonymous: 73
Backdoor (computing) Source: http://en.wikipedia.org/wiki/Backdoor%20(computing)?oldid=662411634 Contributors: Damian Yerrick, The Anome, Arvindn, Dwheeler, Wshun, Voidvector, Pnm, Ixfd64, (, Iluvcapra, Ronz, Jebba, Nikai, Ww, Furrykef, Thue, Khym
Chanur, Movermover, RedWolf, Lowellian, Danutz, KellyCoinGuy, Tobias Bergemann, David Gerard, Graeme Bartlett, Gtrmp, Fennec,
Mintleaf~enwiki, Tom harrison, Leonard G., Kravietz, AlistairMcMillan, Eckhart Wrner~enwiki, LiDaobing, Robert Brockway, Am088,
Icairns, Ojw, Monkeyman, GoodStu~enwiki, Rich Farmbrough, FT2, MCBastos, Smyth, CanisRufus, Sietse Snel, Euyyn, Smalljim,
Ral315, Kdau, Woohookitty, RHaworth, Flamingspinach, Stefanomione, Scratchy, Marudubshinki, BD2412, Rjwilmsi, Commander, Allynfolksjr, RainR, Flarn2006, FlaBot, JiFish, Quuxplusone, Daev, YurikBot, Borgx, Cybercat, Hairy Dude, Gene.arboit, Stephenb, Bullzeye, Wiki alf, Matir, Fabulous Creature, Anetode, Vlad, Bota47, Arthur Rubin, Urchin, RealityCheck, Luk, SmackBot, Mmernex,
174
Ultramandk, KelleyCook, Xaosux, Nbarth, Lmsilva~enwiki, Bisected8, Wonderstruck, The undertow, SashatoBot, Harryboyles, Xandi,
Lee Carre, Doceddi, CWY2190, Tim1988, DumbBOT, Thijs!bot, Oerjan, KeithPenguin, Gioto, Widefox, JAnDbot, V. Szabolcs, VoABot
II, Gwern, CliC, RP88, Axlq, Maurice Carbonaro, Milo03, Daedalus CA, Katalaveno, Berserkerz Crit, KCinDC, Mike V, Bonadea,
Ale2006, TXiKiBoT, Baumfreund-FFM, Rei-bot, FironDraak, Xeno8, Rep07, Jroptimus, SieBot, Sephiroth storm, Jojalozzo, Soulweaver,
Geo Plourde, ClueBot, Excirial, Socrates2008, Christopherlmarshall, Zac439, RaceGT, Rhododendrites, DanielPharos, Rror, BlackDeath3, Stemaboatlion, Addbot, TIAA Is An Acronym, SDJ, ZX81, Yobot, THEN WHO WAS PHONE?, AnomieBOT, Materialscientist,
Jerey Mall, Censorship Workaround, A Quest For Knowledge, Aldebrn, FrescoBot, Sanaskar, HamburgerRadio, I dream of horses,
Calmer Waters, Full-date unlinking bot, Cnwilliams, Trappist the monk, Rooseycheeksdrown, Reaper Eternal, RjwilmsiBot, Dewritech,
Erianna, Schnoatbrax, Nhero2006, ClueBot NG, LeoVeo, Dipankan001, Phoenixia1177, Garamond Lethe, Codename Lisa, Hmainsbot1,
Openmikenite, Dr Dinosaur IV, Comp.arch, JadeGuardian, Tqe1999, Monkbot, Hannasnow, Marty-the-Bluetooth, CaseyMillerWiki and
Anonymous: 141
Black hat Source: http://en.wikipedia.org/wiki/Black%20hat?oldid=662699710 Contributors: Berek, Stevertigo, Pnm, Delirium,
DropDeadGorgias, Hectorthebat, Dfeuer, Furrykef, Jerzy, PuzzletChung, Chealer, Altenmann, Merovingian, Michael Snow, Pengo, Tobias Bergemann, Aomarks, SWAdair, Golbez, Neilc, R. end, Quarl, Kiteinthewind, Cynical, Adashiel, Zaf, Mike Rosoft, Sysy, FT2,
KevinBot, JoeSmack, FirstPrinciples, Mairi, Bobo192, Army1987, NetBot, John Vandenberg, Flxmghvgvk, BrokenSegue, Adrian~enwiki,
Urthogie, Tonei, Mattl, Krellis, Alansohn, SpaceFalcon2001, InShaneee, Cdc, Erik II, Keepsleeping, PMD~enwiki, Jheald, Dominic,
H2g2bob, Axeman89, Kaerondaes, Kelly Martin, Simetrical, Mindmatrix, Andrev, Gerbrant, Marudubshinki, Deltabeignet, Dave Cohoe,
Vegaswikian, Mycro, Ver, Chobot, David91, YurikBot, Borgx, Retodon8, Kerowren, Stephenb, Wimt, Anomalocaris, Shreshth91, DragonHawk, ONEder Boy, RazorICE, Abb3w, OliverSeal, Treevillan, Rsriprac, Mateo LeFou, Dcb1995, Kungfuadam, Kf4bdy, Pandemic,
Veinor, SmackBot, Rtc, David.Mestel, NickShaforosto, CapitalSasha, Sam Pointon, Gilliam, Ohnoitsjamie, Chris the speller, JordeeBec,
Ittaskforce, Thumperward, Deli nk, A. B., Chameleons84, Can't sleep, clown will eat me, Frap, Tim Pierce, NaeRey, Shdwfeather, LtPowers, Soap, Coastergeekperson04, Robosh, Ironwater, Woer$, Man pl, Chrisch, Beetstra, Peyre, Atakdoug, Emx~enwiki, Colonel Warden,
Tar7arus, Dragon Hilord, Fordmadoxfraud, Dept of Alchemy, Mblumber, Abeg92, Lesqual, Dangermus, Editor at Large, Omicronpersei8, Maziotis, Thijs!bot, Coelacan, Headbomb, NorwegianBlue, Dfrg.msc, AntiVandalBot, Widefox, Dylan Lake, Cowb0y, JAnDbot,
Harryzilber, NapoliRoma, Cyberhacker665, Tqbf, Mjhmach5, Penubag, VoABot II, Mbc362, Cyktsui, Japo, $yD!, M8v5, Edward321,
MartinBot, Fragment1618, Slash, Huzzlet the bot, Jilsi, Weefun, Katalaveno, Ncmvocalist, DarkBlackHat, SJP, MarzaTax, Dog777, AlnoktaBOT, Bovineboy2008, TXiKiBoT, Asabbagh, Seraphim, Wikiisawesome, VARGUX, Doug, Staka, Longobord, Monty845, Steven
Weston, Darkieboy236, SieBot, Whitehatnetizen, One more night, Dawn Bard, Chiroz, Sephiroth storm, Bentogoa, Jc-S0CO, Oxymoron83, MarkMLl, ClueBot, Engelalber, X3vious, WDavis1911, XsilentforestX, Hafspajen, Otolemur crassicaudatus, Trivialist, Excirial, Igorberger, Niteshift36, DamageW, Andrew81446, BOTarate, DanielPharos, Certes, Outkastz, Apparition11, Sensiblekid, Silentpistol, DumZiBoT, Neuralwarp, Codenaur, Ost316, Addbot, Micahmedia, Iaent, Fluernutter, Reaper240sx, Jtermaat, Buddha24, Tide
rolls, TaBOT-zerem, JamesWallisHunt, Martin-vogel, Ian Kelling, Galoubet, Seoschrijver, ImperatorExercitus, ArthurBot, Ched, Mlpearc, Pigby, Pradameinho, Amaury, Brazilian83, Surv1v4l1st, Durval.menezes, ClickRick, Iamrwc, MastiBot, Turian, Reaper Eternal,
EmausBot, Imperial Monarch, Staszek Lem, Quantumor, ClueBot NG, , Satellizer, Brettq42, Mrn5-NJITWILL, MerlIwBot,
Jack1565, Bigdnn, Johngot and Anonymous: 289
Black Hat Briengs Source: http://en.wikipedia.org/wiki/Black%20Hat%20Briefings?oldid=644352806 Contributors: Pnm, Julesd, Aomarks, Sempf, Vsmith, Grifter, Dalm, Kenyon, Woohookitty, Mindmatrix, Myleslong, Vegaswikian, YurikBot, RussBot, Hydrargyrum,
Raistolo, Arthur Rubin, Janizary, SmackBot, Haymaker, Deli nk, Cybercobra, Pissant, JoshuaZ, Aeternus, CmdrObot, Angryredplanet,
Cydebot, MarS, DumbBOT, SusanLesch, Widefox, Sandwiches99, Wanders1, Dman727, Dricherby, Tqbf, Philip Trueman, Sephiroth
storm, Martarius, Trivialist, DanielPharos, XLinkBot, Addbot, Lightbot, Yobot, PimRijkee, Xanablaka, BenzolBot, OMGWEEGEE2,
Mean as custard, RjwilmsiBot, Leendert123, Pastore Italy, Morgi669, Twillisjr, BG19bot, And Adoil Descended, Kangaroopower, Mark
Arsten, UltimateSupreme, Hypothetical questions, Hackerwithin, Randomname3234234, Deskshasty, XWillZer0x, Macofe, 555Jos, JessicaHofmann, Steveschain, Mike Kabinsky, PosTech and Anonymous: 29
Botnet Source: http://en.wikipedia.org/wiki/Botnet?oldid=659017039 Contributors: The Anome, Fubar Obfusco, Jtk, DonDaMon, Edward, Pnm, Baylink, Plop, Dean p foster, Julesd, Dynabee, Kaihsu, Pedant17, Furrykef, Tbutzon, Walloon, Alerante, Gtrmp, Rick
Block, Gracefool, Khalid hassani, Alvestrand, Ianneub, Moxfyre, Slavik0329, Freakofnurture, Bender235, Dewet, RJHall, Tjic, Bobo192,
Jjmerelo~enwiki, Kjkolb, Krellis, Hooperbloob, ClementSeveillac, Joolz, BodyTag, InShaneee, Juhtolv, Kusma, BDD, Bsdlogical, Yurivict, Feezo, Simetrical, Woohookitty, Mindmatrix, Carlos Porto, Shello, Mihai Damian, Pol098, CiTrusD, JediKnyghte, Josh Parris,
Rjwilmsi, PHenry, Yamamoto Ichiro, FlaBot, Latka, Gurch, Intgr, Zebediah49, Benlisquare, Dadu~enwiki, YurikBot, Wavelength, Kollision, StuOfInterest, The Literate Engineer, NawlinWiki, Mosquitopsu, Scs, Flipjargendy, Romal, Abune, Rurik, Fsiler, Katieh5584,
One, SmackBot, Narson, McGeddon, Brick Thrower, KelleyCook, Eiler7, Mcld, Gilliam, Ohnoitsjamie, Chris the speller, Kurykh, TimBentley, Jcc1, Sinicixp, DHN-bot~enwiki, Emurphy42, Jmax-, Can't sleep, clown will eat me, Trinite, Blah2, Mitsuhirato, Frap, JonHarder, Hitoride~enwiki, Luno.org, Rockpocket, Kuru, Euchiasmus, Ivucica, Ehheh, Ttul, Dl2000, Hu12, DabMachine, HisSpaceResearch, Iridescent, Winkydink, KimChee, Powerslide, DavidTangye, Kylu, Dgw, Jesse Viviano, Hserus, RagingR2, Abdullahazzam, Grahamrichter, Mzima, Mato, Gogo Dodo, DumbBOT, Optimist on the run, Zokum, Kozuch, Tobias382, Ferris37, Mbell, Ckhung, Aiko,
Bobblehead, OrenBochman, Binarybits, Sidasta, Luna Santin, Tohnayy, Luxomni, Lfstevens, Mscullin, SemperSecurus, Husond, Sheitan,
Struthious Bandersnatch, Andreas Toth, Magioladitis, VoABot II, Nyttend, Upholder, Boob, Daniel.birket, Ryan1918, Forensicsguy, MartinBot, SasaMaker, LittleOldMe old, Boston, J.delanoy, EscapingLife, Skiidoo, Eliz81, Milo03, Mtxf, Buhadram, Fomalhaut71, Crakkpot,
Jwh335, STBotD, Sbanker, VolkovBot, LokiClock, Franck Dernoncourt, Philip Trueman, TXiKiBoT, Stagefrog2, Brian Helsinki, Lambyte, Calculuslover800, Ephix, InFAN1ty, C45207, Michael Frind, Logan, Derekcslater, Sephiroth storm, Yintan, Android Mouse, Exert,
KoshVorlon, Lightmouse, Dracker, Denisarona, Escape Orbit, The sunder king, Jaimee212, Church, ClueBot, GorillaWarfare, Abhinav,
Vacio, Ravivr, Lawrence Cohen, Konsumkind, Pwitham, Paul Abrahams, Mild Bill Hiccup, DnetSvg, Dante brevity, Rprpr, Julesbarbie, Excirial, Gulmammad, Dralokyn, Rhododendrites, SchreiberBike, DanielPharos, D.Cedric, BlueDevil, Herunar, XLinkBot, Dark
Mage, Stickee, Little Mountain 5, WikHead, Jadtnr1, A little mollusk, Addbot, Ramu50, A.qarta, Burkestar, Enkrona, Zellfaze, Tothwolf, Linktopast30, Scientus, MrOllie, Danpoulton, Hintss, Jarble, Luckas-bot, Yobot, Ptbotgourou, AnomieBOT, Jim1138, Yachtsman1,
Materialscientist, Hcps-spottsgr, LykMurph, ArthurBot, Quebec99, Xqbot, THWoodman, DataWraith, BebyB, S0aasdf2sf, GrouchoBot,
Kyng, Chaheel Riens, W Nowicki, HamburgerRadio, 10metreh, Skyerise, Bugsguy, Pastafarian32, GlowBee, Fishsicles, Stdundon, Lotje,
Dragan2~enwiki, Tbhotch, Jfmantis, Onel5969, Liamzebedee, Ripchip Bot, EmausBot, Jackson McArthur, Cmartincaj, Heracles31, ScottyBerg, JohnValeron, RenamedUser01302013, K6ka, Marshviperx, Martinibra, Daonguyen95, A930913, H3llBot, Ivhtbr, Erianna, Staszek
Lem, TyA, The guy on da moon, Cyberdog958, Schnoatbrax, Shrigley, TravisMunson1993, Whoop whoop pull up, Mjbmrbot, ClueBot
NG, Magicman3894, MelbourneStar, Satellizer, Abecedarius, Guive37, Twillisjr, Mgnicholas, Mesoderm, O.Koslowski, Helpful Pixie Bot,
Harley16ss, TRANA1-NJITWILL, Lifemaestro, Hewhoamareismyself, Fredo699, Vagobot, DaveB549, Paulbeeb, ElphiBot, MusikAnimal, Socal212, Ananti3, Szary89, Zune0112, Jbarre10, Gyvachius, Tetraexagon, Haleycat, Deimos747, Faisal ALbarrak, Oknitram,
175
Chengshuotian, Padenton, Superkc, Waqob, Oneplusnine, Agent766, Axesrotoor, Jakedtc, FrB.TG, Herpingdo, JaconaFrere, Impsswoon,
TheEpTic, Jamesmarkchan, AnonArme, Fl4meb0tnet, Professornova, Anotherdaylate, Spagheti and Anonymous: 451
Computer crime Source: http://en.wikipedia.org/wiki/Computer%20crime?oldid=662636846 Contributors: Damian Yerrick, Frecklefoot, Edward, D, Ixfd64, Sannse, Dori, Ihcoyc, Ronz, Jebba, Darkwind, Andrewa, Julesd, Andres, Kaihsu, GCarty, Ww, Greenrd, Zoicon5,
Katana0182, Robbot, ZimZalaBim, Lowellian, Desmay, UtherSRG, Alan Liefting, Everyking, Edcolins, Utcursch, Antandrus, Jorm, Beland, Joyous!, Ta bu shi da yu, DanielCD, Discospinster, Rich Farmbrough, ArnoldReinhold, Atchom, MarkS, Elwikipedista~enwiki, Narcisse, Cmdrjameson, Elipongo, Vishnu vijay, Timmywimmy, ADM, Zachlipton, Alansohn, Arthena, Snowolf, Wtmitchell, L33th4x0rguy,
TaintedMustard, Harej, RainbowOfLight, H2g2bob, BlastOButter42, Y0u, Woohookitty, Wikiklrsc, Prashanthns, BD2412, Galwhaa,
Josh Parris, Rjwilmsi, Bill37212, Bruce1ee, Bhadani, Amelio Vzquez, Rabreu, Nivix, Gurch, Tieno007~enwiki, Czar, Alphachimp,
David91, Bgwhite, Wavelength, Phantomsteve, SpuriousQ, IanManka, Akamad, Stephenb, Markjx, NawlinWiki, Welsh, Renata3, FoolsWar, Lippard, Zzuuzz, Gtdp, Rurik, CWenger, Tom Morris, Sardanaphalus, Crystallina, SmackBot, Reedy, Stie, Canthusus, Nil Einne,
Gilliam, Skizzik, Jrkagan, Kurykh, JDCMAN, Dimonicquo, Silly rabbit, Octahedron80, Mihairad, Tim Pierce, ConMan, Expugilist, Savidan, RolandR, FlyHigh, Prehistoricmaster2, Kuru, Ocee, Shadowlynk, Joelo, Kirkoconnell, Barrycarlyon, Beetstra, Invisifan, Hu12,
MikeWazowski, Iridescent, Kencf0618, CapitalR, Sim8183, Tawkerbot2, Dlohcierekim, CmdrObot, Ale jrb, JohnCD, Penbat, MrFish,
Equendil, Anthonyhcole, DumbBOT, ErrantX, Heathniederee, Epbr123, Mojo Hand, Vertium, Esemono, The Legendary Ranger, Dzubint, I already forgot, AntiVandalBot, Oducado, QuiteUnusual, Paste, Joe Schmedley, Oddity-, Wayiran, Gilliantayloryoung, JAnDbot,
Dustin gayler, Levitica, SiobhanHansa, VoABot II, Maheshkumaryadav, Joellee, Kiwimandy, Edper castro, DerHexer, JaGa, Mahnol, Cocytus, MartinBot, Lordmyx, Jeannealcid, Jim.henderson, Rhlitonjua, Psychoair, Jerry teps, Bemsor, Nixonmahilum, Tgeairn, JonBurrows,
Jmm6f488, Kemiv, Semaja, Reno911, Boxmoor, Neon white, NYCRuss, Vanillagorillas, Tokyogirl79, Turner70, HiLo48, DadaNeem,
Olegwiki, Druss666uk, Ja 62, Funandtrvl, Metallicaguy007, VolkovBot, Philip Trueman, MissionInn.Jim, Technopat, Sparkzy, Helpper, Jose gueredo, Sankalpdravid, Qxz, Anna Lincoln, The3stars, Tpk5010, Snowbot, Jlhw, Milan Kerlger, Billinghurst, Enigmaman,
Falcon8765, Justmeherenow, Noncompliant one, Cool110110, DeanC81, Yintan, LeadSongDog, Flyer22, Jojalozzo, Iestynpugh, Oxymoron83, Harry~enwiki, Techman224, Manway, Millstream3, AMbot, Mr. Stradivarius, Barry Jameson, Denisarona, Jons63, Elassint,
ClueBot, Kai-Hendrik, Binksternet, The Thing That Should Not Be, Jotag14, Taroaldo, Tomas e, Chris.tripledot, CounterVandalismBot,
Niceguyedc, Trivialist, PMDrive1061, Chaserx7, Canis Lupus, Rhododendrites, Imaximax1, Vivon1, Jmaio2, Aleksd, Light show, Agilentis, Thingg, PCHS-NJROTC, Aronzak, Johnuniq, MBK-iPhone, BarretB, XLinkBot, Roxy the dog, Gonzonoir, Afpre, Charco2006,
Bamford, Addbot, Some jerk on the Internet, Gpershing, MrOllie, Jgkjfdlsgkjd, Fatboy500, PranksterTurtle, Debresser, Favonian, Jaydec, 5 albert square, Tide rolls, Bultro, Jarble, HerculeBot, Matt.T, Albeiror24, Jackelve, Ben Ben, Kurtis, Publicly Visible, Luckas-bot,
Yobot, Legobot II, II MusLiM HyBRiD II, Mdolphy, KamikazeBot, JackCoke, Lessandmore, IW.HG, Ircpresident, Vrs, Backslash Forwardslash, AnomieBOT, DemocraticLuntz, Kerfuer, Jim1138, IRP, Darkblazikenex2, NickK, Materialscientist, ArthurBot, Quebec99,
Justwiki, Xqbot, JimVC3, Capricorn42, RoodyAlien, Mrc1028, Srich32977, Pradameinho, Wikieditor1988, Tankrider, Lior1075, Shadowjams, FrescoBot, Weyesr1, Yashansi, YOKOTA Kuniteru, Blockyeyes, Ka4, Buchana4, Dejan33, Sfanski, Bobmack89x, Pinethicket,
I dream of horses, Gajic32, Professional7, MJ94, Serols, Mentmic, Full-date unlinking bot, Merlion444, FoxBot, Lotje, Callanecc, Vrenator, Aoidh, Reaper Eternal, ThinkEnemies, Reach Out to the Truth, Minimac, DARTH SIDIOUS 2, Fred11111111, RjwilmsiBot,
VernoWhitney, Agent Smith (The Matrix), Becritical, EmausBot, John of Reading, Immunize, Sophie, Angrytoast, Katherine, Dewritech,
Minimacs Clone, RenamedUser01302013, Tommy2010, Wikipelli, Dcirovic, Ida Shaw, Pragnesh89, Josve05a, Michael Essmeyer, Empty
Buer, Forgottenking, Bustermythmonger, EneMsty12, Christina Silverman, Kjg0972, Erianna, Umni2, Donner60, Yulli67, ChuispastonBot, Trickmind, Petrb, ClueBot NG, Mechanical digger, Sagaa2010, Gareth Grith-Jones, AznBurger, Catlemur, 6ii9, Hiral NJITWILL,
Widr, Leeaaro4, Helpful Pixie Bot, Aigendon, HMSSolent, Nightenbelle, Markthing Inc., Titodutta, KLBot2, BG19bot, VasundraTaneja,
Jhanov1999, Ramesh Ramaiah, FxHVC, Najma El Shelhi, Frze, AvocatoBot, SusanBREN, Metricopolus, Mark Arsten, Lochfyneman,
Dainomite, Harizotoh9, MrBill3, Glacialfox, Klilidiplomus, Yasht101, Aisteco, CrimeWeb, Fylbecatulous, Agent 78787, Darylgolden,
Riley Huntley, Iristotle, Pratyya Ghosh, Padenton, Khazar2, Abowker, Bamachick20, HelicopterLlama, Lugia2453, Frosty, Metalytics,
FrostieFrost, Mason Doering, PinkAmpersand, Greengreengreenred, Dddege, LectriceDuSoir, Reziebear, Glaisher, Bullblade, EdynBliss,
Ginsuloft, Quenhitran, Cindy123456, Jnguyenx3, Keatonhouse, M3osol1301, JaconaFrere, Skr15081997, Kacyoconnor14, Lordangel101,
Altaythegooner, AKS.9955, Cybersecurity101, Pinklights2323, S166865h, StaceyHutter, Johnc123456, Willhesucceed, Vanyaxd, Julietdeltalima, Hellys320, Destor918, Lymaniy, Rishab Elangovan, Guegreen, FormerPatchEditor, Erosen15, Drdebaratiwiki, Dmonshaugen,
Airplane Maniac, DebaratiH and Anonymous: 654
Computer security Source: http://en.wikipedia.org/wiki/Computer%20security?oldid=662104568 Contributors: Tobias Hoevekamp,
Derek Ross, Tuxisuau, Brion VIBBER, Eloquence, Zardoz, Mav, Robert Merkel, The Anome, Stephen Gilbert, Taw, Arcade~enwiki, Graham Chapman, Dachshund, Arvindn, PierreAbbat, Fubar Obfusco, SimonP, Ben-Zin~enwiki, Ant, Ark~enwiki, Heron, Dwheeler, Chuq,
Iorek~enwiki, Frecklefoot, Edward, Michael Hardy, Pnm, Kku, Ixfd64, Dcljr, Dori, Arpingstone, CesarB, Haakon, Ronz, Snoyes, Yaronf,
Nikai, Smay, Qwert, Mydogategodshat, Jengod, JidGom, Aarontay, Gingekerr, Taxman, Joy, Vaceituno, Khym Chanur, Pakaran, Robbot, Yas~enwiki, Fredrik, ZimZalaBim, Rursus, Texture, KellyCoinGuy, 2501~enwiki, Hadal, Tobias Bergemann, David Gerard, Honta,
Wolf530, Tom harrison, Dratman, Mike40033, Siroxo, C17GMaster, Matt Crypto, SWAdair, Bobblewik, Wmahan, Mu, Geni, Antandrus, Beland, Mako098765, CSTAR, GeoGreg, Marc Mongenet, Gscshoyru, Joyous!, Bluefoxicy, Squash, Strbenjr, Mike Rosoft, Kmccoy,
Monkeyman, Pyrop, Rich Farmbrough, Rhobite, Leibniz, FT2, Jesper Laisen, ArnoldReinhold, YUL89YYZ, Zarutian, MeltBanana, Sperling, Bender235, ZeroOne, Moa3333, JoeSmack, Danakil, Omnifarious, Jensbn, El C, Joanjoc~enwiki, Marcok, Perspective, Spearhead,
EurekaLott, Nigelj, Stesmo, Smalljim, Rvera~enwiki, Myria, Adrian~enwiki, Boredzo, ClementSeveillac, JohnyDog, Poweroid, Alansohn,
Quiggles, Arthena, Lightdarkness, Cdc, Mrholybrain, Caesura, Gbeeker, Raraoul, Filx, Proton, M3tainfo, Suruena, HenkvD, 2mcm, Wikicaz, H2g2bob, Condor33~enwiki, Bsdlogical, Johntex, Dan100, Woohookitty, Daira Hopwood, Al E., Prashanthns, Zhen-Xjell, Palica,
Kesla, Vininim, Graham87, Clapaucius, Icey, Sjakkalle, Rjwilmsi, Seidenstud, Koavf, Guyd, DeadlyAssassin, Dookie~enwiki, Edggar,
Oblivious, QuickFox, Kazrak, Ddawson, Ligulem, Smtully, Aapo Laitinen, Ground Zero, RexNL, Alvin-cs, BMF81, JonathanFreed, Jmorgan, J.Ammon, Hall Monitor, Digitalme, Gwernol, FrankTobia, Elfguy, Wavelength, NTBot~enwiki, Alan216, StuOfInterest, Foxxygirltamara, Stephenb, Gaius Cornelius, Ptomes, Morphh, Salsb, Wimt, Bachrach44, AlMac, Irishguy, Albedo, Rmky87, Amcfreely, Romal,
Peter Schmiedeskamp, Zzuuzz, Gorgonzilla, Papergrl, Arthur Rubin, Ka-Ping Yee, Juliano, GraemeL, Rlove, JoanneB, Whouk, NeilN,
SkerHawx, SmackBot, Mmernex, Tripletmot, Reedy, KnowledgeOfSelf, TestPilot, Kosik, McGeddon, Stretch 135, Ccalvin, Manjunathbhatt, Gilliam, Ohnoitsjamie, Skizzik, Lakshmin, Kurykh, Autarch, Snori, Miquonranger03, Deli nk, Jenny MacKinnon, Kungming2,
Jonasyorg, Timothy Clemans, Frap, Ponnampalam, Nixeagle, KevM, JonHarder, Wine Guy, Cpt~enwiki, Krich, Bslede, Richard001,
Stor stark7, Newtonlee, Doug Bell, Harryboyles, Kuru, Geoinline, Disavian, Robosh, Joelo, Kwestin, Mr. Lefty, Beetstra, Jadams76,
Ehheh, Boxux, Kvng, Chadnibal, Wfgiuliano, Dthvt, IvanLanin, DavidHOzAu, Lcamtuf, CmdrObot, Tional, ShelfSkewed, Michael B.
Trausch, Phatom87, Cydebot, Mblumber, Future Perfect at Sunrise, Blackjackmagic, UncleBubba, Gogo Dodo, Anonymi, Anthonyhcole,
GRevolution824, Clovis Sangrail, SpK, Njan, Ebyabe, Thijs!bot, Epbr123, The Punk, Kpavery, Wistless, Oarchimondeo, RichardVeryard,
EdJohnston, Druiloor, SusanLesch, I already forgot, Sheridbm, AntiVandalBot, Obiwankenobi, Shirt58, Marokwitz, Khhodges, Ellenaz,
176
Manionc, Chill doubt, Dmerrill, SecurityGuy, JAnDbot, Jimothytrotter, Barek, MER-C, The Transhumanist, Technologyvoices, Tqbf,
Dave Nelson, Acroterion, Raanoo, VoABot II, Ukuser, JNW, Michi.bo, Szh~enwiki, Hubbardaie, Arctic, Froid, JXS, AlephGamma,
Rohasnagpal, Catgut, WhatamIdoing, Marzooq, Gerrardperrett, Thireus, Devmem, DerHexer, JaGa, Rcseacord, XandroZ, Gwern, SolitaryWolf, CliC, =JeH, Sjjupadhyay~enwiki, Bertix, Booker.ercu, J.delanoy, Gam2121, Maurice Carbonaro, Public Menace, Jesant13,
Jreferee, JA.Davidson, Katalaveno, Touisiau, Ansh1979, Toon05, Mufka, Largoplazo, Dubhe.sk, YoavD, Bonadea, Red Thrush, RJASE1,
Cralar, Javeed Safai, ABF, Wiki-ay, Davidwr, Zifert, Crazypete101, Dictouray, Shanata, Haseo9999, Falcon8765, Pctechbytes, Sapphic,
Donnymo, FutureDomain, Smith bruce, Kbrose, JonnyJD, Lxicm, Whitehatnetizen, Jargonexpert, SecurInfos~enwiki, Ml-crest, Immzw4,
Sephiroth storm, Graceup, Yuxin19, Agilmore, JohnManuel, Flyer22, Jojalozzo, Riya.agarwal, Corp Vision, Lightmouse, KathrynLybarger, Mscwriter, Soloxide, StaticGull, Capitalismojo, PabloStraub, Rinconsoleao, Denisarona, White Stealth, Ishisaka, WikipedianMarlith, Sfan00 IMG, Elassint, ClueBot, Shonharris, PipepBot, TransporterMan, Supertouch, Add32, Emantras, Tanglewood4, Niceguyedc,
Dkontyko, Trivialist, Gordon Ecker, DragonBot, Dwcmsc, Excirial, Socrates2008, Dcampbell30, Moomoo987, Dr-Mx, Rbilesky, DanielPharos, Versus22, HarrivBOT, Fathisules, Raysecurity, XLinkBot, BodhisattvaBot, Solinym, Skarebo, Wingfamily, WikiDao, MystBot,
Dsimic, JimWalker67, Addbot, Cst17, MrOllie, Passport90, Favonian, AgadaUrbanit, Tassedethe, Jarble, Ben Ben, Tartarus, Luckasbot, Yobot, OrgasGirl, The Grumpy Hacker, Librsh, Cyanoa Crylate, Grammaton, THEN WHO WAS PHONE?, Dr Roots, Sweerek,
AnomieBOT, JDavis680, Jim1138, Galoubet, Dwayne, Piano non troppo, AdjustShift, Rwhalb, Quantumseven, HRV, Vijay Varadharajan, Materialscientist, Aneah, Stationcall, ArthurBot, Cameron Scott, Intelati, Securitywiki, Hi878, Coolkidmoa, Zarcillo, Mark Schierbecker, Pradameinho, Amaury, George1997, Architectchamp, =Josh.Harris, Shadowjams, President of hittin' that ass, FrescoBot, Bingo101a, Nageh, Ionutzmovie, Cudwin, Expertour, Intelligentsium, Pinethicket, I dream of horses, Edderso, Access-bb, Yahia.barie, RedBot, MastiBot, Wlalng123, Mentmic, Dac04, Banej, Codemaster32, Tjmannos, Nitesh13579, Lotje, Sumone10154, Arkelweis, Ntlhui,
Aoidh, Endpointsecurity, Tbhotch, Jesse V., DARTH SIDIOUS 2, Ripchip Bot, Panda Madrid, DASHBot, Julie188, EmausBot, Timtempleton, Dewritech, Active Banana, P@ddington, Susfele, Dolovis, Cosmoskramer, Alxndrpaz, AvicAWB, Bar-abban, Ocaasi, Solipsys,
Tolly4bolly, Sharpie66, DennisIsMe, Veryfoolish, Geohac, ChuispastonBot, Pastore Italy, Tentontunic, Sepersann, Gadgad1973, Rocketrod1960, Jramio, ClueBot NG, AAriel42, Enfcer, Iliketurtlesmeow, Widr, Helpful Pixie Bot, TechGeek70, Curb Chain, Calabe1992,
BG19bot, Mollsiebee, M0rphzone, Rubmum, Mohilekedar, Karlomagnus, IraChestereld, Sburkeel, Zune0112, Venera Seyranyan, Wondervoll, Mihai.scridonesi, Jtlopez, Nrdosian, Alessandra Napolitano, Wannabemodel, Keeper03, BattyBot, Popescucalin, Arr4, Mrt3366,
Khazar2, Peter A. Wol, Soulparadox, Ilker Savas, BIG ISSUE LADY, Saturdayswiki, Dexbot, Jmitola, Mogism, Pete Mahen, Lugia2453,
Doopbridge, Sbhalotra, SFK2, Arjungiri, Jamesx12345, ElinaSy, Patna01, Dr Dinosaur IV, Pdecalculus, Mbmexpress, Idavies007, RaheemaHussain, Cyberlawjustin, Rkocher, MoHafesji, ResearcherQ, Westonbowden, Peter303x, Karinera, OccultZone, Robevans123,
Chima4mani, ClyderRakker46, Jonathan lampe, Jppcap, Leejjung86, Azulqar, IrvingCarR, Nyashinski, Monkbot, Nitzy99, Carpalclip3,
RicardoBanchez, Owais Khursheed, Oushee, 405Duke, BrettofMoore, Gr3yHatf00l, Thetechgirl, Fimatic, Hchaudh3, AndrewKin, JRPolicy, Pacguy, HVanIderstine, Leeemily, FormerPatchEditor, Pixelized frog, Johngot, Bmore84, Informationsystemgeeks and Anonymous:
674
Computer worm Source: http://en.wikipedia.org/wiki/Computer%20worm?oldid=661819683 Contributors: LC~enwiki, Brion VIBBER,
Mav, The Anome, Stephen Gilbert, Koyaanis Qatsi, Malcolm Farmer, PierreAbbat, Daniel Mahu, Paul~enwiki, Fubar Obfusco, Patrick,
Nixdorf, Pnm, Wwwwolf, CesarB, Ahoerstemeier, Cyp, Jebba, Jdforrester, UserGoogol, Andres, Evercat, GCarty, Gamma~enwiki, Dj
ansi, Hashar, Agtx, Ww, Dysprosia, Fuzheado, WhisperToMe, Wik, Zoicon5, Furrykef, Dcsohl, Wilinckx~enwiki, Robbot, Naddy, Yosri,
Jondel, Seth Ilys, Tobias Bergemann, David Gerard, Alerante, Fennec, Akadruid, Jtg, Noone~enwiki, Eequor, Fanf, Matt Crypto, Just Another Dan, Maximaximax, Gscshoyru, Trafton, Grunt, Monkeyman, Discospinster, Rich Farmbrough, Rhobite, KneeLess, YUL89YYZ,
Bender235, ESkog, JoeSmack, RJHall, PhilHibbs, Sietse Snel, DavidSky, Smalljim, MITalum, Sam Korn, Nsaa, Alansohn, Andrewpmk, Jonathanriley, Staeiou, Bsadowski1, Pauli133, Bobrayner, Newnoise~enwiki, Roboshed, Woohookitty, Mindmatrix, Camw, Guy
M, TomTheHand, Isnow, Kralizec!, Palica, SqueakBox, Jclemens, Rjwilmsi, Matt.whitby, Syndicate, Mcmvanbree, Nguyen Thanh Quang,
RainR, Jwkpiano1, Dan Guan, JiFish, RexNL, Ewlyahoocom, King of Hearts, Pstevens, Daev, Chobot, AFA, Bornhj, DVdm, Mogh, YurikBot, Borgx, Kerowren, Barefootguru, Wimt, Wiki alf, Misza13, DeadEyeArrow, Bota47, Jkelly, WAS 4.250, Dspradau, Rs232, Kungfuadam, GrinBot~enwiki, Asterion, DVD R W, Rahul s55, SmackBot, Mmernex, Aim Here, Gamerzworld, David.Mestel, KelleyCook, Object01, Gilliam, Ohnoitsjamie, Martial Law, Biblioteqa, Bluebot, Snori, Miquonranger03, Pomegranite, DHN-bot~enwiki, Firetrap9254,
Anabus, Tsca.bot, NYKevin, Can't sleep, clown will eat me, Yidisheryid, Rrburke, Addshore, Celarnor, Jaimie Henry, James McNally,
Richard001, Wirbelwind, Weregerbil, SashatoBot, Ian Dalziel, Nic tan33, Ehheh, Optakeover, Waggers, Vernalex, Woodroar, Iridescent,
Jason.grossman, Joseph Solis in Australia, Aeons, Mzub, Tawkerbot2, Dlohcierekim, Chetvorno, Makeemlighter, GHe, Jesse Viviano, Augrunt, Oden, Slazenger, Gogo Dodo, ST47, Luckyherb, Thijs!bot, Epbr123, Luigifan, Powellatlaw, Dawnseeker2000, Mentisto, AntiVandalBot, Seaphoto, Oducado, Waerloeg, Jenny Wong, Clharker, JAnDbot, Leuko, MER-C, PubliusFL, Coopercmu, Superjag, SteveSims,
Yixin1996, Bongwarrior, Rami R, Alekjds, Adrian J. Hunter, DerHexer, Shuini, Pikolas, S3000, MartinBot, STBot, Ghatziki, Poeloq, Lilac
Soul, Bitethesilverbullet, Herbythyme, Imfo, Uncle Dick, Yonidebot, Milo03, Crimson Instigator, Barts1a, Ignatzmice, Demizh, DJ1AM,
Juliancolton, Beezhive, CardinalDan, Idioma-bot, Lights, Deor, Hersfold, Je G., Philip Trueman, Dindon~enwiki, Zifert, Technopat,
Zman2000, Oxfordwang, LeaveSleaves, Tpk5010, BigDunc, RandomXYZb, MDfoo, Falcon8765, Enviroboy, Burntsauce, EJF, Barkeep,
SieBot, BotMultichill, Itsme2000, DarkreInferno, Sephiroth storm, Sat84, Happysailor, Mszegedy, Very cheap, Smaug123, Hello71,
Miniapolis, Macy, OKBot, Amrishdubey2005, StaticGull, Mygerardromance, Hamiltondaniel, GioCM, Cellorelio, Minimosher, ClueBot,
Traveler100, The Thing That Should Not Be, Lawrence Cohen, Fenwayguy, CrazyChemGuy, Eeekster, Rhododendrites, WalterGR, Dekisugi, DanielPharos, Thingg, Aitias, VIKIPEDIA IS AN ANUS!, XXXSuperSnakeXXX, SoxBot III, Sensiblekid, DumZiBoT, XLinkBot,
Skarebo, WikHead, PL290, Noctibus, ZooFari, Jabberwoch, Wnzrf, Addbot, Amanda2423, A.qarta, Fieldday-sunday, Leszek Jaczuk,
CactusWriter, MrOllie, Protonk, Chzz, Favonian, Comphelper12, Jasper Deng, Yyakaj;fasd;kdfjk, Numbo3-bot, Craigsjones, Tide rolls,
Yobot, Amirobot, Nallimbot, Gunnar Hendrich, Tempodivalse, Souch3, A More Perfect Onion, Jim1138, Piano non troppo, Meatabex, Materialscientist, Neurolysis, ArthurBot, MauritsBot, Xqbot, Useingwere, Capricorn42, Avastik, Frosted14, RibotBOT, Ulm, AlanNShapiro,
Crackitcert, WPANI, Rossd2oo5, DylanBigbear, HamburgerRadio, Uberian22, Intelligentsium, Pinethicket, I dream of horses, Adlerbot,
Subzerobubbles, Lotje, Fox Wilson, Vrenator, Wiwiwiwiwiwiwiwiwiwi, Nattippy99, Adi4094, Reach Out to the Truth, DARTH SIDIOUS 2, Hajatvrc, DASHBot, EmausBot, Orphan Wiki, Gfoley4, Bexz2000, Wikipelli, F, Kalin.KOZHUHAROV, A930913, Tolly4bolly,
W163, MonoAV, DennisIsMe, ChuispastonBot, Ziyad en, ClueBot NG, Henry Stanley, Borkicator, O.Koslowski, Widr, Helpful Pixie
Bot, TheTrainEnthusiast, Tobias B. Besemer, Toccata quarta, Mantovanifabiomarco, Glacialfox, Derschueler, Anbu121, BattyBot, Johnthehero, ChrisGualtieri, EagerToddler39, Dexbot, Lal Thangzom, Codename Lisa, Webclient101, Djairhorn, Lugia2453, Jamesx12345,
Rossumund, Muhammadbabarzaman, Smilieyss, Ginsuloft, Dannyruthe, JaconaFrere, Satyajeet vit, Gautamnarayan and Anonymous: 497
Crimeware Source: http://en.wikipedia.org/wiki/Crimeware?oldid=653231321 Contributors: Paul~enwiki, EpiVictor, Niteowlneils,
Necrothesp, Trevor MacInnis, Canterbury Tail, MeltBanana, Nabla, Sietse Snel, Saxifrage, Rocastelo, Bluemoose, MarSch, FlaBot, Nihiltres, Common Man, Ali Karbassi, Closedmouth, Alex Ruddick, Katieh5584, Liujiang, SmackBot, BranStark, Poweron, Random name,
Cydebot, MarshBot, Lfstevens, Blahbleh, Leuko, Epeeeche, Rmeniko, GermanX, Tiangua1830, Rhododendrites, DanielPharos, Addbot,
177
AnomieBOT, IRP, Nosperantos, Cantons-de-l'Est, Pradameinho, WPANI, Oldgrowyoung, K6ka, Djr2468, Codename Lisa, Seankclark
and Anonymous: 31
Cryptovirology Source: http://en.wikipedia.org/wiki/Cryptovirology?oldid=654334826 Contributors: Fubar Obfusco, Edward, Ahoerstemeier, Julesd, Bogdangiusca, Palfrey, Ww, Pengo, Matt Crypto, JoeSmack, TheParanoidOne, Riana, Uncle G, Ner102, Rjwilmsi, Ligulem,
Quuxplusone, RussBot, Bachrach44, Thiseye, THB, Guinness man, SmackBot, KelleyCook, Ohnoitsjamie, Sspecter, Ligulembot, Waggers,
Jesse Viviano, Underpants, Vonbraun~enwiki, Seaphoto, GiM, JAnDbot, Cyda, David Eppstein, Parthasarathy.kr, TreasuryTag, TXiKiBoT, Logan, Adamlucasyoung, Fratrep, Rhododendrites, DanielPharos, Jack Bauer00, MensaDropout, Addbot, Yobot, Citation bot, HamburgerRadio, RjwilmsiBot, ZroBot, Benjabean1, Daicarus, Iwebsurfer, Hannasnow and Anonymous: 33
DEF CON Source: http://en.wikipedia.org/wiki/DEF%20CON?oldid=662154207 Contributors: Dreamyshade, Arvindn, Mrwojo, Pnm,
Breakpoint, Julesd, Reddi, WhisperToMe, Jose Ramos, Jeq, TexasDex, Graeme Bartlett, BenFrantzDale, Tom-, Academician, Tim Pritlove, Rdsmith4, Zondor, Eep, Spiko-carpediem~enwiki, ElTyrant, Alexkon, R.123, Bender235, Zscout370, Rcsheets, Evolauxia, BrokenSegue, Johnteslade, Elipongo, Adrian~enwiki, Tygerdsebat, Alyeska, Grifter, Sligocki, Ynhockey, InShaneee, Tom12519, Musicscene,
Wtmitchell, Saga City, Guthrie, Kelly Martin, Dalmoz~enwiki, Thivierr, Myleslong, SJanssen, Tabletop, Senda, Marudubshinki, Stromcarlson, Search4Lancer, Rjwilmsi, Vegaswikian, Flydpnkrtn, Eldred, Czar, Daev, Chobot, RussBot, Hydrargyrum, Mipadi, Madcoverboy,
Santaduck, Pegship, Raistolo, Arthur Rubin, JQF, Hobx, KnightRider~enwiki, SmackBot, McGeddon, Alex mayorga, InGearX, MJBurrage, , Cybercobra, CypherXero, Digital Avatar, Marcus Brute, Gloriamarie, Aboutblank, 293.xx.xxx.xx, JoeBot, Cheschire, Wafulz,
Neelix, Cydebot, Samuell, MarS, Mmmpie, Themantoblame, Coyets, Credema, Dman727, JAnDbot, Davewho2, Prosavage2600, Elinruby, Vahokif, Dspencer, Johnpacklambert, Emersoneells, Athaenara, Beet, Joshua Issac, Whiteandnerdy52, Praesidium~enwiki, Malik Shabazz, UnicornTapestry, Katydidit, SteveClement, Theamk, UnitedStatesian, Blurpeace, Brianga, Truthanado, SecretaryNotSure,
BobDoleFan999, PeterCanthropus, WTucker, Sephiroth storm, CoryWright, Dillard421, Faulknerfan, Cap'n Walker, Startswithj, WurmWoode, Hidro, Dr. Skullthumper, DumZiBoT, Addbot, M.nelson, Buddha24, SpBot, Lightbot, 55, Vegaswikian1, VengeancePrime,
AnomieBOT, Lennykaufman, LilHelpa, Tollsjo, Keastes, Brutaldeluxe, FrescoBot, LittleWink, 11hpr01, Kurtalden, LoStrangolatore, GoingBatty, Jegus, Monterey Bay, Erianna, Leendert123, Kranix, Cuddles 2.0, ClueBot NG, HectorAE, Trunks ishida, Moving Chicane,
MusikAnimal, Mdy66, Billie usagi, Zordsthrone, Monkbot, Agent0047, TrumpetPlayer1234567890, Karthik koppolu, Augenblink and
Anonymous: 118
Exploit (computer security) Source: http://en.wikipedia.org/wiki/Exploit%20(computer%20security)?oldid=656732816 Contributors:
AxelBoldt, Mav, Aldie, SimonP, Stevertigo, Michael Hardy, TakuyaMurata, Karada, Ronz, Nikai, Smay, Rl, Enigmasoldier, Altenmann, Pengo, Alerante, SWAdair, Utcursch, Bluefoxicy, Discospinster, Rich Farmbrough, Pie4all88, Syp, El C, Matteh, Bobo192, La
goutte de pluie, Ramsey, Walter Grlitz, Adequate~enwiki, Ringbang, Nuno Tavares, Mindmatrix, Georgia guy, Apokrif, Vargc0, Mindfuq, RainR, FlaBot, Ground Zero, Latka, Arunkoshy, Chobot, KDK, YurikBot, Hydrargyrum, Stephenb, Pseudomonas, Dpakoha, Irishguy,
Ugnius, Zwobot, Yudiweb, Raistolo, Papergrl, SmackBot, Pgk, Bomac, BiT, Jerome Charles Potts, Abaddon314159, JonHarder, Sloverlord, Nakon, Tompsci, Pilotguy, Lambiam, Putnamehere3145, LebanonChild, Ehheh, Dreftymac, SkyWalker, Fabio-cots, Skittleys, Omicronpersei8, Ebraminio, Dreaded Walrus, PC Master, Zorro CX, Ghostwo, SpigotMap, Crakkpot, TXiKiBoT, Wolfrock, Jamespolco,
Irsdl, Swwiki, PeterCanthropus, PabloStraub, ClueBot, Excirial, SchreiberBike, DanielPharos, Fathisules, SkyLined, GD 6041, Legobot,
Luckas-bot, Amirobot, Nallimbot, Galoubet, ExploITSolutions, ArthurBot, Sionus, Boyrussia, Waterloox, Weltersmith, Pradameinho,
Erik9, Erik9bot, HamburgerRadio, Guriue, Guriaz, PleaseStand, EmausBot, WikitanvirBot, Dewritech, ZroBot, IGeMiNix, Pastore Italy,
ClueBot NG, Neynt, BG19bot, Who.was.phone, Compfreak7, T2kien, Kelly McDaniel, Shellcode 64, Favone, In Harry Potter We Trust,
TragicEnergy, FoxStudios, Pkutuzov314, Potayto, S166865h and Anonymous: 132
Firewall (computing) Source: http://en.wikipedia.org/wiki/Firewall%20(computing)?oldid=662294626 Contributors: Paul~enwiki,
Nealmcb, Michael Hardy, Pnm, Egil, Ahoerstemeier, Copsewood, Haakon, Jebba, Rl, Dcoetzee, Jay, DJ Clayworth, Taxman, Bevo, Topbanana, Joy, Khym Chanur, Robbot, ZimZalaBim, Danutz, Auric, Jondel, Hadal, Diberri, Tobias Bergemann, Pabouk, Giftlite, Yama, Everyking, Rchandra, AlistairMcMillan, Eequor, Matthus Wander, Wiki Wikardo, DemonThing, Wmahan, Stevietheman, ConradPino, Antandrus, Ricky~enwiki, Mitaphane, Biot, Deewiant, Joyous!, Hax0rw4ng, Asqueella, Mernen, Grand Edgemaster, Monkeyman, Discospinster, Fabioj, Wk muriithi, EliasAlucard, Smyth, YUL89YYZ, Deelkar, DonDiego, Pmetzger, El C, Mwanner, Dols, Spearhead, Linkoman,
RoyBoy, Femto, Jpgordon, Bobo192, Smalljim, Enric Naval, Viriditas, Giraedata, Danski14, Alansohn, Anthony Appleyard, Interiot,
Malo, Wtmitchell, Velella, L33th4x0rguy, Rick Sidwell, IMeowbot, Henry W. Schmitt, TheCoee, DSatz, Kenyon, Brookie, Zntrip,
Andem, Nuno Tavares, Angr, OwenX, Woohookitty, Karnesky, Mindmatrix, Dzordzm, Bazsi~enwiki, Kralizec!, Prashanthns, DESiegel,
Turnstep, Ashmoo, Graham87, Chun-hian, Kbdank71, FreplySpang, Jclemens, Rjwilmsi, OneWeirdDude, Eptalon, NeonMerlin, ElKevbo,
Sferrier, Dmccreary, Gurch, DevastatorIIC, Intgr, Alphachimp, OpenToppedBus, Ahunt, Marcuswittig, DVdm, FeldBum, Bgwhite, Theymos, YurikBot, Wavelength, Borgx, TexasAndroid, Quentin X, Sceptre, Alan216, MMuzammils, RussBot, Mattgibson, Lincolnite, Piet
Delport, Stephenb, Manop, Rsrikanth05, Wimt, Capi, NawlinWiki, ENeville, Trevor1, Rebel, Mortein, Cryptosmith, Jpbowen, Voidxor,
Bkil, Zwobot, Bucketsofg, Black Falcon, Mcicogni, CraigB, Nlu, Wknight94, Rwxrwxrwx, Dse, JonnyJinx, Closedmouth, E Wing, Pb30,
ILRainyday, Chriswaterguy, Talyian, Crost, Anclation~enwiki, Maxamegalon2000, Bswilson, A13ean, SmackBot, Unschool, Rbmcnutt,
KnowledgeOfSelf, C.Fred, Od Mishehu, Eskimbot, Vilerage, Info lover, Xaosux, Gilliam, Ohnoitsjamie, Lakshmin, Bluebot, DStoykov,
Jprg1966, Thumperward, Mcj220, Oli Filth, Prasan21, Lubos, Elagatis, DavidChipman, DHN-bot~enwiki, Da Vynci, Anabus, Suicidalhamster, Abaddon314159, Can't sleep, clown will eat me, Frap, Chlewbot, JonHarder, Yorick8080, Fynali, Celarnor, Meandtheshell,
Ntolkin, Aldaron, Nachico, Elcasc, HarisM, Skrewz~enwiki, Phoenix314, LeoNomis, FerzenR, Andrei Stroe, Ugur Basak Bot~enwiki,
The undertow, Harryboyles, Eldraco, Mattloaf1, Melody Concerto, Beetstra, Boomshadow, Feureau, Peyre, Hu12, Hetar, BranStark,
BananaFiend, Jhi247, Robbie Cook, Newone, GDallimore, Pmattos~enwiki, Tawkerbot2, Chetvorno, SkyWalker, JForget, FleetCommand, Ale jrb, Megaboz, JohnCD, Topspinslams, Kgentryjr, Random name, Lazulilasher, WeggeBot, Josemi, Nnp, Equendil, Phatom87,
Cydebot, T Houdijk, Mashby, UncleBubba, Gogo Dodo, Tbird1965, Hamzanaqvi, Guitardemon666, rate, Omicronpersei8, Thijs!bot,
Danhm, Epbr123, Barticus88, Kubanczyk, Dschrader, Pajz, Randilyn, Simeon H, Marek69, SGGH, Chrisdab, CharlotteWebb, Wai Wai,
AntiVandalBot, RoMo37, Davido, Purpleslog, Isilanes, Vendettax, LegitimateAndEvenCompelling, Dougher, ShyShocker, DoogieConverted, Dman727, Deadbeef, Acrosser, JAnDbot, Sheridp, MER-C, Seddon, Lucy1981, Tushard mwti, Kjwu, Jahoe, Raanoo, VoABot
II, Maheshkumaryadav, Swpb, Djdancy, Hps@hps, Cellspark, Twsx, Dean14, AlephGamma, Gstroot, LeinaD natipaC, Hans Persson,
Nposs, Greg Grahame, Just James, DerHexer, Rtouret, Hbent, Jalara, XandroZ, Seba5618, Tommysander, MartinBot, CliC, LeonTang,
R'n'B, Ash, PrestonH, Tgeairn, J.delanoy, NightFalcon90909, Shawniverson, Ans-mo, Jigesh, L'Aquatique, !Darkre!6'28'14, Molly-in-md,
KCinDC, STBotD, Equazcion, Red Thrush, Beezhive, Halmstad, SoCalSuperEagle, Idioma-bot, Zeroshell, Jramsey, Timotab, VolkovBot,
Mike.batters, Je G., Indubitably, AlnoktaBOT, VasilievVV, Venom8599, Philip Trueman, Apy886, Jackrockstar, Cedric dlb, Ulrichlang,
OlavN, Anna Lincoln, Corvus cornix, David.bar, Sanfranman59, Justin20, LeaveSleaves, Seb az86556, Lolsalad, Yk Yk Yk, Phirenzic,
Why Not A Duck, Brianga, MrChupon, JasonTWL, EmxBot, Hoods11, SieBot, EQ5afN2M, Jchandlerhall, YonaBot, Sephiroth storm,
Yintan, Miremare, Calabraxthis, Milan Kerslager, Android Mouse, Hokiehead, JSpung, Hazawazawaza, Goodyhusband, Doctoruy, Oxy-
178
moron83, Nuttycoconut, Tombomp, C'est moi, Mygerardromance, Altzinn, WikiLaurent, Bryon575, Ilpostinouno, Berford, Escape Orbit,
Loren.wilton, ClueBot, Rumping, Snigbrook, CorenSearchBot, The Thing That Should Not Be, Jan1nad, SecPHD, Arakunem, Jobeard,
Njmanson, Blanchardb, Harland1, ChandlerMapBot, Bencejoful, Jusdafax, Tim874536, Dcampbell30, Estirabot, Shiro jdn, Aurora2698,
Peter.C, Mxbuck, Creed1928, ChrisHodgesUK, BOTarate, La Pianista, 9Nak, Aitias, Apparition11, Vanished user uih38riiw4hjlsd, Sensiblekid, DumZiBoT, BarretB, Wordwizz, Gnowor, Booster4324, Gonzonoir, Rror, NellieBly, Badgernet, Alexius08, Noctibus, WikiDao,
Thatguyint, Osarius, Wyatt915, Addbot, Wikialoft, RPHv, Some jerk on the Internet, Captain-tucker, Otisjimmy1, Crazysane, TutterMouse, Lets Enjoy Life, Vishnava, CanadianLinuxUser, Leszek Jaczuk, Sysy909, Cst17, MrOllie, Roseurey, Emailtonaved, Chzz, Debresser, Muheer, LinkFA-Bot, Tide rolls, Lightbot, OlEnglish, Krano, Iune, Bluebusy, WikiDreamer Bot, Shawnj99, Luckas-bot, Yobot,
Terronis, Fraggle81, Amirobot, Fightingirishfan, AnomieBOT, JDavis680, Jlavepoze, Tcosta, Killiondude, Jim1138, Gascreed, Piano non
troppo, Elieb001, Gc9580, Fahadsadah, Kyleaherty, Flewis, Materialscientist, Citation bot, Aneah, Neurolysis, Obersachsebot, Xqbot,
TheAMmollusc, Duesseljan, Addihockey10, JimVC3, Capricorn42, CoolingGibbon, 4twenty42o, Jmprtice, Ched, GrouchoBot, Backpackadam, Prunesqualer, RibotBOT, SassoBot, EddieNiedzwiecki, Thearcher4, Doulos Christos, =Josh.Harris, Gnuish, Chaheel Riens, Jaraics,
Dan6hell66, G7yunghi, Prari, FrescoBot, Nageh, WPANI, Kamathvasudev, Galorr, Smile4ever, Expertour, Lukevenegas, DivineAlpha,
Grapht, Pinethicket, I dream of horses, HRoestBot, Meaghan, Richard, MrBenCai, December21st2012Freak, Cougar w, Weylinp, Danshelb, TobeBot, WilliamSun, FunkyBike1, Vrenator, Clarkcj12, Stephenman882, Bangowiki, Mwalsh34, Eponymosity, Tbhotch, Gaiterin,
DARTH SIDIOUS 2, Hugger and kisser, Dbrooksgta, Teenboi001, Aviv007, Regancy42, VernoWhitney, DASHBot, Chuck369, EmausBot, WikitanvirBot, Timtempleton, Super48paul, Solarra, Winner 42, K6ka, Aejr120, Shuipzv3, Athn, Ebrambot, Kandarp.pande.kandy,
Sg313d, Cit helper, IntelligentComputer, Rawiki, OisinisiO, NTox, Cubbyhouse, Zabanio, DASHBotAV, Sepersann, 28bot, Socialservice, ClueBot NG, AAriel42, Lord Roem, Vakanuvis789, 123Hedgehog456, Vlhsrp, Widr, Debby5.0, HMSSolent, Titodutta, Kanwar47, Wbm1058, Wiki13, Silvrous, Dentalplanlisa, Zune0112, Paulwray97, Nperrakis, Klilidiplomus, Sk8erPrince, Cimorcus, Fastcatz,
CGuerrero-NJITWILL, Cvarta, PhilipFoulkes, Dexbot, Sendar, SimonWiseman, Codename Lisa, Avinash7075, Pete Mahen, CaSJer,
Jamesx12345, Rob.bosch, VikiED, Palmbeachguy, Epicgenius, Camayoc, Melonkelon, Anupasinha.20, Praemonitus, SamoaBot, EvergreenFir, Indiesingh, Ginsuloft, ScotXW, Harshad1310, Nyashinski, Monkbot, Darshansham, Williamahendric, Jeremy.8910, Kenkutengu,
AMLIMSON, Miraclexix and Anonymous: 955
Grey hat Source: http://en.wikipedia.org/wiki/Grey%20hat?oldid=660988969 Contributors: Nealmcb, Pnm, Samw, Furrykef, Jerzy, Altenmann, Pengo, Tieno, Mboverload, Neilc, Adambondy, KevinBot, NetBot, BrokenSegue, Urthogie, Tonei, NicM, Brookie, Hq3473,
Mindmatrix, Stephanspencer, Jannetta, Reisio, Rjwilmsi, Vary, X1011, Greyhat, RussBot, Kerowren, Hydrargyrum, Cryptic, Korny
O'Near, Voidxor, Alex43223, Ninly, Mateo LeFou, Rtc, Aurista25, Cronium, Ohnoitsjamie, Skizzik, Cybercobra, Blaush, Deepred6502,
InedibleHulk, Ojan, Dariusofthedark, Amalas, Ilikefood, Smably, Redlock, Neelix, Mato, Alucard (Dr.), Omicronpersei8, Superstuntguy, Gogogoat, AGrobler, Escarbot, Exeltica, Daniel Verity O'Connor, MER-C, PhilKnight, Acroterion, Mjhmach5, Penubag, DerHexer,
R'n'B, AlexiusHoratius, J.delanoy, Ian.thomson, BlueGuy213, Znx, Dog777, Speciate, Philip Trueman, Mosmof, Woodsstock, Seraphim,
Mcclarke, Michaeldsuarez, Varinyc1, Roxya, Ethyr, Schnurrbart, Sephiroth storm, Flyer22, MinorContributor, Jojalozzo, Martinlc, Gahenton, JohnnyMrNinja, Shonharris, IceUnshattered, Drmies, Blackvenomx, Plasynins, Andrew81446, Dmyersturnbull, Holothurion, Apparition11, Bearsona, Neuralwarp, The Internet Murderer, Delicious carbuncle, MensaDropout, Addbot, Justallofthem, Mtndew9191,
OlEnglish, Yobot, Bathysphere, Kaljtgg, AnomieBOT, ArthurBot, Pradameinho, FrescoBot, Amirhmoin, Pinethicket, Jonesey95, Rushbugled13, SiPlus, Steveninspokane, Lotje, Aoidh, Qrsdogg, Wikipelli, Mumbojumbo 101, 413X4ND3R, , Ocaasi, Avelino
Houed, Cymbelmineer, Bomazi, JohnnyLurg, ClueBot NG, Vacation9, MixwellUSA, Whitehatpeople, Hz.tiang, Mark Arsten, Player017,
Xcyss, Unocialeditor, Blindedhall, Innitematter, PinkAmpersand, Spacepenguin79102, Whiteneues, Akshay0000, Hhhhherd, Seosolver, Djaussiekid, Usernamebox, Thetechgirl, Dasingamaroos, Sonora Carlos and Anonymous: 117
Hacker Source: http://en.wikipedia.org/wiki/Hacker?oldid=661021102 Contributors: Damian Yerrick, Lee Daniel Crocker, Bryan Derksen, The Anome, M~enwiki, Frecklefoot, Pnm, GTBacchus, Delirium, Dori, Eric119, Ahoerstemeier, CatherineMunro, Rl, Furrykef,
RadicalBender, Friedo, PBS, ZimZalaBim, Altenmann, Pengo, Wiglaf, Pne, Beland, Khaosworks, Plasma east, Bodnotbod, Ojw, RandalSchwartz, Strbenjr, Gazpacho, Mindspillage, Discospinster, Vsmith, Paul August, Night Gyr, ESkog, Jnestorius, Bobo192, Army1987,
Longhair, Smalljim, Alansohn, Anthony Appleyard, Andrewpmk, Lectonar, Bart133, Snowolf, Zsero, Wtmitchell, Velella, Dominic,
Bsadowski1, Reaverdrop, Redvers, Djsasso, Mindmatrix, David Haslam, ^demon, The Wordsmith, Lkjhgfdsa, Tabletop, Kralizec!,
Prashanthns, GSlicer, Mandarax, Graham87, BD2412, Bikeable, Zoz, Sj, Jake Wartenberg, Alex Nisnevich, Quiddity, PHiZ, MZMcBride, Jehochman, Nandesuka, Ucucha, RLent, D.brodale, Butros, King of Hearts, Chobot, DVdm, Cornellrockey, MishaDynin, Sceptre, Akamad, NawlinWiki, Ejdzej, Irishguy, Fantusta, Abb3w, Mikeblas, Leontes, Figaro, Darkfred, Hosterweis, Closedmouth, KGasso,
DGaw, KristoerLunden, Wainstead, Katieh5584, DesignExplosion, DVD R W, Pandemic, Mmernex, Rtc, Freekee, Davewild, WookieInHeat, Canthusus, Yamaguchi , Gilliam, Ohnoitsjamie, Richfe, Rmosler2100, Sviemeister, Chris the speller, CISSP Researcher,
Persian Poet Gal, Thumperward, SchftyThree, Deli nk, Nazgjunk, Shalom Yechiel, Onorem, Lobner, Adamantios, Khoikhoi, COMPFUNK2, Jmlk17, MatthewDaly, Al Fecund, Cybercobra, Blake-, Shadow1, Derek R Bullamore, The PIPE, DMacks, Copysan, Madeleine
Price Ball, Cast, ArglebargleIV, Dwpaul, Dark Formal, Viciousalloy, IronGargoyle, 16@r, Loadmaster, Waggers, Anonymous anonymous, Iridescent, Colonel Warden, Shoeofdeath, Majora4, Lazeo, Tawkerbot2, Joshuagross, Owen214, INkubusse, BeenAroundAWhile,
Lentower, T23c, Neelix, Montanabw, Sebastian789, Cahk, Mato, SyntaxError55, Gogo Dodo, Travelbird, Foosh, Wo0t, Christian75,
DumbBOT, Njan, Btharper1221, ForbiddenWord, TheHumanhalo, Thijs!bot, Epbr123, Daa89563, Marek69, James086, Chet nc, Lithpiperpilot, SusanLesch, Cyclonenim, Luna Santin, Seaphoto, Quintote, LDGE, Xenix~enwiki, Coyets, Vivek singh1200, Farosdaughter,
Daniel Verity O'Connor, Manishf1, Res2216restar, MER-C, Robina Fox, Acroterion, Bongwarrior, VoABot II, Utilly, Froid, Avicennasis, MGD11, Testla, Cpl Syx, DerHexer, Esanchez7587, L3th4l, ZOMG Zombies, S3000, AVRS, Meamvagabond, CliC, Anaxial,
R'n'B, EdBever, J.delanoy, Pharaoh of the Wizards, Timmccloud, Uncle Dick, Extransit, Jerry, Zg, MakotoSaruwatari, Katalaveno, SHTR,
LordAnubisBOT, Ncmvocalist, NewEnglandYankee, Zerokitsune, SJP, Bonadea, Funandtrvl, Xnuala, Wikieditor06, VolkovBot, CWii,
Irene Ringworm, Leebo, Boris242, Indubitably, Thenthornthing, Philip Trueman, Dchmelik, TXiKiBoT, Technopat, Someguy1221, Tobyreynolds, Lradrama, BotKung, Maxim, VARGUX, Enigmaman, Haseo9999, Wolfrock, Loznjes, Tomaxer, Sylent, Vchimpanzee, HiDrNick, Hazel77, NHRHS2010, Sayosayo~enwiki, EJF, Ttony21, Tresiden, Tiddly Tom, Caulde, AlphaPyro, Jauerback, Dawn Bard, Caltas, Sephiroth storm, Falcore, Bentogoa, Happysailor, Radon210, Oda Mari, Oxymoron83, Lisatwo, Bandi669, Kgkian, WordsExpert,
Denisarona, Escape Orbit, Faithlessthewonderboy, ClueBot, Smart Viral, Deviator13, GorillaWarfare, The Thing That Should Not Be,
Rjd0060, Mild Bill Hiccup, LukeShu, SuperHamster, Boing! said Zebedee, Blanchardb, Neverquick, Auntof6, Alan dx, Adrian lopez,
OneCoolKid, Excirial, PixelBot, Eeekster, Abrech, GreenGourd, Willdgiles, Andrew81446, Skytreader, CowboySpartan, Xxyt4n2, Mormon17, Troelssj, La Pianista, Cold Phoenix, Jpearson72, Versus22, Gooey0037, Johnuniq, NeVic1, XLinkBot, Rror, Hackersmalta, Mitch
Ames, Skarebo, PL290, Alexius08, RyanCross, HexaChord, AlioTheFool, Addbot, Goon111113, Bubbaraid, Jojhutton, Tcncv, Tpjarman,
Doesthiscount, TutterMouse, Abhay1120, OO0saj0Oo, CanadianLinuxUser, Cst17, MrOllie, Glane23, Ld100, Debresser, Roux, Favonian, Bgalla01, Tassedethe, Tide rolls, Krano, Jarble, N0ths, Frehley, Yobot, Tohd8BohaithuGh1, Hacker11012929348, Bigtophat, THEN
WHO WAS PHONE?, InvestExp, Jim1138, IRP, Kingpin13, Wikipeeeeedia, Materialscientist, Pipolol, Waterjuice, GB fan, Quebec99,
179
Haxyourmom, Capricorn42, Hakcers r us, Jerey Mall, HavikRyan, FuturePrefect, Sagber, Leagirl95, GrouchoBot, Amaury, Der Falke,
Shadowjams, AnDixx, Grinofwales, Who then was a gentleman?, Custoo, FrescoBot, Liquidluck, Caveman101, Destroyerman22, Recognizance, Wizer121, Alxeedo, Jpistofast, Finalius, Mikemaximum33, Dethcircle, Norsehorse89, Srijan89, Pinethicket, Jschnur, Serols,
Pwnmonster, Ansarkp123, Wadders199, ShowEXP, Yunshui, Codylonsdale, LogAntiLog, Slumvillage13, Lotje, Gdi2290, Vrenator, Nhybgtvfrcdexswzaq, Specs112, Fastilysock, DARTH SIDIOUS 2, Mean as custard, The Utahraptor, Bento00, NerdyScienceDude, Vinnyzz,
Petux7, Katherine, Nailer111, Wikipelli, K6ka, ZroBot, Bollyje, 5rdx6tfc, AndrewN, Wayne Slam, OnePt618, L Kensington, Kishee4,
MaGa, Ferhatcitil, Donner60, Mcis101, Forever Dusk, DASHBotAV, 28bot, Rocketrod1960, Ben is a fail, Petrb, ClueBot NG, Chetrasho,
MelbourneStar, This lousy T-shirt, Alexajju, Kro-Kite, Satellizer, RadaVarshavskaya, Lukeno94, Cntras, Muon, EditAce, Widr, Electriccatsh2, 2001:db8, WNYY98, Eeik5150, Zhaynes123, Ocial Spokesman, Mark Arsten, Rashin3132, AnonyDentied, Altar, Mottengott,
Dllecter, Snow Blizzard, Camarones12, Jpw177, Fluxboy6789, MarkHennessy, Mewhho18, Calebcrusco, Buechlein, Klilidiplomus, Iloveyoubuhh, Abgelcartel, Tutelary, Pratyya Ghosh, Arr4, Imamurdera, Mediran, MadGuy7023, Aditya sain, Hackstorix1000, Webclient101,
VampireProject23, Neoheurist, Frosty, Jamesx12345, Hungrypillow, Zdarm, Hnurgds, Lego99, Red-eyed demon, Giansol, Qiyue2001,
Cadab321, Eyesnore, Tentinator, Yuvanselva, Zhir Slemany, Lee Tru., Zangraravi, DJ TUeRIO SET, Babitaarora, Camo335XD, HackersExposed, Ginsuloft, Manul, Techi 2013, Abdale Mohamed, VeryCrocker, Thomas22865, Crow, Tyty505, Hosen1991, Vieque, Sherlock502, NATHANWASHERE2014, Bckingofkings, Biblioworm, 65440ahq7, Ghamnadaram, Dracomalfoy3, Idospa, Yxcker, Mushqa
Ayesha, SEZDRX, Deanthomps, Suryansh gr, Khem kd, Sandra zavala, AmandaWhyte99, Xtreme PJ, Swiftor says stab, RubaZatar, Deunanknute, VenturesClassic, REPTILE HT, I like porto, PokemonMaster48, Malic0usploit9011, Aziz142036, The Arfmeow, Cool10299,
Abrahem.alobra, Deadsec333 and Anonymous: 641
Hacker (computer security) Source: http://en.wikipedia.org/wiki/Hacker%20(computer%20security)?oldid=657126582 Contributors:
The Anome, Deb, Fred Bauder, Pnm, HarmonicSphere, Ronz, Jebba, Darkwind, Charles Matthews, Andrewman327, Topbanana, Chuunen Baka, ZimZalaBim, Academic Challenger, Michael Snow, Pengo, Marcika, Tieno, Mckaysalisbury, OverlordQ, DragonySixtyseven,
AndrewKeenanRichardson, CesarFelipe, Joyous!, Mike Rosoft, Freakofnurture, Discospinster, Rich Farmbrough, Qutezuce, Thedangerouskitchen, ESkog, MisterSheik, MBisanz, Aude, Adambro, Bobo192, Army1987, Smalljim, Duk, Adrian~enwiki, Wrs1864, Storm Rider,
Alansohn, Tek022, Arthena, Diego Moya, Howrealisreal, Mysdaao, Zsero, Wtmitchell, Velella, Crystalllized, H2g2bob, BlastOButter42,
Mahanga, Kelly Martin, Woohookitty, Mindmatrix, TigerShark, Unixer, NeoChaosX, WadeSimMiser, Tckma, MONGO, Waldir, Xiong
Chiamiov, SqueakBox, Graham87, Jclemens, Icey, Ketiltrout, Rjwilmsi, ElKevbo, Jehochman, Ghepeu, The wub, DoubleBlue, FayssalF,
RexNL, Intgr, SpectrumDT, Coolhawks88, Celebere, David91, DVdm, Gwernol, YurikBot, Wavelength, RussBot, TheDoober, SpuriousQ, Hydrargyrum, Gaius Cornelius, Rsrikanth05, Pseudomonas, NawlinWiki, Xkeeper, Bachrach44, Grafen, Deskana, DarthVader,
Ejdzej, Thiseye, Irishguy, Abb3w, RUL3R, Gigor, Nate1481, Bucketsofg, DeadEyeArrow, Kewp, Kakero, Alpha 4615, Intershark, Zzuuzz, Arthur Rubin, Josh3580, Dspradau, Dcb1995, Whaa?, Tall Midget, SmackBot, Rtc, Maelwys, Hydrogen Iodide, Jacek Kendysz, Davewild, KVDP, KelleyCook, AnOddName, Bburton, Edgar181, Yamaguchi , Zvonsully, Gilliam, Hmains, Oscarthecat, Rmosler2100,
Tytrain, Chris the speller, Bluebot, Kurykh, MK8, Droll, Gutworth, Swiftdr, Mark7-2, Kungming2, Farry, Yunax, Wisden17, Butterboy, Pegua, Tsca.bot, SheeEttin, Onorem, JonHarder, Mos4567, Addshore, Khoikhoi, Fuhghettaboutit, Cybercobra, Nakon, Weregerbil,
WikiMASTA, Antipode, Ligulembot, Vic93, Rory096, Zymurgy, Harryboyles, Microchip08, Acidburn24m, Grimhim, Gobonobo, Erhik,
Mgiganteus1, Ben Moore, A. Parrot, Othtim, Slakr, Ehheh, Hu12, Swotboy2000, BananaFiend, Iridescent, Twas Now, Nfutvol, Igoldste,
Beno1000, Sbbp, Courcelles, Tawkerbot2, CYRAX, TheHorseCollector, JForget, GeneralIroh, Paulmlieberman, Tanthalas39, Randhirreddy, Sir Vicious, Taimy, Neelix, Fordmadoxfraud, Unmitigated Success, Nauticashades, Mblumber, Ryan, Anthony62490, Gogo
Dodo, Anthonyhcole, ST47, Brianpie, Ameliorate!, Njan, Omicronpersei8, Kokey, Maziotis, Pipatron, Click23, Thijs!bot, Alexmunroe,
Epbr123, Kubanczyk, Ishdarian, PierceG, Marek69, NorwegianBlue, Cdf333fad3a, Pogogunner, Nick Number, Porqin, KrakatoaKatie,
AntiVandalBot, BokicaK, Luna Santin, Seaphoto, Nickrj, QuiteUnusual, Jj137, Deadbeef, Leuko, MER-C, Skomorokh, CosineKitty,
Davman1510, Hexatron2006, Tqbf, Acroterion, Propaniac, Meeples, Pigmietheclub, Hroulf, Bongwarrior, VoABot II, JamesBWatson,
Wikichesswoman, Digital Pyro, Jvhertum, Evaunit666, Animum, Mukesh2006, Allstarecho, JonWinge, DerHexer, Atulsnischal, MartinBot, Comperr, R'n'B, Brothejr, Terafox, ArcAngel, Ash, Tgeairn, Manticore, J.delanoy, Pharaoh of the Wizards, Trusilver, Grim Revenant,
Rekrutacja, Bogey97, Tikiwont, Adamryanlee, Vanished user 342562, Footballfan42892, Kudpung, Dipu2susant, Katalaveno, Crakkpot,
Xython, SJP, Touch Of Light, Toon05, KylieTastic, Juliancolton, Cometstyles, Atsinganoi, Rising*From*Ashes, Bonadea, Useight, JohnDoe0007, SoCalSuperEagle, Dark-Dragon847, Funandtrvl, Hchoe, Je G., Indubitably, Robertobaroni, Danbloch, Delivi, Philip Trueman,
Fran Rogers, Tense, Technopat, MrFirewall, KillerBl8, Someguy1221, Nicopresto, Lradrama, Zimbardo Cookie Experiment, Martin451,
Slysplace, PaulTanenbaum, Seb az86556, Snowbot, Roo556, Benedictaddis, Doug, Haseo9999, Staka, Meters, Qlid, Turgan, Indexum,
PokeYourHeadO, Howlingmadhowie, Horrorlemon, Jwray, Work permit, Scarian, Dawn Bard, Caltas, SecurInfos~enwiki, Triwbe, Mnbitar, Ml-crest, Sephiroth storm, Yintan, JoeMaster, Quest for Truth, Flyer22, Jasgrider, Bdorsett, Redmarkviolinist, Oxymoron83, Faradayplank, Nuttycoconut, Jameshacksu, Poindexter Propellerhead, Hobartimus, Aiden Fisher, Ustad24, Denisarona, Darkspin, Nokeyplc,
Loren.wilton, Martarius, Elassint, ClueBot, WilliamRoper, Jackollie, The Thing That Should Not Be, T.Neo, Ndenison, Taroaldo, Adrianwn, TheOldJacobite, Boing! said Zebedee, Hafspajen, Halod~enwiki, Krazekidder, Blanchardb, Ottawahitech, Stayman Apple, Sv1xv,
Kitsunegami, Excirial, Bedwanimas214, Encyclopedia77, BigChris044, AWoodland, KnowledgeBased, SpikeToronto, Rhododendrites,
AndyFielding, Morel, SchreiberBike, Knowz, Ottawa4ever, Thehelpfulone, DanielPharos, Thingg, Error 128, Andponomarev, Aitias,
Versus22, Hans Kamp, SoxBot III, Egmontaz, Apparition11, SF007, Glacier Wolf, DumZiBoT, Lolimahaxu, BarretB, AlanM1, Angelarstone, XLinkBot, Armeyno, Rayzoy, Fastily, RebirthThom, Xena-mil, Avoided, Mitch Ames, Condra, PL290, Badgernet, Noctibus,
Speddie2, Ipwnz, Mounlolol, Hannibal14, RyanCross, Nolan130323, Bookbrad, Fat4lerr0r, Creepymortal, Zeeshaanmohd, Landon1980,
Nallen20, Tpjarman, IXavier, Grandscribe, Vatrena ptica, Jncraton, Mr. Wheely Guy, Computerhackr, A1b1c1d1e1, CanadianLinuxUser,
Fluernutter, Asphatasawhale, MrOllie, Mentisock, Proxima Centauri, FerrousTigrus, Vonvin, Freqsh0, Dan Brown456, Glane23, Danbrown666, FCSundae, Favonian, 5 albert square, Tyw7, Japonca, Imanoob69, Im anoob68, Hudy23, Tide rolls, OlEnglish, RaidX, ",
Khawar.nehal, CRYSIS UK, Jarble, Ladanme, Lolhaxxzor, Frehley, Ben Ben, Publicly Visible, HTS3000, Yobot, WikiDan61, Aubwie, Fraggle81, Sdtte345, Doctor who9393, THEN WHO WAS PHONE?, Hackistory, Br33z3r, UncleanSpirit, 007exterminator, Daniel
1992, Evilmindwizard, Tempodivalse, Surya.4me, Retro00064, AnomieBOT, Andrewrp, Holyjoely, DemocraticLuntz, Noq, Jim1138,
Gyakusatsu99, AdjustShift, Kingpin13, Ulric1313, RandomAct, Materialscientist, Limideen, ImperatorExercitus, DogPog1, Danno uk,
Citation bot, Aneah, Object404, Waterjuice, GB fan, Ammubhave, Xf21, JimVC3, Capricorn42, Nivekcizia, Delmundo.averganzado,
Jmundo, Mzinzi, Martychamberlain, Raganaut, Steaphan Greene, Mccleskeygenius10, Abce2, Frosted14, VanHelsing23, 7OA, Pradameinho, Mathonius, Raptor1135, Alex60466176, Shadowjams, Axonizer, Erik9, A.amitkumar, Voatsap, Haxor000, Satanthemodier, K-lhc,
Ravyr, FrescoBot, Amirhmoin, Michael93555, Recognizance, XxtofreashxX, Jersey92, Dejan33, Cannolis, Killian441, ChadWardenz,
I dream of horses, HRoestBot, Spidey104, MHPSM, Achraf52, Sweetpaseo, Nickgonzo23, SpaceFlight89, Yutsi, , Cathy Richards,
IAnalyst, KayinDawg, White Shadows, Winsock, Jaybhanderi, Chris5858, SchreyP, Strobelight Seduction, Slumvillage13, Searine, Lotje,
Callanecc, Fox Wilson, Vrenator, Yong, Bluest, Allen4names, Aoidh, Reaper Eternal, Acatyes, Specs112, Lilnik96, Tbhotch, Reach Out to
the Truth, Minimac, DARTH SIDIOUS 2, Jfmantis, Mean as custard, RjwilmsiBot, Mrdierentadams, Agent Smith (The Matrix), Skame-
180
crazy123, Rollins83, DASHBot, Koppapa, EmausBot, John of Reading, Orphan Wiki, JCRules, Dewritech, GoingBatty, RA0808, RenamedUser01302013, Computerwizkid991, Iamahaxor, Tommy2010, Elvenmuse, Wikipelli, K6ka, Thecheesykid, AvicBot, Tranhungnghiep,
F, Josve05a, Mr.honwer, , A930913, Script-wolfey, Mukslove, H3llBot, Wikfr, Cymru.lass, Robotdantheman, XeroJavelin,
Aviator702-njitwill, DarkFalcon04, Gray eyes, Sayros, Deutschgirl, Donner60, Pre101, Ranga42, Wipsenade, Bomazi, Mcc1789, Craxmilian, Hmcc10, GrayFullbuster, Sven Manguard, Rmashhadi, Rocketrod1960, Akasosetutza, Whoop whoop pull up, Socialservice, Vanished
user ij3rnfkmclk3tkj4ncknefkjnadmcnbgrju, ClueBot NG, Smtchahal, WIERDGREENMAN, Headchopperz, Bigfatradish, WEBHTW,
Je Song, MelbourneStar, Kro-Kite, A520, Decepticon1, Ezzk, Narracan3824, Tonersa, Afpropm, Frietjes, Mrn5-NJITWILL, Muon,
Mesoderm, Widr, Argionember, , Helpful Pixie Bot, Augiecalisi, Bigwalter54, HMSSolent, The Elven Shadow, Cas CS, Whitehatpeople, Lowercase sigmabot, BG19bot, FAROOQBUTT2015, Sharkselva, Bausshackerhf, Sibidharan, Kennydo, MadHaTTer666,
Rsotillo, Mybenyboy, Ajith P V, ExdeathSoul, Paganinip, Mourt1234, AwamerT, Mark Arsten, Khaosfarrow, Xcyss, Royalle, Sandmanchang, General lee awesome, Savrose, Mrk28-NJITWILL, Zdrft, Sachinaditya5, Kizar, Insidiae, Pkbaughman, Cbellalmr, Achowat, Hackerxz13, Guanaco55, Abgelcartel, Codenamezuck, 2EChO, IamkenIT, Mala maju, Malqbi, Nohus, Hibye12345678910, Mediran, Gagan
sedulity, Kaeza, Jacobsipod, Jon.weldon, Austin170, Pincode84, Zak123456789, To-man, Stefano Vincenzi, AutomaticStrikeout, EagerToddler39, Danishfareed, Codename Lisa, Webclient101, Lorenzozandoli98, RazrRekr201, K8steve, Faceashbook, Knuckles352, Ejoe91,
SaltyKrackafag, Cubita linda, WikiEXBOB, Innitematter, Nazanin8804023, Ydnom89, Numbermaniac, Bathtub41, Frosty, Little green
rosetta, 93, Piyushratnu, Superboy 1989, Max Stardust, Telfordbuck, St.andrewstroll, Dnasux, SmartyPantsKid, Zdarm, Ashikali1607,
Esmael001, Crydizzy, ProtossPylon, Risraelo, Tentinator, Anonyseb13, Lolnoiedit, Geforsen, Arun vasan, Cfr robot, Ozuru, Balles2601,
Jenselby, Crou, Hippiman36, Ginsuloft, Hacker Exploits, S Kaushik wiki, Simius narrans, MrLinkinPark333, Manul, Techi 2013, Dhhacks,
Nickturner A$AP, WikiJuggernaut, Crenshawblackhat, KodojoDragon, Bshupe626, Vahidxaker, Akshay0000, Tathavms, Ethically Yours,
Thrasherrdesigns, Hack3rzgethacked, Adeemjan666, Chimpgod, Monkbot, MightyHypnoToad, Magicwalrus69, Adogake, VACyber,
BethNaught, Ipsdix, Person1928, Josephchenlin, NJMcrp1990, Isaiahs825, Nikhitagupta415, Mo5254, Ranjeet.yadav8563, Amortias,
Dracomalfoy3, ROMAN JERRY, EDITOR2003, Ayush dhiman 272, SEZDRX, Jezzardloer24, HexOp, UnpredictablePrashant, Momin
Sohail, Therealinfosystir, XXGerry AdamsXx, Nikigreen02, Bhuwnesh.joshi2014, NAVNEET AGRAWAL GORAI, Esquivalience,
Anonymous6767, ShpetimRacaj, Gs5star, Pyrotle, W33svm, Miguel ATW, ParadoxLuLz, Shin0bih4x0r, Dawave0, Johngot and Anonymous: 1256
Hacker (term) Source: http://en.wikipedia.org/wiki/Hacker%20(term)?oldid=662648558 Contributors: Damian Yerrick, TwoOneTwo,
The Cunctator, Derek Ross, LC~enwiki, Brion VIBBER, Mav, Timo Honkasalo, The Anome, Taw, Jzcool, Rjstott, Ed Poor, Wayne Hardman, Enchanter, Little guru, Ortolan88, Merphant, TomCerul, Arj, Ryguasu, B4hand, Erwan~enwiki, Modemac, Gpietsch, Elian, Edward,
Ghyll~enwiki, PhilipMW, Michael Hardy, Modster, Cprompt, Voidvector, Blueshade, Pnm, Kpearce, MartinHarper, Wapcaplet, Ixfd64,
Eurleif, GTBacchus, Dori, (, CesarB, Ams80, Ahoerstemeier, Ronz, Nanshu, Docu, William M. Connolley, Baylink, Snoyes, Angela,
Jebba, Kingturtle, Salsa Shark, Bogdangiusca, Cyan, Kirun, Cimon Avaro, Med, Rob Hooft, KayEss, Schneelocke, Samnse, Ehn, Ylbissop,
Hashar, PatriceNe, Timwi, Pti, Malcohol, Fuzheado, Will, Pocopoco, Markhurd, HappyDog, Kaare, Jake Nelson, Jerey Smith, Furrykef, Saltine, Jnc, Bevo, Betterworld, Tjdw, Stormie, Dpbsmith, Olathe, Wetman, Pakaran, Jerzy, Flexure, Hajor, Jeq, Lumos3, JessPKC,
Denelson83, Aluion, Phil Boswell, Gromlakh, AlexPlank, Robbot, Noldoaran, Sander123, Astronautics~enwiki, Fredrik, Chris 73, Vespristiano, RedWolf, Covracer, Altenmann, Netizen, Romanm, Chris Roy, Tim Ivorson, Dersonlwd, Texture, Meelar, Zidane2k1, Faught, Italo,
Hadal, HyLander42, Mushroom, Plotinuz, Cyrius, Pengo, Per Abrahamsen, GreatWhiteNortherner, Dina, Stetic, Decumanus, Matt Gies,
Centrx, TimGrin, Fennec, Eric S. Raymond, Cokoli, Kim Bruning, Massysett, Nadavspi, Kenny sh, Itsnotvalid, Wiglaf, Brian Kendig,
HangingCurve, Leyman, Ds13, Average Earthman, Everyking, Anville, Curps, Frencheigh, Beta m, Quamaretto, Mboverload, Ezod,
Jds, Xorx77, Rchandra, AlistairMcMillan, Matt Crypto, Jaan513, SWAdair, AdamJacobMuller, Jrdioko, Wmahan, Rheun, Neilc, Ato,
Auximines, Mackeriv, Utcursch, Shibboleth, Workman161, Yath, Long John Silver~enwiki, Antandrus, Loremaster, Apotheon, Wikimol,
Epalm, ArcRiley, Rdsmith4, DragonySixtyseven, Fratley, Sam Hocevar, Nickptar, Sillydragon, Neutrality, Micpp, Strbenjr, Grstain, Mike
Rosoft, Mernen, Mormegil, Freakofnurture, Mindspillage, Nerf, Discospinster, Solitude, Rich Farmbrough, Guanabot, Leibniz, Rama,
Ponder, Lorn, Demitsu, Paul August, Gronky, Speedysnail, Calamarain, Jnestorius, AdmN, AndrewM1, Evice, Dataphile, CanisRufus,
Kop, MBisanz, EDGE, Sietse Snel, RoyBoy, Leif, Orlady, Pikesta, Bobo192, Army1987, Func, BrokenSegue, Viriditas, StoatBringer,
Cmdrjameson, MITalum, Wisdom89, Njyoder, Matt Britt, Cohesion, Adrian~enwiki, Redquark, Blotwell, Coopdot~enwiki, The Recycling Troll, Physicistjedi, Minghong, Idleguy, MPerel, DanBUK, Bandaidman, Conny, Drangon, Jumbuck, Tra, Storm Rider, Gcbirzan,
Rernst, Alansohn, Golgo13, Richard Harvey, Polarscribe, Jamyskis, Achitnis, ThePedanticPrick, Neonumbers, Andrewpmk, HoratioHuxham, Echuck215, Blic~enwiki, Mysdaao, EdRich, Katefan0, Snowolf, Velella, Here, Mfecane, Keepsleeping, Garzo, Evil Monkey,
WolFStaR, Guthrie, H2g2bob, Bsdlogical, Redvers, HGB, Recury, Ceyockey, Keithius, Dismas, Hq3473, OleMaster, Boothy443, Kelly
Martin, Jak86, Mel Etitis, Woohookitty, Mindmatrix, TigerShark, Camw, DoctorWho42, Percy Snoodle, Myleslong, Kzollman, JeremyA,
Brentdax, Mms, The Wordsmith, KymFarnik, MONGO, Schzmo, Grika, Bbatsell, Davidfstr, Terence, Adam Field, Bluemoose, Ralpedia,
Kralizec!,
, Prashanthns, Essjay, Alan Canon, MarcoTolo, Dave Murphy, Marudubshinki, Dysepsion, Kesla, Graham87, Magister
Mathematicae, Kbdank71, RxS, Jdoty, Binary Truth, Josh Parris, Ryan Norton, Rjwilmsi, Koavf, Panoptical, Vary, Dcavell, Bill37212,
T0ny, Tangotango, MZMcBride, Oblivious, Ligulem, Sigmalmtd, ElKevbo, CalPaterson, Ghepeu, Afterwriting, ThePoorGuy, The wub,
Bhadani, Ggfevans, Nandesuka, DickClarkMises, THE KING, GregAsche, Sango123, Mycro, Yamamoto Ichiro, Fish and karate, Alejos,
Titoxd, Sgkay, Mirror Vax, RobertG, Musical Linguist, Doc glasgow, Nihiltres, Josh~enwiki, Harmil, RexNL, Gurch, Mike Van Emmerik,
Alexjohnc3, TheDJ, Quuxplusone, Brendan Moody, Tylerttts, Alphachimp, Marlow4, Phoenix2~enwiki, Psantora, Chobot, Daekharel,
David91, Korg, Stephen Compall, Bgwhite, Cactus.man, GroupOne, Jernejl, Borgx, Antichris, Extraordinary Machine, Splintercellguy,
Sceptre, Hairy Dude, Family Guy Guy, Jetheji, Crazytales, Dili, SpuriousQ, Hydrargyrum, Akamad, Stephenb, CambridgeBayWeather, Cpuwhiz11, Wimt, RadioKirk, NawlinWiki, Wiki alf, BigCow, Bachrach44, Grafen, NickBush24, Ejdzej, Maverick Leonhart,
Robchurch, Irishguy, Retired username, Mortein, Anetode, DAJF, Abb3w, Leontes, KarlHeg, Brat32, Karl Meier, DeadEyeArrow, Psy
guy, Jeremy Visser, Tachyon01, Phenz, Nick123, Max Schwarz, Googl, Theda, Denisutku, Mastercampbell, ArielGold, Yaco, Katieh5584,
Kungfuadam, Bsod2, Paul Erik, DVD R W, Bibliomaniac15, Rykotsusei, A3ulaa, Luk, Yvwv, SmackBot, Mmernex, Monkeyblue, Moeron, Bobet, Estoy Aqu, Rtc, Reedy, KnowledgeOfSelf, Primetime, Pgk, C.Fred, 6Akira7, Ccreitz, Davewild, Agentbla, Edgar181, Yamaguchi , Unforgettableid, Gilliam, Ohnoitsjamie, Irbobo, FakeHarajukuKid, Scaife, Chris the speller, Master Jay, Xchrisblackx, CISSP
Researcher, MK8, Donbas, Thumperward, Edward H, Oli Filth, HartzR, Fluri, MidgleyDJ, Deli nk, Ikiroid, Yunax, DHN-bot~enwiki,
Antonrojo, Janipewter, A. B., Rlevse, Audriusa, Zsinj, Dethme0w, Tsca.bot, Can't sleep, clown will eat me, Timothy Clemans, Mulder416,
OrphanBot, Dushman, Tim Pierce, Sommers, Darthgriz98, Matthew, TheKMan, QubitOtaku, Xmastree, Lesnail, Pevarnj, Addshore,
Edivorce, DGerman, Cpt~enwiki, Huon, COMPFUNK2, Jmlk17, Aldaron, Hackmiester, Cybercobra, Nakon, Jiddisch~enwiki, MichaelBillington, Weregerbil, Philpraxis~enwiki, Only, Filpaul, WikiMASTA, Sigma 7, Negator989, Jordanl122, Pilotguy, Kukini, Masterpjz9,
TenPoundHammer, The undertow, Technocratic, Rory096, Robomaeyhem, Swatjester, Rklawton, Kuru, AmiDaniel, Demicx, Scientizzle, Colak, Soumyasch, Jasonious, NongBot~enwiki, Metavalent, Loadmaster, Andypandy.UK, Mr Stephen, Stikonas, Jon186, Waggers,
Anonymous anonymous, Ralf Loire, Voshika, Klohunt, EEPROM Eagle, Caiaa, GorillazFanAdam, Lord-Bren, Fan-1967, Iridescent,
181
RaiderTarheel, Colonel Warden, Wjejskenewr, Twas Now, Mikeandikes, DeathToAll, Linkspamremover, Tawkerbot2, Pi, Kingoomieiii,
Paulmlieberman, Ahy1, CmdrObot, Tobes00, Corporal79, Dycedarg, Iced Kola, SupaStarGirl, KnightLago, Lentower, Neelix, Pro bug
catcher, MrFish, Luther Brefo, TJDay, Jac16888, Mblumber, Dennette, MC10, Mualphachi, Steel, Michaelas10, Gogo Dodo, Corpx,
ST47, Chingang2006, Elustran, Roymstat, Tawkerbot4, Codetiger, DumbBOT, SpamBilly, Chrislk02, Coder.keitaro, Dtwhitney, Editor
at Large, TheJC, Omicronpersei8, Kokey, Gassaver, Aljo, Thijs!bot, Epbr123, Skreyola, Coelacan, Pajz, LactoseTI, Ultimus, ToxGunn,
Ucanlookitup, Jdm64, Nedcarlson, John254, Kathovo, Gerry Ashton, Lewallen, James086, Aklm, X201, Tellyaddict, Sfxdude, SusanLesch, CamperStrike, Igorwindsor~enwiki, I already forgot, Dantheman531, Ksmathers, AntiVandalBot, Majorly, Yonatan, Luna Santin,
JimScott, Turlo Lomon, Oducado, QuiteUnusual, Angeldust~enwiki, Shirt58, Quintote, Cracker001, AaronY, Wallamanage, Exteray, Mr
Grim Reaper, Olexandr Kravchuk, Darklilac, Farosdaughter, Brian Katt, Zedla, Radar81, Ryanyomomma, JAnDbot, Husond, Raz0r,
MER-C, Cyberhacker665, Churnedfortaste, Britcom, Calvin Nyein Chan, PhilKnight, Cole31337, MSBOT, Opgooi monster, Thing10,
LittleOldMe, Acroterion, Raanoo, Propaniac, Penubag, Pedro, Slowcheetah, Ausome1, VoABot II, AurakDraconian, TARBOT, Zenchesswikster, Jim Douglas, Dinosaur puppy, Rohasnagpal, Testla, Z19~enwiki, Sumguy hhh, Thireus, Martynas Patasius, Glen, DerHexer, JaGa,
Esanchez7587, TheRanger, Fishdert, Cocytus, Foregone conclusion, Gwern, Custardninja, B9 hummingbird hovering, Kornfan71, Neonblak, Hdt83, MartinBot, Attackrabbit, Jeannealcid, Poeloq, Comperr, Rhlitonjua, Justin Piga, Rettetast, Mschel, Jgarland79, Kateshortforbob, ArcAngel, RockMFR, Timmccloud, Ankit bond2005, Public Menace, A Nobody, Wikipbob, Karthixinbox, Owlgorithm, Footballfan42892, SU Linguist, Gutchfest, Squeezeweasel, Gzkn, Dispenser, BrokenSphere, LordAnubisBOT, BrWriter2006, DarkBlackHat,
AntiSpamBot, Berserkerz Crit, Vanished user g454XxNpUVWvxzlr, Gordaen, Michaelban, Alpha713~enwiki, Creepzerg3, Astro Boii,
Watermelonhacker, Tanaats, Cerebos, Cometstyles, Browngreen64, WJBscribe, BrokenPaleGlass, Jevansen, Treisijs, Mike V, Nomnol2,
Bonadea, Micmic28, SoCalSuperEagle, The unsponsored sk8er, Kurdtkobain2707, Zer0is1337, Bite super poilue, VolkovBot, Thomas.W,
Doctor medicine, Je G., Danbloch, Paxcoder, Bsroiaadn, Timmyishappy, Philip Trueman, Greatwalk, Zidonuke, ZDubciclysmo, Planetary Chaos, Sdsd87, Eisenhauer666, Z.E.R.O., Anonymous Dissident, Woodsstock, Qxz, Codenametiger, Linkacid, Lradrama, QuintusMaximus, Aaron Bowen, Qwertasdfzxcv, Hfourxzeror, LeaveSleaves, Mattman2593, Ilyushka88, Patchthesock, Holyman98, Warrhamster,
Worldrallychamp, Playqoy, Enigmaman, Wolfrock, Adam.J.W.C., APplle, Purgatory Fubar, Emo man50, Istillcandream, Ceranthor, Aznfatnerd, Chenzw, Richard A Muller, Logan, Msjennings, 2600.ir, Ponyo, Konkrypton, SieBot, Cuj000, MLBplayer456, Oscarmayor7,
Whitehatnetizen, Sonicology, Infosecwriter, Tehjustice, PeterCanthropus, Pizzachicken, Spartan, Scarian, WereSpielChequers, Mxtp, Gerakibot, Josh the Nerd, Plinkit, Caltas, Eagleal, SE7, Ml-crest, Chiroz, Sephiroth storm, Yintan, Poohead121, Chris test, 360 Degree,
Mrmrsgwangi, Keilana, reeHaq, Android Mouse, Lee010cooldude, Pxma, Toddst1, Flyer22, Bdorsett, LETSskankTHEnightAWAY,
Blaireaux, Rheoguq, Agent Q556, Oxymoron83, Antonio Lopez, AngelOfSadness, Nuttycoconut, Lightmouse, Poindexter Propellerhead, Techman224, Bluedart13, F1r3w4ll, Diego Grez, Maelgwnbot, Anakin101, Bip34, Spartan-James, JohnnyMrNinja, Dust Filter,
H^a^x^k^i^o, Starcraft232, Guitaralex, Youugly93u, Explicit, MaxwellHansen, Dlrohrer2003, Shoopdawhooplol, Loren.wilton, Martarius, Shyguy100, ClueBot, Dakinijones, Kl4m, Duerring, Criticalmass24, Matdrodes, Frvade2007, Stahlsta210, Taroaldo, 5y573m-3rr0r,
Zarkthehackeralliance, Nitrofurano, SuperHamster, Boing! said Zebedee, CounterVandalismBot, Blanchardb, BLiesting, Skate4life22,
Neverquick, SamFinkAnchorageAk, Joeomfgwtfbbq, Lambdaphage, Excirial, Bedwanimas214, CrazyChemGuy, Jasonbtulsabiz, Sivenn,
Yggdriedi, Rhododendrites, Milenkovic214, Andrew81446, Cr7i, Dekisugi, Synthus, JasonAQuest, Thehelpfulone, Lilboudreaux, Bald
Zebra, Rohit bond2005, Aitias, Certes, Versus22, Lamendoluz, Goodvac, Xcez-be, DumZiBoT, Jpirie23, Fathisules, Teh00d3di, NeVic1,
Joshowen041091, XLinkBot, Pichpich, Jjmshortys4life, Ost316, Mitch Ames, Skarebo, BlackDeath3, ErkinBatu, Mm40, Addbot, Creepymortal, DOI bot, Sam8888, Neonecho, Ronhjones, Scientus, TSWcontentlady, MrOllie, Ryoga Godai, Buster7, Dan Brown456, Glane23,
Metalpunk182, HACKTOLEARN, Favonian, LemmeyBOT, West.andrew.g, Tassedethe, Tide rolls, OlEnglish, ", Zorrobot, Jarble,
Fdaneels, Hyhfct, Yobot, Taxisfolder, Max, Evilmindwizard, Suvhero, AnomieBOT, ESHARI, Rubinbot, Jim1138, Kingpin13, Materialscientist, Citation bot, GB fan, Quebec99, Sixtysixwatts, Frankie0607, Prunesqualer, RibotBOT, Pradameinho, Sophus Bie, Architectchamp, Howsa12, Shadowjams, A. di M., Green Cardamom, Captain-n00dle, FrescoBot, Skychildandsonofthesun, Longgg johnnn?,
Weetoddid, Louperibot, Citation bot 1, Nabiy, Catphish, Pinethicket, I dream of horses, Xanadu1122, Hack news, Lotje, Nightkid411, CobraBot, Aoidh, Davish Krail, Gold Five, Diannaa, DrakkenCrew, DARTH SIDIOUS 2, RjwilmsiBot, B4lz, Agent Smith (The Matrix), Mr.
Greyhat, O iF R A GzBRO, Superways, Angrytoast, Grrow, GoingBatty, Matrix1010, RenamedUser01302013, Slightsmile, Elvenmuse,
Wikipelli, Cfust, StringTheory11, Thargor Orlando, Erniedabou, Access Denied, Demonkoryu, Wayne Slam, Coasterlover1994, Soddy182,
Pun, Nom nom monster, Orange Suede Sofa, Pastore Italy, Matthewrbowker, Man du Fromage, Tarn taran, Zabanio, FiloMJ, Gamepro127, Domjenkin, Voomoo, ClueBot NG, Ezzk, Pcpikachu123, OxyTrip, Viybel~enwiki, Reify-tech, Thekickass, MrJosiahT, Youkana,
Soulinthemachine, MerlIwBot, Helpful Pixie Bot, Whitehatpeople, The Mark of the Beast, Solomon7968, Xcyss, Bfugett, Toccata quarta,
John Sawyer, Avantiext, BattyBot, Stefano Vincenzi, Lugia2453, Joseph M Warren, Zaldax, Dixiedean66, Nshunter, ManjushaV, Crow,
Hacker124816, Monkbot, OKNoah, S166865h, HammadShamsi, Hacker alert 101, Vanyaxd, Kashif0334, Grazz54 and Anonymous: 1482
Hacker group Source: http://en.wikipedia.org/wiki/Hacker%20group?oldid=648070333 Contributors: Pnm, Bobo192, Tony Sidaway,
LFaraone, H2g2bob, Firsfron, DoctorWho42, Myleslong, RussBot, Moe Epsilon, SmackBot, Rtc, Mithaca, Blue Mirage, Gogo Dodo,
Qwyrxian, OrenBochman, Acroterion, JamesBWatson, Nyttend, MartinBot, ArcAngel, AntiSpamBot, January2007, Chahax, Twooars, Sue
Rangell, Accounting4Taste, FalconMan101, Matt Brennen, DOCOCTROC, Rhododendrites, Vanished user uih38riiw4hjlsd, Bearsona,
Addbot, Lightbot, Materialscientist, 78.26, I dream of horses, Anibar E, Redx93, RedBot, KayinDawg, Deadman1420, Lotje, Hobbes
Goodyear, Dewritech, Pro translator, ZroBot, Wagner, SecData, ClueBot NG, Smashx90, WikiPuppies, Helpful Pixie Bot, Whyking thc,
Mudkip11223, Mythpage88, Antivirotic, Jionpedia, MrOverkill, VariousLulz, Time for a nice cuppa brew, FBIArcadia, Skraito-0x71,
Pyrotle, Malici0usploit and Anonymous: 51
Hacker Manifesto Source: http://en.wikipedia.org/wiki/Hacker%20Manifesto?oldid=650676391 Contributors: SimonP, Lightning~enwiki, Pnm, Tgeorgescu, CesarB, Conti, Ylbissop, Random832, Jake Nelson, Bamos, Altenmann, Everyking, Quinwound, TonyW,
Arnauldvm, Eisnel, Article6, Mike Rosoft, Bneely, MBisanz, Blotwell, Mattl, JaveCantrell, *Kat*, H2g2bob, JanKG, Kelly Martin, Stefanomione, Marudubshinki, Who, Mallocks, The Rambling Man, YurikBot, RussBot, Hydrargyrum, Mipadi, Nikkimaria, Dposse, User24,
SmackBot, Rtc, Winterheart, Ikiroid, Bldsnprx, Can't sleep, clown will eat me, Frap, Cybercobra, Petr Kopa, Gloriamarie, Kuru, SubSeven, TheFarix, Gr33k-10v3r, Switchercat, DanielRigal, Mato, WISo, DumbBOT, Cmalkarali, JAnDbot, VoABot II, Gwern, CrackSoft,
Gaqzi, Jaimeastorga2000, Philip Trueman, TXiKiBoT, David Condrey, SieBot, Sephiroth storm, Roc314, Dabomb87, Trover, Trivialist,
Unikron2001, DragonBot, Rhododendrites, Killkola, Addbot, AkhtaBot, Rubinbot, Materialscientist, ArthurBot, 4twenty42o, FrescoBot,
Full-date unlinking bot, Lotje, Guerillero, Mrcarter011, DASHBot, WikitanvirBot, Dewritech, Openstrings, Ksommerville, Mjbmrbot,
ClueBot NG, Helpful Pixie Bot, Whitehatpeople, Canestenmobile, BattyBot, Mrt3366, Hmainsbot1, 127lh, NorthBySouthBaranof, SoldierxDOTcom, Robertjeerson, Fixuture and Anonymous: 75
Hacking tool Source: http://en.wikipedia.org/wiki/Hacking%20tool?oldid=660192501 Contributors: Pnm, Andreas Kaufmann,
Charonn0, Gary, Wtmitchell, H2g2bob, Woohookitty, Mindmatrix, Intgr, Hydrargyrum, Rsrikanth05, Open2universe, SmackBot, Rtc,
Betacommand, Captain Zyrain, LeoNomis, Mr Stephen, Clarityend, MER-C, Koraiem, Derfboy, ClueBot, Stayman Apple, Erebus Morgaine, Rhododendrites, UnCatBot, XLinkBot, IncandescentLight, Jabberwoch, Addbot, Cst17, MrOllie, AnomieBOT, Jim1138, KRLS,
182
Guillermo~enwiki, Stanislao Avogadro, Xqbot, Blenheimears, Rohitdua, FrescoBot, Jerd10, Mrk123, ClueBot NG, Seoexpert91, Xmen2011, Scienceomar, Juggared14, Akwin123 and Anonymous: 24
Keystroke logging Source: http://en.wikipedia.org/wiki/Keystroke%20logging?oldid=661442467 Contributors: Derek Ross, LC~enwiki,
The Anome, SimonP, R Lowry, Edward, Lir, Pnm, Ixfd64, Ellywa, Ronz, Angela, Kingturtle, Aimaz, Rossami, Evercat, Samw, GCarty,
Guaka, Aarontay, Ww, Dysprosia, WhisperToMe, Markhurd, Tschild, Furrykef, Nv8200pa, Omegatron, Jamesday, Catskul, Blugill, Lowellian, Hadal, Wereon, David Gerard, DavidCary, Laudaka, Jason Quinn, AlistairMcMillan, Solipsist, Antandrus, Beland, OverlordQ,
Lynda Finn, Mike Rosoft, Discospinster, Rich Farmbrough, ArnoldReinhold, Xezbeth, ZeroOne, JoeSmack, Sietse Snel, RoyBoy, Femto,
Adambro, Yono, Bobo192, Nigelj, Stesmo, Wisdom89, Dteare, Starchild, Alansohn, Danhash, Bobrayner, Woohookitty, Unixer, Armando,
Pol098, WadeSimMiser, Firien, Dbutler1986, Graham87, JIP, Rjwilmsi, DickClarkMises, FlaBot, Weihao.chiu~enwiki, Latka, JiFish,
Intgr, Runescape Dude, Salvatore Ingala, Peterl, Whosasking, Tiimage, YurikBot, Wavelength, Borgx, FlareNUKE, Lincolnite, Conscious,
Hede2000, SpuriousQ, Rsrikanth05, Wimt, Mipadi, Bob Stromberg, Vivaldi, Tony1, Occono, Palpalpalpal, DeadEyeArrow, Closedmouth,
GraemeL, Egumtow, Stefan yavorsky, Baxil, Veinor, A bit iy, SmackBot, Royalguard11, Hydrogen Iodide, Gnangarra, J.J.Sagnella,
Ohnoitsjamie, Skizzik, Chris the speller, Optikos, @modi, MK8, DHN-bot~enwiki, Colonies Chris, Firetrap9254, KojieroSaske, SheeEttin, Frap, Skidude9950, Ww2censor, Flask215, Khoikhoi, Engwar, Nakon, Gamgee, Kalathalan, Clicketyclack, Torritorri, Ckatz, Tuanmd, Redboot, Ehheh, Njb, Mets501, H, Mike Doughney, Pauric, Sander Sde, On1ine, Jeremy Banks, JForget, Dycedarg, Jesse Viviano,
Corpx, Alexdw, Odie5533, Tawkerbot4, Bposert, SJ2571, Njan, Alexey M., Epbr123, FTAAP, Snydley, RamiroB, Sheng.Long 200X,
Druiloor, AntiVandalBot, Luna Santin, Seaphoto, Fayenatic london, Zorgkang, Spydex, Qwerty Binary, Dreaded Walrus, JAnDbot, Thylacinus cynocephalus, Tony Myers, Barek, Bakasuprman, A1ecks, Hut 8.5, Isthisthingon, Techie guru, .anacondabot, Magioladitis, Jaysweet,
Ukuser, JNW, Cheezyd, Conteordeo, Fedia, Wikivda, Wikire, MartinBot, STBot, CliC, Jonathan.lampe@standardnetworks.com, Anaxial, Nono64, $pider, Tresmius, Slash, J.delanoy, Pharaoh of the Wizards, Cyrus abdi, Thomas Larsen, Samtheboy, Noogenesis, VolkovBot,
TreasuryTag, MemeGeneScene, Je G., Philip Trueman, TXiKiBoT, Mrdave2u, Zifert, A4bot, Glarosa, Isis4563, Madhero88, Dirkbb,
Turgan, Jjjccc~enwiki, ChewyCaligari, Rock2e, Resurgent insurgent, Cool110110, SieBot, Triwbe, Sephiroth storm, Nmviw, Arda Xi,
OsamaBinLogin, Banditauron, Tombomp, Clearshield, Dillard421, ArchiSchmedes, ClueBot, Wilbur1337, The Thing That Should Not
Be, AsymptoteG, Garyzx, Dotmax, Blanchardb, Asalei, Socrates2008, Rhododendrites, Technobadger, Manasjyoti, Arjayay, Drwhofor, Shin-chan01, El bot de la dieta, DanielPharos, Berean Hunter, Johnuniq, SF007, Noname6562, Darkicebot, Against the current,
XLinkBot, Spitre, Stickee, Rror, Dom44, Lamantine, WikHead, Dsimic, Tustin2121, Addbot, Mortense, Movingboxes, Rhinostopper,
MrOllie, Etracksys, Matt5075, Networkintercept, Favonian, ChenzwBot, Sureshot327, Tide rolls, MuZemike, Luckas-bot, Yobot, 2D, Bigtophat, Navy blue84, AnomieBOT, Andrewrp, Kingpin13, Ulric1313, Materialscientist, Are you ready for IPv6?, uman, HkBattousai,
GB fan, LilHelpa, Xqbot, Dragonshardz, Jerey Mall, Reallymoldycheese, Automaite, Ezen, S0aasdf2sf, Aceclub, Ruy Pugliesi, GrouchoBot, IslandLumberJack, Mark Schierbecker, Krypton3, Aenus, Mountielee, Prari, FrescoBot, WPANI, Clubmaster3, DigitalMonster,
PeramWiki, Nathancac, Waller540, HamburgerRadio, Italick, Redrose64, Rajtuhin, MKFI, AgentG, Reconsider the static, Ao5357, Lotje,
Vrenator, F11f12f13, Sloppyjosh, Forenti, DASHBot, J36miles, EmausBot, Manishfusion1, GoingBatty, Wikipelli, LinuxAngel, FlippyFlink, John Cline, Ida Shaw, Traxs7, S3cr3tos, , Ego White Tray, AlexNEAM, ClueBot NG, Matthiaspaul, O.Koslowski, Mactech1984,
Lolpopz1234, Marsmore, Nbudden, BG19bot, IraChestereld, Samiam111~enwiki, Guesst4094, Carliitaeliza, MeanMotherJr, BattyBot,
Abgelcartel, Jfd34, Lloydliske, EagerToddler39, Codename Lisa, Webclient101, Klabor74, Zhiweisun, Jaericsmith, Sourov0000, Corn
cheese, Way2veers, Yuvalg9, MountRainier, JadeGuardian, Kennethaw88, Lvanwaes, Mover07, Jianhui67, Dannyruthe, NewWorldOdor,
Janeandrew01, Michael Dave, Jamesmakeon, Bobsd12, Wasill37, Scyrusk, Devwebtel, JoanaRivers, ScottDNelson, Jhfhey, Awmarks and
Anonymous: 548
List of computer criminals Source: http://en.wikipedia.org/wiki/List%20of%20computer%20criminals?oldid=654956581 Contributors:
GCarty, PaulinSaudi, Michael Snow, Rdsmith4, Pablo X, Causa sui, Adrian~enwiki, Katana, H2g2bob, Bbatsell, Mendaliv, Rjwilmsi,
Koavf, The wub, Randomusername331, Mordicai, Bgwhite, The Rambling Man, Sceptre, Morgan Leigh, Chrishmt0423, Shawnc, GrEp,
Rwwww, SmackBot, Rtc, Bluebot, Pdspatrick, Kittybrewster, Grimhim, Heimstern, SubSeven, Ptimmins, CmdrObot, Riskyfrisky, Ruslik0,
Fordmadoxfraud, AndrewHowse, Cydebot, Reywas92, Gogo Dodo, Christian75, PamD, Daniel, Esemono, AntiVandalBot, Luna Santin,
Seaphoto, Danger, Qwerty Binary, Lovok, MikeDee~enwiki, Firealwaysworks, Eqdoktor, Iloveliz187, I-baLL, Ayecee, Maurice Carbonaro,
Yauch, STBotD, The Duke of Waltham, Je G., GimmeBot, Quatar, Gibson Flying V, A Raider Like Indiana, Arbor to SJ, Lightmouse,
Kumioko (renamed), Dabomb87, Haydenp123, Truco, Ottre, PCHS-NJROTC, Apparition11, ErgoSum88, Addbot, Vejvanick, Nohomers48, Bte99, MrOllie, Sashi Degodeshi, Hackistory, AnomieBOT, Bluerasberry, Materialscientist, Citation bot, LilHelpa, Udayantha,
Ksshannon, FrescoBot, Jellyjordan, Tlork Thunderhead, Winsock, Keshawn j jackson, Yunshui, Lotje, JanDeWit1, Airbag190, Jfmantis,
RjwilmsiBot, Qrsdogg, Thecheesykid, ZroBot, Michael Essmeyer, H3llBot, Mrobaer, Wayne Slam, Music Sorter, Yulli67, Chimpfunkz,
Signalizing, ClueBot NG, MoondyneAWB, Achlysis, Helpful Pixie Bot, BG19bot, Goldenshimmer, Cressi97, , 220 of
Borg, Rcsenavirathna, Dariusg1, Codename Lisa, Michael Anon, Lugia2453, Jc86035, Aporvearyan, Rootdz, Rikesh.ballah1122, FrigidNinja, Razveer, McLean.Alex, SoldierxDOTcom, Tractor Tyres, Phreaker007, Monkbot, Colby Gleason, Kashimonok and Anonymous:
136
Phreaking Source: http://en.wikipedia.org/wiki/Phreaking?oldid=661558619 Contributors: Bryan Derksen, Tarquin, Fubar Obfusco,
Maury Markowitz, Sara Parks Ricker, Olivier, Citizenzero, Frecklefoot, RTC, Michael Hardy, Kwertii, Pnm, Dori, CesarB, Ahoerstemeier, Notheruser, Michael Shields, Alex756, Wfeidt, Dwo, Fry-kun, Mbstone, RickK, Ike9898, Paul Stansifer, Dysprosia, Geary, Rvolz,
Furrykef, Saltine, Betterworld, Fvw, Bloodshedder, Shantavira, Denelson83, EdwinHJ, Dale Arnett, Fredrik, Greudin, Chancemill, TimothyPilgrim, Steeev, Auric, Jondel, Danceswithzerglings, Cyrius, Pengo, Falkonkirtaran, Skriptor~enwiki, Everyking, OrbitalBundle, Curps,
Tieno, Beta m, Rchandra, Falcon Kirtaran, Matt Crypto, Pne, Peter Ellis, Wmahan, Lucioluciolucio, Ddhix 2002, Sayeth, Hellisp, Resister,
Chmod007, Chane~enwiki, R, VCA, KneeLess, Bneely, Vsmith, Smyth, Chowells, R.123, SocratesJedi, Paul August, Suriyawong, Mr.
Billion, Kiand, Adrian~enwiki, Nicke Lilltroll~enwiki, Makomk, Juzeris, Larry V, Anthony Appleyard, Fwb44, Water Bottle, Stephen
Turner, Seancdaug, Here, Cburnett, Anthony Ivano, H2g2bob, Galaxiaad, Angr, Woohookitty, Myleslong, Krille, The Wordsmith,
BriskWiki, Hbdragon88, TotoBaggins, Karam.Anthony.K, Graham87, Stromcarlson, Ronnotel, Bilbo1507, JIP, Grammarbot, Josh Parris,
Koavf, Chrisp510, PinchasC, Seraphimblade, Krash, The wub, FlaBot, Latka, Nihiltres, Gary D Robson, Bmicomp, Planetneutral, Jpkotta,
ColdFeet, YurikBot, Wavelength, Ailag~enwiki, Hairy Dude, Kerowren, Gaius Cornelius, Lusanaherandraton, A314268, Wiki alf, Janarius,
THB, Black Ratchet, Zypres, Moe Epsilon, Voidxor, Elkman, Sir Isaac, Tawal, Deltalima, Delirium of disorder, Dkgoodman, Arthur Rubin,
Sturmovik, TomHawkey, Jonathan.s.kt, MansonP, Goob, Almostc, User24, SmackBot, Elonka, Rtc, KnowledgeOfSelf, Pgk, Rrius, Dazzla,
TrancedOut, Skizzik, Saros136, Amatulic, EncMstr, SchftyThree, Kostmo, Hgrosser, Can't sleep, clown will eat me, Shalom Yechiel, Ianmacm, Kevlar67, Pretorious, Guroadrunner, Savetz, MKC, Rafert, RomanSpa, Othtim, Peyre, DabMachine, JmanA9, JoeBot, Highspeed,
Twas Now, Dycedarg, Nczempin, Kylu, NickW557, Natas802, Lucky225, Neelix, No1lakersfan, Minilik, Mr.weedle, DumbBOT, Alaibot, Wintermute314, JohnInDC, Squidward tortelini, Qwyrxian, Jedibob5, Link Spam Remover, Vaniac, Escarbot, Radimvice, Oducado,
Gigi head, JAnDbot, Albany NY, Tqbf, Bongwarrior, JNW, Xb2u7Zjzc32, Leftblank, JanGB, Jim Douglas, Steven Walling, P.B. Pilhet,
183
Shuini, I-baLL, MartinBot, CliC, Jeannealcid, Jim.henderson, Rhlitonjua, Bemsor, R'n'B, KTo288, Lilac Soul, Doranchak, Piercetheorganist, Galifrag, Terabandit, Davidm617617, Peterhgregory, Black Walnut, Seanbo, VolkovBot, SupaPhreak, TXiKiBoT, Anonymous
Dissident, H3xx, David Condrey, Softtest123, Pious7, Enigmaman, Haseo9999, Lamro, Edkollin, Anonymousphreaker, Celain, Phreaka
Dude, NHRHS2010, Trackinfo, Jimb20, Vortalux, RMB1987, Lightmouse, Seedbot, Svick, Retractor, Tegrenath, Twinsday, ClueBot,
Pressforaction, Leatherstocking, Xitit, Dgabbard, Jotag14, Draxor99, Ottava Rima, SamuelTheGhost, Tlatseg, Alexbot, Mrchris, Eeekster, Goon Noot, EutychusFr, Johnuniq, Vanished User 1004, AlanM1, Badmachine, Ost316, Asrghasrhiojadrhr, Addbot, Leszek Jaczuk,
MrOllie, Mphilip1, Devinriley, Luckas-bot, Yobot, Will Decay, Synchronism, AnomieBOT, Sidlter, Theoprakt, Xqbot, The sock that
should not be, Gidoca, Multixfer, Rohitdua, Miyagawa, Tabledhote, Ace of Spades, Rkr1991, Menilek, Kgrad, Lotje, Vrenator, Tbhotch,
Sideways713, RjwilmsiBot, NameIsRon, WikitanvirBot, Mo ainm, EyeExplore, Amilianithiantha, H3llBot, Staszek Lem, Leitz31337,
Cb3684, Scientic29, Ego White Tray, ClueBot NG, Frankienoone, Widr, Calabe1992, JohnChrysostom, MusikAnimal, Jimw338, JurgenNL, SoledadKabocha, Cerabot~enwiki, Corn cheese, Electracion, IanDGunn, Phreaker007, Monkbot, Abhishekkr101, Licknooft,
KH-1, DanielKnights, Buntee2, Matt Da Freak and Anonymous: 365
Rootkit Source: http://en.wikipedia.org/wiki/Rootkit?oldid=662241846 Contributors: Zundark, Fubar Obfusco, William Avery, SimonP,
Stevertigo, Frecklefoot, JohnOwens, Nixdorf, Pnm, Liftarn, Zanimum, Penmachine, Tregoweth, Ahoerstemeier, Haakon, Nikai, Schneelocke, Emperorbma, Timwi, Aarontay, Ww, Olego, Fuzheado, Markhurd, Echoray, Furrykef, Taxman, Bevo, Rossumcapek, Phil Boswell,
Robbot, Scott McNay, Henrygb, Auric, Zidane2k1, Paul G, Tobias Bergemann, Unfree, David Gerard, Alison, JimD, Ezhiki, Kravietz,
AlistairMcMillan, Saucepan, Taka, Deewiant, Creidieki, Pascalv, Adashiel, Squash, Brianhe, ElTyrant, Rich Farmbrough, Agnistus, Jayc,
Bender235, CanisRufus, Twilight (renamed), Kwamikagami, PhilHibbs, Spoon!, Femto, Perfecto, Stesmo, Smalljim, Chasmo, Mpvdm,
Adrian~enwiki, Giraedata, Yonkie, Bawol, Helix84, Espoo, Jhfrontz, Polarscribe, CyberSkull, JohnAlbertRigali, Hookysun, Phocks,
BanyanTree, Earpol, RJFJR, RainbowOfLight, Kazvorpal, RyanGerbil10, Japanese Searobin, Dtobias, Dexio, Alvis, CCooke, OwenX,
Woohookitty, David Haslam, Steven Luo, Shevek, Pol098, Apokrif, Btmiller, Easyas12c, Midnightblaze, SDC, Umofomia, Xiong Chiamiov, SqueakBox, Graham87, Rjwilmsi, TitaniumDreads, Syndicate, Arisa, Randolph, RainR, Flarn2006, FlaBot, RobertG, Stoph, JiFish, Harmil, Mark Luszniak, Arunkoshy, Mordien, Intgr, Mimithebrain, Dbpigeon, Martin Hinks, Poorsod, FrankTobia, Elfguy, Uriah923,
YurikBot, Wavelength, Hairy Dude, Diesonne, AVM, Chrisjustinparr, IByte, Hydrargyrum, NawlinWiki, Wiki alf, Mipadi, Ian Cheese,
Ejdzej, Stephen e nelson, Cleared as led, Nick, Raven4x4x, JackHe, Mysid, FoolsWar, Bota47, Nescio, Ninly, Maxwells Demon, Mateo
LeFou, Theda, Closedmouth, Arthur Rubin, Reyk, Roothorick, AnimeJanai, Solarusdude, Jacqui M, That Guy, From That Show!, SmackBot, Mmernex, Estoy Aqu, Reedy, Mate.tamasko, Unyoyega, KelleyCook, Iph, SimonZerafa, Ohnoitsjamie, Chris the speller, Bluebot,
Gspbeetle, Thumperward, Ben.the.mole, Octahedron80, DARQ MX, DHN-bot~enwiki, Jmax-, 1(), Frap, Onorem, Tim Pierce, Sommers, Ukrained, Whpq, MichaelBillington, DMacks, J.Christopher.Wells, AndyBQ, A5b, Mitchumch, N-dy, Clicketyclack, FrostyBytes,
Tasc, Tthtlc, Peyre, Simon Solts, Xionbox, LAlawMedMBA, IvanLanin, CapitalR, Prpower, Phoenixrod, Courcelles, Tawkerbot2, Davidbspalding, FatalError, Zarex, Cyrus XIII, Megaboz, Jokes Free4Me, Jesse Viviano, Chrismo111, Racooper, Myasuda, Equendil, A876,
GrahamGRA, Tryl, rate, Fetternity, Mewsterus, Etaon, Ambulnick, Marek69, Tocharianne, AntiVandalBot, Widefox, Obiwankenobi,
Czj, Sjledet, Lfstevens, Bscottbrown, AndreasWittenstein, TuvicBot, Hiddenstealth, NapoliRoma, MER-C, Minitrue, QuantumEngineer,
Karsini, BCube, Repku, Raanoo, Drugonot, Chevinki, Nyttend, Cl36666, Denorios, Stromdal, Alekjds, Hamiltonstone, Cpl Syx, XandroZ,
Stephenchou0722, R27smith200245, MartinBot, Eshafto, CobraBK, Fethers, R'n'B, Nono64, Ash, Felipe1982, CraZ, Pharaoh of the Wizards, UBeR, Uncle Dick, Maurice Carbonaro, Public Menace, Leeked, Andy5421, It Is Me Here, Peppergrower, Crakkpot, DavisNT,
Wng z3r0, Marekz, Cometstyles, Gemini1980, ArneWynand, VolkovBot, Ashcan Rantings, Senachie, Soliloquial, TXiKiBoT, Sphinx2k,
CanOfWorms, Miketsa, UnitedStatesian, Haseo9999, Willbrydo, Suzaku Medli, Ceranthor, Ggpur, MrChupon, SieBot, Technobreath,
Sephiroth storm, Edans.sandes, Windowsvistafan, Aly89, General Synopsis, Fyyre, Clearshield, Capitalismojo, Bogwhistle, BfMGH,
Guest141, Martarius, ClueBot, The Thing That Should Not Be, TheRasIsBack, Mild Bill Hiccup, Fossguy, Tai Ferret, Socrates2008,
Crywalt, PixelBot, JunkyBox, Rhododendrites, Holden yo, NuclearWarfare, Mrkt23, Pinkevin, Htddler, DanielPharos, Floul1, Johnuniq,
SF007, Uuddii, Pelican eats pigeon, XLinkBot, Thatguyint, Addbot, Willking1979, Kongr43gpen, Sergey AMTL, Elsendero, TutterMouse, Cst17, MrOllie, OlEnglish, Fiftyquid, Luckas-bot, Yobot, Fraggle81, GateKeeper, Golftheman, Alipie42, AnomieBOT, NoKindOfName, Bluerasberry, Materialscientist, Nutsterrt, Citation bot, ArthurBot, LilHelpa, Avastik, S0aasdf2sf, Notwej, GrouchoBot, Kernel.package, Thearcher4, Traord09, Sophus Bie, XLCior, Shadowjams, FrescoBot, WPANI, Ozhu, Wmcleod, HamburgerRadio, Citation
bot 1, JoeSmoker, Winterst, Pinethicket, Jonesey95, Shultquist, Gim3x, OMGWEEGEE2, Rbt0, Trappist the monk, Techienow, Vanished
user aoiowaiuyr894isdik43, TjBot, Alph Bot, EmausBot, John of Reading, WikitanvirBot, Timtempleton, Heracles31, Dewritech, Janiko,
P3+J3^u!, ZroBot, Herman Shurger, Basheersubei, Mike735150, IceCreamForEveryone, Bender17, Chicklette1, Diame, Macwhiz,
Nhero2006, DASHBotAV, Pianosa, ClueBot NG, Biterankle, Morgankevinj huggle, Matthiaspaul, MelbourneStar, Zakblade2000, Barry
McGuiness, Helpful Pixie Bot, Strovonsky, Rijinatwiki, Abagi2, Johndavidthomas, BattyBot, Tkbx, StarryGrandma, ChrisGualtieri, Draculamilktoast, Cadava14, Dexbot, Codename Lisa, Noul Edge, SoledadKabocha, Cryptodd, CaSJer, MopSeeker, Ginsuloft, Oranjelo100,
Monkbot, Vieque, BethNaught, Ahollypak, Shinydiscoball, Jithendran Subburaj, TQuentin, Azlan 6473 and Anonymous: 574
Script kiddie Source: http://en.wikipedia.org/wiki/Script%20kiddie?oldid=657126680 Contributors: AxelBoldt, WojPob, The Anome, -April, Jagged, Zadcat, Ryguasu, Frecklefoot, Ubiquity, Patrick, Voidvector, Pnm, Zanimum, TakuyaMurata, (, CesarB, Looxix~enwiki,
Ellywa, Angela, Marteau, Evercat, Schneelocke, Saint-Paddy, Przepla, WhisperToMe, Issa, Furrykef, Fvw, David.Monniaux, MrWeeble,
Robbot, Altenmann, LGagnon, Hif, Pengo, Ich, Rchandra, The zoro, Matt Crypto, Neilc, Andycjp, Shibboleth, Tothebarricades.tk, Scott
Burley, Asbestos, Henriquevicente, Joyous!, Bluefoxicy, RedWordSmith, Rich Farmbrough, Rhobite, Fluzwup, Evice, Bobo192, Smalljim, Nectarowed, Blotwell, Tadman, Red Scharlach, Rernst, Alansohn, Gary, Transnite, 119, Arthena, Andrewpmk, Ciaran H, Seans
Potato Business, Ethethlay, Scott5114, Robin201, Evil Monkey, Freyr, Feezo, JanusPaul, MickWest, Woohookitty, Mindmatrix, Grillo,
Duncan.france, Pchov, Fred J, Terence, Kralizec!, Harkenbane, ArCgon, TNLNYC, Joe Roe, Mandarax, Ashmoo, Graham87, Magister Mathematicae, Jclemens, Rjwilmsi, T0ny, JDanM, JenniferR, IpwnNES, Yamamoto Ichiro, Exeunt, FlaBot, Ian Pitchford, Faluinix,
Crazycomputers, Kerowyn, JYOuyang, Gurch, Intgr, Salvatore Ingala, Masnevets, Rogertudor, Mysekurity, YurikBot, Rdoger6424, NTBot~enwiki, Curuinor, Hydrargyrum, Shaddack, Rsrikanth05, NawlinWiki, Borbrav, Aeusoes1, Ejdzej, Abb3w, Moe Epsilon, Tony1,
Syrthiss, Xompanthy, Hydroksyde, DryaUnda, Vlad, Private Butcher, Werdna, Wknight94, Trojjer, Raijinili, Saranghae honey, Closedmouth, Garion96, Staxringold, SmackBot, Haza-w, Rtc, Hammerite, ScaldingHotSoup, Eskimbot, Zanetu, BiT, Bluebot, Codeninja42, JDCMAN, Miquonranger03, MalafayaBot, Dethme0w, CaptainCarrot, Stormchaser, Frap, PoiZaN, Ultra-Loser, Chlewbot, Etu, Rrburke,
Cybercobra, Nakon, Drc79, Foolish Child, Minna Sora no Shita, Hvn0413, Mets501, Dr.K., Clarityend, Ouzo~enwiki, Courcelles, Filter1987, Tawkerbot2, Haneul, Bakanov, Neelix, Sideshow Todd, Myasuda, Jack mcdonagh, Clayoquot, Gogo Dodo, Chasingsol, Evogol,
DumbBOT, Kozuch, Soccer skills, Thijs!bot, Epbr123, LactoseTI, Mchtegern, CTZMSC3, AntiVandalBot, Luna Santin, Seaphoto, CobraWiki, Rossj81, Mgeel, Oddity-, Markthemac, Barek, CosineKitty, Wootery, Hawk90, Andreas Toth, JamesBWatson, Froid, Justaguy1,
HastyDeparture, AndyI, A2-computist, Ryan1918, MartinBot, Kateshortforbob, Exarion, J.delanoy, Trusilver, WarthogDemon, Thomas
Larsen, NewEnglandYankee, Wilson.canadian, Juliancolton, Crabworld, Tkgd2007, Yasuna, TheFrankinator, Lights, Vranak, Sparklism,
VolkovBot, DSRH, Lexein, Supersonicjim, Philip Trueman, Anonymous Dissident, Imasleepviking, Seraphim, Haseo9999, Necris, Logan,
184
W00taliter, Dawn Bard, Texmexsam111, MarkinBoston, Mr. Stradivarius, Atif.t2, ClueBot, Mattgirling, VQuakr, Excirial, Rhododendrites, Andrew81446, Alexey Muranov, Thingg, XLinkBot, FactChecker1199, ErkinBatu, Alexius08, Brilliantine, Addbot, Xp54321,
Proxima Centauri, Freqsh0, Sdribybab222, Jaydec, 5 albert square, Jarble, Lolgailzlz, Yobot, Jackie, M9.justin, Ajh16, THEN WHO WAS
PHONE?, Skhu25993, Byeitical, Jim1138, Materialscientist, Citation bot, ShornAssociates, LaRoza, ArthurBot, Xqbot, The sock that
should not be, Tyrol5, Peanuter, Ssarti, Amaury, Caseeaero, Cho fan, Afromayun, JoeJev, Evalowyn, I dream of horses, Hoo man, RedBot, SpaceFlight89, Lemonsourkid, Lotje, Neptunerover, Reaper Eternal, Merlinsorca, Diannaa, Tbhotch, DASHBot, EmausBot, WikitanvirBot, Gfoley4, Tommy2010, AsceticRose, Chealsearock, John Cline, Demonkoryu, Ocaasi, Randiv, Donner60, AndyTheGrump,
Jlatto, Iarkey1337, Angwatch, ClueBot NG, Pcight, K8ylynnn, Helpful Pixie Bot, Lowercase sigmabot, The Almightey Drill, Astros4477,
No1dead, HappiestDrunk, EagerToddler39, Philip J Fry, Lugia2453, 93, Fusingwharf, Movinggun, Pwnyy, DavidLeighEllis, Someone not
using his real name, SS7 Somebody, Bs9987, ThatRusskiiGuy, WikiWinters, Peterpacz1, Melcous, Doyouqa, Swagstar124, ChiTownDev,
Kostubbs, Jizzle nizzle, Yaser09363239065 and Anonymous: 408
Spyware Source: http://en.wikipedia.org/wiki/Spyware?oldid=659159185 Contributors: The Epopt, WojPob, LC~enwiki, Eloquence,
Vicki Rosenzweig, Mav, Zundark, Berek, Toby Bartels, Fubar Obfusco, SimonP, Ellmist, R Lowry, Modemac, KF, Frecklefoot, Edward, Willsmith, Fred Bauder, Pnm, Tannin, Wwwwolf, Tgeorgescu, Karada, Ahoerstemeier, DavidWBrooks, Haakon, Mac, Arwel
Parry, Notheruser, Darkwind, Mcy85, Julesd, Cgs, Glenn, Bogdangiusca, Slusk, Phenry, Evercat, Raven in Orbit, Mydogategodshat,
Guaka, Aarontay, Mbstone, RickK, Dysprosia, WhisperToMe, Wik, Pedant17, Jake Nelson, Grendelkhan, Saltine, ZeWrestler, Sabbut,
Wernher, Bevo, Joy, Khym Chanur, Fvw, Raul654, Pakaran, Jamesday, Denelson83, PuzzletChung, Aenar, Robbot, Paranoid, Senthil,
ChrisO~enwiki, Korath, Tomchiukc, Vespristiano, Moondyne, ZimZalaBim, Psychonaut, Yelyos, Modulatum, Lowellian, Mirv, JustinHall, Stewartadcock, Academic Challenger, Texture, Meelar, LGagnon, DHN, Hadal, Dehumanizer, Wereon, Michael Snow, Boarder8925,
ElBenevolente, Anthony, Mmeiser, Lzur, Tobias Bergemann, Alerante, Alexwcovington, DocWatson42, Fennec, Inter, Lupin, Ferkelparade, Everyking, Kadzuwo~enwiki, Rookkey, Frencheigh, FrYGuY, Gracefool, Daniel Brockman, Zoney, Pascal666, AlistairMcMillan,
Spe88, SWAdair, Golbez, Justzisguy, Gadum, Shibboleth, Toytoy, CryptoDerk, GeneralPatton, Quadell, Antandrus, OverlordQ, The
Trolls of Navarone, Piotrus, Quarl, Khaosworks, MFNickster, Kesac, Jesster79, Maximaximax, SeanProctor, Bumm13, Kevin B12,
Sam Hocevar, Sridev, TonyW, Rantaro, Neutrality, Joyous!, Jcw69, Adashiel, JamesTeterenko, Grunt, Guppynsoup, Mike Rosoft,
Maryevelyn, Tom X. Tobin, Monkeyman, Poccil, Imroy, Maestro25, Naryathegreat, Discospinster, Twinxor, Rich Farmbrough, Rhobite, Andros 1337, MCBastos, Clawed, YUL89YYZ, Mani1, Tinus, Pavel Vozenilek, Martpol, Paul August, SpookyMulder, ESkog,
JoeSmack, Violetriga, Brendandonhue, CanisRufus, *drew, Fireball~enwiki, Mwanner, Perspective, Aude, Spoon!, Femto, Incognito,
ZooCrewMan, Sole Soul, Bobo192, Longhair, Meggar, Flxmghvgvk, Mikemsd, Chessphoon, Cwolfsheep, Alpheus, Jag123, Alexs letterbox, Visualize, Minghong, Wrs1864, Haham hanuka, Jonathunder, SPUI, ClementSeveillac, Nkedel, Espoo, Danski14, Alansohn,
JYolkowski, Cronus, GRider, Interiot, Arthena, Rd232, Jeltz, Andrewpmk, Plumbago, Zippanova, T-1000, Kocio, InShaneee, DavidCWG, Idont Havaname, Blobglob, BanyanTree, Uucp, Yuckfoo, Evil Monkey, BlastOButter42, Kusma, Jsorensen, Someoneinmyheadbutitsnotme, Zootm, Kerry7374, Mikenolte, 4c27f8e656bb34703d936fc59ede9a, Kyrin, Bobrayner, Weyes, Boothy443, Kelly Martin,
Woohookitty, LostAccount, Mindmatrix, Vorash, TigerShark, Scriberius, LOL, Nuggetboy, Localh77, Daniel Case, Baysalc, Snotty
(renamed), WadeSimMiser, Drongo, Schzmo, BlaiseFEgan, Rchamberlain, Zzyzx11, Leemeng, Wayward,
, Zhen-Xjell, Stefanomione, Karam.Anthony.K, Zpb52, Palica, Allen3, MassGalactusUniversum, Graham87, Marskell, Deltabeignet, Magister Mathematicae, BD2412, Roger McCoy, RadioActive~enwiki, MauriceJFox3, Jclemens, Icey, Josh Parris, Canderson7, Sjakkalle, Seidenstud, Coemgenus, Baeksu, Eyu100, Dannysalerno, Amire80, Carbonite, Harro5, Nneonneo, Oblivious, Roivas, Creative210, OKtosiTe,
Hermione1980, AySz88, Yamamoto Ichiro, Teddythetank, Eexlebots, RainR, Titoxd, FlaBot, Ecb29, Ian Pitchford, RobertG, Otnru,
HowardLeeHarkness, Arlondiluthel, JiFish, Avalyn, JYOuyang, Klosterdev, Rune.welsh, RexNL, Gurch, Quuxplusone, Intgr, Bmicomp,
Noxious Ninja, Butros, King of Hearts, KaintheScion, Scoops, Bornhj, DVdm, Ariele, Voodoom, Bgwhite, YurikBot, Wavelength, Aleahey,
Splintercellguy, Kencaesi, Kafziel, Adam1213, Pleonic, Hede2000, Bhny, Richjkl, Paul Quirk, Admiral Roo, Kirill Lokshin, Pvasiliadis,
Van der Hoorn, Akamad, Chensiyuan, Amanaplanacanalpanama, Stephenb, Manop, Barefootguru, Coyote376, Gaius Cornelius, CambridgeBayWeather, Kyorosuke, Member, Wimt, MarcK, Crazyman, Wiki alf, Dialectric, God Of All, AlMac, RazorICE, Irishguy, Brian
Crawford, Kynes, Rmky87, Ugnius, Amcfreely, Misza13, FlyingPenguins, Zephalis, Pablomartinez, DeadEyeArrow, Bota47, Xpclient,
Flipjargendy, Romal, Wknight94, Graciella, Zzuuzz, Encephalon, Gorgonzilla, Bayerischermann, AtOMiCNebula, Theda, Abune, Reyk,
Dspradau, Sean Whitton, BorgQueen, GraemeL, Shawnc, Peter, QmunkE, Emc2, JLaTondre, MagneticFlux, Che829, Bluezy, Katieh5584,
Kungfuadam, Plethorapw, NeilN, Leuk he, Kingboyk, Destin, Mardus, SkerHawx, That Guy, From That Show!, SG, Attilios, Veinor,
MacsBug, Firewall-guy, SmackBot, Colinstu, Estoy Aqu, Justinstroud, KnowledgeOfSelf, Royalguard11, CompuHacker, Georgeryp,
Blue520, Davewild, Matthuxtable, Stie, ElDakio, Delldot, KelleyCook, ProveIt, Vilerage, Ccole, Kaunietis25, Gilliam, Ohnoitsjamie,
Jushi, Oscarthecat, Skizzik, Chaojoker, ERcheck, Gary09202000, Chris the speller, Parajuris, Skintigh, Chemturion, Thumperward,
Christopher denman, SchftyThree, Deli nk, Octahedron80, DHN-bot~enwiki, Darth Panda, Trimzulu, Jmax-, Can't sleep, clown will
eat me, Frap, Episteme-jp, Nixeagle, JonHarder, Korinkami, Rablari Dash, Homestarmy, Xyzzyplugh, Jax9999, Midnightcomm, Mr.Zman, Gabi S., Cybercobra, Engwar, Nakon, GhostDancer, Monotonehell, Warren, Weregerbil, Polonium, Sbluen, Sljaxon, Twain777,
Fredgoat, Jeremyb, Kotjze, Nevyan, MOO, Risker, DataGigolo, Clicketyclack, SashatoBot, Rory096, Swatjester, JethroElfman, Heimstern, Tor Stein~enwiki, Xaldafax, Minna Sora no Shita, Abdomination, Llamadog903, PseudoSudo, LebanonChild, Chrisch, Mr. Vernon, Andypandy.UK, Jcmiras, Alistairphillips, Alistair.phillips1, Darklord.dave, MrArt, Mphill14, SandyGeorgia, Camp3rstrik3r, Jam01,
Rip-Saw, Vernalex, Michael.koe, Sifaka, Jnk, Iridescent, Lonyo, JoeBot, Cowicide, Gholam, 10014derek, JHP, J Di, IvanLanin, Igoldste, Cbrown1023, RekishiEJ, AGK, Linkspamremover, Astral9, Kanecain, Mzub, Tawkerbot2, Morryau, Jasrocks, SMRPG, Clintmsand,
Alestrial, AbsolutDan, SkyWalker, J Milburn, JForget, FleetCommand, Anon user, Wikkid, Xlegiofalco, Ewc21, DevinCook, Pockle,
Raceprouk, Green caterpillar, El aprendelenguas, Kejoxen, Herenthere, CJBot, Angelsfreeek, Kribbeh, Phatom87, TheBigA, Cydebot,
Treybien, Steel, Gogo Dodo, Mroesler, Tiger williams, Bigjake, Shirulashem, Christian75, Codetiger, DumbBOT, TheJC, Omicronpersei8, Zalgo, Lo2u, Jed keenan, Satori Son, FrancoGG, Thijs!bot, Epbr123, Wikid77, Ilpalozzo, Supermario99, Daniel, Wikikiki~enwiki,
Nonagonal Spider, Who123, Rcandelori, Jojan, Moulder, West Brom 4ever, A3RO, Cool Blue, Grayshi, CharlotteWebb, Nick Number, Wai Wai, Wikidenizen, Dawnseeker2000, Natalie Erin, Silver Edge, Escarbot, CamperStrike, Andykitchen, Mentisto, Mr.Fraud,
AntiVandalBot, Operator link, Luna Santin, Ownlyanangel, Schooop, Anotherpongo, Dylan Lake, Kmesserly, Shlomi Hillel, Pixelface,
Jenny Wong, Falconleaf, Alevine-eantick, Qwerty Binary, Ingolfson, JAnDbot, Hiddenstealth, Ginza, Barek, Epeeeche, BCube, Bhaddow, D. Kapusta, Dcooper, The elephant, Entgroupzd, MadMom2, Kipholbeck, SteveSims, Magioladitis, Bongwarrior, VoABot II,
Mike5906, Abbadox, Yandman, Dfense, XPOTX, Tedickey, Twsx, Mikey129, LonelyWolf, Alekjds, Violetness, Robotman1974, Allstarecho, Cpl Syx, Fang 23, Bugtrio, Fayul, Glen, Myststix, Pikolas, Gwern, Atulsnischal, Ksero, Gundato, Hdt83, MartinBot, M3tal H3ad,
CliC, BetBot~enwiki, Flamingpanda, Axlq, Skipatek, Lcaa9, Ittan, R'n'B, I2omani, Bgold4, RaccoonFox, J.delanoy, Fakir005, Trusilver, Deonwilliams, Neon white, Singing guns, Dispenser, Justinm1978, LordAnubisBOT, 2IzSz, Thomas Larsen, Compman12, Freejason,
Demizh, Jwright1, Legendsword, AntiSpamBot, WikiChip, TomasBat, Bushcarrot, NewEnglandYankee, Hellohellohello007, ,
Fsf~enwiki, Juliancolton, WarFox, Atama, Teggis, Redrocket, Wiki989, Mguy, Kiyo o, VolkovBot, ChrisPerardi, Je G., Tesscass,
185
Dajahew1, TXiKiBoT, Zidonuke, Moogwrench, KevinTR, Rei-bot, GcSwRhIc, Shindo9Hikaru, Oxfordwang, Anna Lincoln, Melsaran,
Martin451, LeaveSleaves, Alexarankteam, Master Bigode, Wikiisawesome, Copper20, Trickiality, Bercyon, Billinghurst, The Negotiator,
Haseo9999, Flamesrule89, Willbrydo, Digita, Mickelln, LittleBenW, AlleborgoBot, Fredtheyingfrog, Fabioejp, EmxBot, Overtheblock,
Supery789, SieBot, Techwrite, Spartan, Backpackkk, Backpack123, Gorx, Jack Merridew, IHateMalware, Dawn Bard, Schwartz, Ken,
Sephiroth storm, WJerome, Arda Xi, Pdub567, Oda Mari, Arbor to SJ, Jojalozzo, Nosferatus2007, Oxymoron83, Faradayplank, AngelOfSadness, Wjemather, ImageRemovalBot, Loren.wilton, ClueBot, Mr. pesci, GorillaWarfare, Fyyer, The Thing That Should Not Be,
College222, Darthveda, Drmies, Mild Bill Hiccup, Braksus, Mackmar, Milenamm, Absmith111, Tokyogamer, Christineokelly, Bichon,
Emperordarius, Igorberger, Rhododendrites, WalterGR, WWriter, Anti328, DanielPharos, Morriske, Apparition11, SF007, DumZiBoT,
Adams527, Mikon8er, XLinkBot, ICaNbEuRsOuLjAgIrL, Skarebo, SilvonenBot, Alexius08, Noctibus, Dubmill, Addbot, Deepmath, Clsdennis2007, Wowrocker2, Joost Kieviet, SuperSmashBros.Brawl777, AndrewJNeis, Christos2121, 15lsoucy, Ronhjones, Leszek Jaczuk,
Skyezx, MrOllie, Glane23, Chzz, Debresser, Favonian, Mike A Quinn, Evildeathmath, Lightbot, OlEnglish, Qwertyytrewqqwerty, Fiilott,
Luckas-bot, Yobot, Sdalk208, TaBOT-zerem, Voyage34, Aaronit~enwiki, Egosintrick, THEN WHO WAS PHONE?, SeanTheBest949,
Writerjohan, KamikazeBot, Fortmadder, TJDishaw6, Quentinv57, AnomieBOT, Keepitreal74, Roman candles, Jim1138, MinnetonkaCZ,
IRP, Galoubet, Piano non troppo, AdjustShift, Wasisnt, Yachtsman1, Ulric1313, Materialscientist, Danno uk, The Firewall, Xqbot, Sionus,
Capricorn42, Dubboy1969, Avastik, Junkcops, Katcrane, Halstonm, PraeceptorIP, Mlpearc, S0aasdf2sf, Ragityman, Danalpha31, Kurtdriver, BubbleDude22, Prunesqualer, Mathonius, IShadowed, Vuletrox, Luminique, Fastguy397, VS6507, DigitalMonster, Cykloman15,
Flakmonkey24, HamburgerRadio, Yodaddy4276, Jammy467, Pinethicket, Idemnow, Jacobdead, Chucknorriss007, JNorman704, Ngyikp,
Brian Everlasting, SpaceFlight89, RandomStringOfCharacters, OMGWEEGEE2, Reconsider the static, MichaelRivers, Sahil16, Dinamikbot, Vrenator, Halti1328, Sammonaran, Jerd10, JV Smithy, Thunerb, Tbhotch, Luis8750, RjwilmsiBot, VernoWhitney, Buggie111,
Xvunrealvx, Nabahat, EmausBot, John of Reading, Marmbrus, Bob22234, Dewritech, RA0808, L235, Tommy2010, Wikipelli, K6ka,
Boysfood, Zach eastburn, Rocopter23, EneMsty12, L0ngpar1sh, Wayne Slam, Isarra, Hidbaty223, Janesilentbob, Damirgrati, FloridaShawn123, GrayFullbuster, Jschwa12, ClueBot NG, Karlson2k, Cntras, Braincricket, 123Hedgehog456, O.Koslowski, Chikkey007,
Widr, Neilacharya, Pattiewillford, Rubybarett, Icallitvera, DBigXray, Kwolton, Jordan james elder, PatrickCarbone, Larda, MusikAnimal, EmadIV, Brilubic2, YolentaShield, Cre8tin, Mechanic1545, VanEman, RobertEdingerPHD, Egyptianmorrow, J3zzy1998DBZ,
Jeremy112233, Cyan.aqua, Squishy901, Rms1524, ZappaOMati, EuroCarGT, Dexbot, Cwobeel, Codename Lisa, Jamiedude2002, Geniusmanship, SFK2, Sourov0000, Corn cheese, Allne1972, Franois Robere, Melonkelon, Eyesnore, Yuvalg9, Jameii123, Muhammadbabarzaman, MountRainier, Majidmec, Babitaarora, Ymd2004, Someone not using his real name, Jianhui67, Dannyruthe, Mickel1982,
7Sidz, BethNaught, Qwertyxp2000, Wii , Zaixar, 7thwave1, Julietdeltalima, Silien2002, MagyVi, Securitysentry, Tripboom, Jiesenpan
and Anonymous: 1354
Timeline of computer security hacker history Source: http://en.wikipedia.org/wiki/Timeline%20of%20computer%20security%
20hacker%20history?oldid=662294118 Contributors: ChangChienFu, Edward, Nixdorf, Eurleif, Sannse, Delirium, Paul A, Minesweeper,
Tregoweth, Ronz, Snoyes, Cimon Avaro, Evercat, GCarty, Conti, Ylbissop, PatriceNe, Reddi, Ike9898, Zoicon5, Jnc, Topbanana,
Jeq, RadicalBender, Sjorford, Gentgeen, Robbot, Fredrik, Sanders muc, RedWolf, Altenmann, Stewartadcock, Jy, PBP, Pengo,
GreatWhiteNortherner, Davidcannon, Dave6, DocWatson42, Jtg, Kenny sh, Everyking, Niteowlneils, Broux, Maroux, DO'Neil, AlistairMcMillan, The zoro, Gzornenplatz, Matt Crypto, Alvestrand, Bobblewik, Gadum, Utcursch, Ruy Lopez, Long John Silver~enwiki,
Beland, Tim Pritlove, Kbrooks, Neutrality, Eisnel, Zoganes, Orange Goblin, D6, Wikiti, Guanabot, Ponder, Calebbell, Thebrid, CanisRufus, NetBot, Adrian~enwiki, Draconiszeta, RussBlau, Hektor, JaveCantrell, Inky, Bart133, Yolgie, M3tainfo, Danthemankhan, Guthrie,
H2g2bob, Markaci, Lkinkade, Jbl, Brunnock, Myleslong, Skyraider, Amatus, Scm83x, Allen3, Rjwilmsi, Koavf, Vegaswikian, Bensin,
Ground Zero, JdforresterBot, Kmorozov, Ewlyahoocom, TheDJ, Alvin-cs, Bgwhite, RussBot, Gaius Cornelius, EWS23, Mipadi, BirgitteSB, DeadEyeArrow, Izcool, Haemo, American2, Deville, Closedmouth, Arthur Rubin, Dcb1995, Rwwww, UltimatePyro, SmackBot,
Jereykopp, Rtc, Zazaban, Anarchist42, 6Akira7, Resorb, Mauls, Commander Keane bot, Gilliam, GoneAwayNowAndRetired, Chris the
speller, TimBentley, Snori, Roscelese, Steelmanronald, CSWarren, Kungming2, Colonies Chris, Wesw02, Racklever, ConMan, Warren,
Tlmii, Blututh, Wizardman, KeithB, Via strass, Tomhubbard, DavidBailey, Breno, Dipset1991, Lightshadow~enwiki, Mets501, Xionbox,
Zepheus, BranStark, Octane, Switchercat, CmdrObot, No1lakersfan, Dalen talas, Ngileadi, DrunkenSmurf, Alaibot, Satur9, Epbr123,
NOYGDB-YHNNTK, Karin Spaink, Esemono, Jimhoward72, Nick Number, AntiVandalBot, Pipedreamergrey, Tqbf, Magioladitis, Tinucherian, Seigiac, Firealwaysworks, Animum, Edward321, Esanchez7587, Gun Powder Ma, Gwern, Pauly04, Coradon, Jargon777, Maurice Carbonaro, Shatner1, Craigmascot, Znx, SmackTacular, S, TheNewPhobia, Funandtrvl, Sam Blacketer, Indubitably, DBZROCKS,
Seb az86556, Haseo9999, Oriaj, Chahax, Sue Rangell, BlueClerica, TJRC, Scarian, Malcolmxl5, Nathan, Matt Brennen, Happysailor,
Mandsford, Oxymoron83, SilverbackNet, CultureDrone, Denisarona, Faithlessthewonderboy, Martarius, ClueBot, Plastikspork, Mild Bill
Hiccup, Niceguyedc, Arunsingh16, Sv1xv, Leonard^Bloom, Rhododendrites, Sun Creator, Arjayay, Dark-Basics, DanielPharos, Gencturk~enwiki, J3r3m3, Galt 57, DumZiBoT, UnUnNilium, XLinkBot, Ost316, RyanCross, Addbot, Montgomery '39, Cst17, Mohamed
Magdy, Download, Sashi Degodeshi, Freqsh0, Chzz, Boydays, Yobot, TaBOT-zerem, Lacrymocphale, SwisterTwister, Backslash Forwardslash, AnomieBOT, Noq, Jim1138, Materialscientist, Citation bot, Miles86, LilHelpa, Sixequalszero, Alexnickell, Uitham, Shadowjams, FrescoBot, Haeinous, Meishern, HamburgerRadio, Citation bot 1, I dream of horses, Jeger, Full-date unlinking bot, Arbero,
Onel5969, Hobbes Goodyear, RjwilmsiBot, In ictu oculi, Acather96, Dixtosa, Szawi, Dewritech, GoingBatty, Wikipelli, Josve05a, Wikfr,
Brandmeister, L Kensington, ClueBot NG, Jack Greenmaven, LogX, Catlemur, Steve dexon, Killawattson, Widr, Kleinash, Helpful Pixie
Bot, Mrorville1, YusufZ, Rsotillo, MusikAnimal, Hackingtag, Neishamonaya, Conifer, Fylbecatulous, BattyBot, Mgreen11, Pratyya Ghosh,
Tonyxc600, MikeTaylor1986, CooKiee2012, Maestro814, Codename Lisa, Lugia2453, Jamesx12345, Izniz, Cody Allan, Everymorning,
JacobiJonesJr, The Herald, JaconaFrere, InfoSecGuy, Magma1983, Parveen97, Tjb5228, SirJohnWilliams, Beardog108 and Anonymous:
367
Trojan horse (computing) Source: http://en.wikipedia.org/wiki/Trojan%20horse%20(computing)?oldid=662342900 Contributors:
Damian Yerrick, Paul Drye, MichaelTinkler, LC~enwiki, Mav, Bryan Derksen, Zundark, Rjstott, Andre Engels, Gianfranco, Mincus,
Heron, R Lowry, Michael Hardy, Voidvector, Pnm, Dori, Ahoerstemeier, Ronz, Darrell Greenwood, Julesd, Glenn, Jiang, Ryuukuro,
Timwi, Andrevan, Ww, WhisperToMe, SEWilco, Chuunen Baka, Robbot, Kizor, Schutz, Altenmann, Puckly, Premeditated Chaos, Sunray, Tbutzon, Saforrest, Borislav, Miles, Splatt, Cyrius, GreatWhiteNortherner, Giftlite, Fennec, Brian Kendig, No Guru, Wikibob, Leonard
G., ZeroJanvier, AlistairMcMillan, Fanf, Matt Crypto, PlatinumX, SWAdair, SoWhy, Knutux, SURIV, Antandrus, Tbjablin, Kesac, Asriel86, Bumm13, Trafton, Shiftchange, Monkeyman, A-giau, Discospinster, Sperling, Stereotek, JoeSmack, CanisRufus, Shanes, Sietse
Snel, One-dimensional Tangent, Yono, Bobo192, Alexandre.tp, Cmdrjameson, Chirag, DCEdwards1966, Haham hanuka, Jjron, Ranveig, Alansohn, Anthony Appleyard, Guy Harris, Andrewpmk, M7, Riana, Sade, Ciaran H, Kesh, Danhash, Evil Monkey, BDD, Versageek, Brookie, Nuno Tavares, Woohookitty, Mindmatrix, TigerShark, Myleslong, Matey~enwiki, Briangotts, Pol098, WadeSimMiser,
Easyas12c, Optichan, Gyrae, Mekong Bluesman, Graham87, Jclemens, Enzo Aquarius, Rjwilmsi, JoshuacUK, Blacktoxic, NeonMerlin,
ElKevbo, Aapo Laitinen, AySz88, Andrzej P. Wozniak, RainR, RobertG, JiFish, Bubbleboys, Ewlyahoocom, Alexjohnc3, TheDJ, DevastatorIIC, Ben-w, Gr8dude, M7bot, Ahunt, Chobot, DVdm, Roboto de Ajvol, Angus Lepper, Sceptre, Ytgy111, Kerowren, Eleassar, Ptomes,
186
Wimt, NawlinWiki, Wiki alf, Dialectric, RattleMan, Johann Wolfgang, Vincspenc, THB, Ugnius, Nick C, Kenkoo1987, T, Lockesdonkey,
Wknight94, Niggurath, Zzuuzz, E Wing, Jogers, GraemeL, Ethan Mitchell, RandallZ, Airconswitch, Suburbancow, CIreland, Jaysscholar,
Slampaladino, J2xshandy, Scolaire, SmackBot, Kellen, Unschool, Narson, Bobet, Tarret, KocjoBot~enwiki, Delldot, KelleyCook, Jpvinall,
Arsenaldc1988, Gilliam, Ohnoitsjamie, Spamhuntress, Snori, Tree Biting Conspiracy, Miquonranger03, Gareth, LaggedOnUser, Lexlex,
DHN-bot~enwiki, Jereyarcand, Abaddon314159, Can't sleep, clown will eat me, MyNameIsVlad, Frap, Christan80, KaiserbBot, Rrburke,
TKD, Emre D., Nibuod, Sljaxon, Drphilharmonic, HDow, LeoNomis, Richard0612, Clicketyclack, Neverender 899, SS2005, Kuru, Jidanni, Gobonobo, Sir Nicholas de Mimsy-Porpington, Evan Robidoux, UkNegative, 041744, JHunterJ, George The Dragon, Alethiophile,
Waggers, Iridescent, Redskull619, IvanLanin, JoeE, Blehfu, Courcelles, Linkspamremover, Astral9, Mzub, ChrisCork, Switchercat, SkyWalker, JForget, DJPhazer, CmdrObot, Wafulz, Makeemlighter, ParadoX, CWY2190, Rikva, Lishy Guy, Jesse Viviano, INVERTED,
Neelix, Funnyfarmofdoom, Equendil, Slazenger, MC10, Red Director, SnootyClaus, Strom, Mr. XYZ, Shirulashem, UnDeRsCoRe, Rud
Almeida, Omicronpersei8, Rocket000, Thijs!bot, Epbr123, Blademaster313, N5iln, Laboye, Vertium, John254, James086, Leon7, Danfreedman, Mule Man, Dawnseeker2000, Mentisto, AntiVandalBot, Luna Santin, Widefox, Seaphoto, Oducado, Karthik sripal, Rhugginsahammond, JAnDbot, Xhienne, El Dominio, Vaclon, HellDragon, Mishrankur, Freedomlinux, VoABot II, Nyq, Jrg7891, SineWave,
GODhack~enwiki, Indon, Cailil, Esanchez7587, Shuini, DidierStevens, Charitwo, Gwern, Atulsnischal, MartinBot, Axlq, Jonathan Hall,
R'n'B, JohnNapier, J.delanoy, Patsyanks06, Legoboy2000, Catmoongirl, Didgeman, Mccajor, McSly, RichJizz123, Demizh, Evils Dark,
Gurchzilla, AntiSpamBot, Dividing, LeighvsOptimvsMaximvs, Shoessss, Cue the Strings, Andrewcmcardle, Darryl L James, Bonadea,
Martial75, Ditre, Anapologetos, ThePointblank, CardinalDan, Burlywood, Deor, VolkovBot, ABF, Je G., Sulcage, Rtrace, VasilievVV,
Jacroe, Ryan032, Philip Trueman, PGSONIC, Af648, Zidonuke, Dorcots, Floddinn, Drake Redcrest, Rei-bot, Crohnie, Arnon Chafn, Warrush, Anna Lincoln, Clarince63, Undine235, LeaveSleaves, ^demonBot2, Lukes123, Skittles266, BotKung, Hurleyman, SpecMode, Darkness0110, Madhero88, Peteritism, Haseo9999, Falcon8765, Enviroboy, Insanity Incarnate, Why Not A Duck, Spitre8520,
LittleBenW, AlleborgoBot, Logan, PGWG, Numbuh48, Firefoxobsession, Ramesseum, Softpile, Copana2002, SieBot, Teh nubkilr, BotMultichill, Krawi, Josh the Nerd, Caltas, Eagleal, RJaguar3, X-Fi6, Chiroz, Sephiroth storm, Johnnyeagleisrocker, Happysailor, Flyer22,
Caidh, Oxymoron83, Kosack, Hobartimus, Drsamgo, Bcrom, Hamiltondaniel, AtteOOIE, Snarkosis, The sunder king, Martarius, ClueBot, Jimmyrules1, Damonkeyman889944, Avenged Eightfold, Binksternet, Artichoker, The Thing That Should Not Be, IceUnshattered,
Lawrence Cohen, Ndenison, Wysprgr2005, Ascabastion, Zarkthehackeralliance, Mild Bill Hiccup, Piriczki, Infogaure, CounterVandalismBot, Dandog77, Aabrol19, Dennistang2007, Gunnar Kreitz, Somno, Aua, Excirial, Jusdafax, PixelBot, Eeekster, Bde1982, Rhododendrites, Mac1202, Lunchscale, WalterGR, Doctor It, Jaizovic, DanielPharos, JaneGrey, Taranet, VIKIPEDIA IS AN ANUS!, 7, Ranjithsutari, Berean Hunter, Egmontaz, Alchemist Jack, Polemos~enwiki, XLinkBot, Spitre, NiveusLuna, Jovianeye, Feinoha, TFOWR,
ErkinBatu, Mifter, Alexius08, Noctibus, Addbot, Some jerk on the Internet, Landon1980, A.qarta, Friginator, Markyman12, Ronhjones,
Ashton1983, Nirajdoshi, MrOllie, Download, Morning277, Ericzhang789, London-infoman, D.c.camero, Glane23, Exor674, SamatBot,
Arteyu, Theman98, Politoed666, Numbo3-bot, Tide rolls, Legion79, Krano, Apteva, Teles, Zorrobot, Jarble, Arbitrarily0, Fdaneels,
Koru3, Legobot, Helpfulweasal, Yobot, 2D, Fraggle81, Cm001, Xxxpivjtxxx, NERVUN, Nallimbot, QueenCake, Sujit.jhare, South Bay,
AnomieBOT, KDS4444, DemocraticLuntz, Rubinbot, Captain Quirk, Jim1138, Chuckiesdad, Materialscientist, Arezey, Frankenpuppy,
Xqbot, Capricorn42, Robot85, Liorma, Bihco, Jsharpminor, KrisBogdanov, Mlpearc, S0aasdf2sf, GrouchoBot, Megamonkeyextreme, RibotBOT, SassoBot, TrueGlue, Amaury, JulianDelphiki, Shadowjams, SchnitzelMannGreek, Vanatom, Thehelpfulbot, Trojan1223, FrescoBot, Untilabout9am, Daerlun, Clubmaster3, Michael93555, Scottaucoin89, A little insignicant, Haein45, HamburgerRadio, Mitchell
virus, Launchballer, Winterst, I dream of horses, Vicenarian, Edderso, Jacobdead, A8UDI, Rihdiugam, Ddspec, Robo Cop, Pcuser42, GWPSP090, Ksanexx, DixonDBot, Lamarmote, Miiszmylove, MichaelRivers, Vrenator, Reaper Eternal, Jerd10, Specs112, Vanished user
aoiowaiuyr894isdik43, Ciscorx, Minimac, Ameypersonsave, DARTH SIDIOUS 2, MMS2013, Lowoox, SMARTCUTEFUNNYXD, Brandonprince00, NerdyScienceDude, Limited2fan, Slon02, DASHBot, EmausBot, Super48paul, Fly by Night, L235, Tommy2010, Wikipelli,
TheGeomaster, Skaera, Ida Shaw, Dalek32, Traxs7, Eldruin, EneMsty12, Lolcat56734, Coasterlover1994, Sahimrobot, L Kensington,
Donner60, ClueBot NG, Cwmhiraeth, MunMan999, Gareth Grith-Jones, MelbourneStar, Bped1985, Augustalex, Muon, Braincricket,
Mesoderm, Rezabot, Widr, OKIsItJustMe, Madpigeon12, Strike Eagle, Titodutta, Complol2234343, Robbiecee2, Wiki13, MusikAnimal, AvocatoBot, Desenagrator, Mark Arsten, Sbd01, Onewhohelps, 1ravensnfan, Snow Blizzard, MrBill3, Glacialfox, Kelvinruttman,
Tutelary, Niraj.adyyyy, Th4n3r, Hsr.rautela, Adhithyan15, ChrisGualtieri, MadGuy7023, JayMyers-NJITWILL, Ghostman1947, Rezonansowy, SoledadKabocha, Djairhorn, Lugia2453, JoshLyman2012, Jc86035, Siravneetsingh, Soda drinker, Sourov0000, Cablewoman,
Bugzeeolboy, NimaBoscarino, RootSword, Dave Braunschweig, Epicgenius, CatBallSack, Eyesnore, Gaman0091, Khabir123, Kushay titanium, Someone not using his real name, Manish2911, Oranjelo100, Dannyruthe, Sathishguru, STH235SilverLover, Joseph 0515, Marp pro,
Rkpayne, Monkbot, Sidharta.mallick, Filedelinkerbot, Abcdfeghtys, Laura J. Pyle, Biblioworm, TerryAlex, Classofthewise, Earthquake58,
HamadPervaiz, Helpguy77, TQuentin, James the king12, JeremiahY, TeacherWikipedia, OldMcdonald12345 and Anonymous: 1149
Vulnerability (computing) Source: http://en.wikipedia.org/wiki/Vulnerability%20(computing)?oldid=661677087 Contributors: Kku,
CesarB, Ronz, Joy, Eugene van der Pijll, Phil Boswell, ZimZalaBim, Waldo, Sdsher, Jason Quinn, Wmahan, Utcursch, Beland, WhiteDragon, Quarl, FrozenUmbrella, Mozzerati, Discospinster, Xezbeth, Mani1, Adequate~enwiki, InShaneee, Velella, Mindmatrix, Ahouseholder, Ruud Koot, Macaddct1984, Mandarax, Tslocum, BD2412, Ketiltrout, Rjwilmsi, Jweiss11, ElKevbo, Naraht, Brownh2o, Chobot,
YurikBot, Gardar Rurak, Gaius Cornelius, Irishguy, Gru~enwiki, Perry Middlemiss, Mugunth Kumar, Abune, SmackBot, Mmernex,
AnOddName, Gilliam, PJTraill, Chris the speller, Persian Poet Gal, Manuc66~enwiki, JonHarder, Solarapex, Chris palmer, Mistress
Selina Kyle, FlyHigh, Lambiam, Derek farn, Xandi, Beetstra, Ehheh, Nevuer, Dreftymac, JoeBot, Jbolden1517, Penbat, Vanished user
fj0390923roktg4tlkm2pkd, Thijs!bot, EdJohnston, Obiwankenobi, Dman727, Eleschinski2000, S.C.F, Esanchez7587, CliC, Fleetame,
Ash, Jesant13, Anant k, Sarveshbathija, Touisiau, Jramsey, Tanjsta, TXiKiBoT, Softtest123, Zhenqinli, Michaeldsuarez, Haseo9999,
Swwiki, LittleBenW, Sassy410, JuTiLiu, Securityphreaks, Phe-bot, Cenzic, Jojalozzo, Jruderman, Ottawahitech, Dcampbell30, Liquifried,
WalterGR, DanielPharos, PotentialDanger, Sensiblekid, Fathisules, Addbot, Larry Yuma, SpBot, Tide rolls, Luckas-bot, BaldPark, Yobot,
Djptechie, Sweerek, AnomieBOT, MistyHora, Bluerasberry, ArthurBot, The Evil IP address, RibotBOT, Pradameinho, Bentisa, Erik9,
FrescoBot, Kitaure, HamburgerRadio, Pinethicket, Guriaz, Tool789789, Dtang2, Lotje, DARTH SIDIOUS 2, VernoWhitney, EmausBot,
John of Reading, Logical Cowboy, Timtempleton, Pastore Italy, ClueBot NG, Ptrb, Shajure, Emilyisdistinct, J23450N, AvocatoBot, Exercisephys, Mrebe1983, Mdann52, Mrt3366, Mediran, Codename Lisa, Mogism, Pharrel101, Wieldthespade, Krazy alice, OccultZone, Pat
power11, Monkbot, S166865h, Balancesheet, Greenmow and Anonymous: 105
White hat (computer security) Source: http://en.wikipedia.org/wiki/White%20hat%20(computer%20security)?oldid=662295700 Contributors: Pnm, Tango, Timwi, Joy, Jerzy, Altenmann, Pengo, Kenny sh, Gracefool, RoToRa, R. end, Quarl, Neutrality, Brianjd, JS
Nelson, Discospinster, Smyth, Goplat, AndrewM1, Aranel, Mattingly23, Sietse Snel, Bobo192, Adrian~enwiki, HasharBot~enwiki, Alansohn, Khaim, CivilianJones, M3tainfo, Sciurin, Guthrie, H2g2bob, Bsadowski1, Sfacets, Richwales, True~enwiki, Woohookitty, Mindmatrix, Qwertyus, Jclemens, Reisio, Rjwilmsi, Tizio, Wiarthurhu, WhiteBoy, JYOuyang, RexNL, Quuxplusone, Chobot, YurikBot, Borgx,
Kerowren, Hydrargyrum, Stephenb, Wimt, Korny O'Near, Awyllie, Rwalker, Intershark, Zzuuzz, Rsriprac, 404notfound, CWenger, That
Guy, From That Show!, SmackBot, Estoy Aqu, Rtc, Primetime, KVDP, Mauls, Yamaguchi , Gilliam, Ohnoitsjamie, Oscarthecat,
187
Thumperward, Rediahs, A. B., BlackbeardSCBC, Pegua, Thejut, Pax85, Djm101, Zchenyu, Kuru, Robosh, Neokamek, Stratadrake, Gijake, Beetstra, Hu12, Iambagels, Colonel Warden, NativeForeigner, Beno1000, Kingoomieiii, JohnCD, DaveK@BTC, Neelix, Phatom87,
The Librarian at Terminus, Sp!ke, Gogo Dodo, Chasingsol, Omicronpersei8, Epbr123, JNighthawk, Headbomb, Marek69, Tsschwartz,
Seaphoto, Froglegs114, Harryzilber, MER-C, Skomorokh, Fetchcomms, GoodDamon, Y2kcrazyjoker4, Mjhmach5, JamesBWatson, Arctic, Testla, Web-Crawling Stickler, JonWinge, Thompson.matthew, Lunakeet, FisherQueen, MartinBot, Xumbra, RockMFR, J.delanoy,
Ncmvocalist, AntiSpamBot, NewEnglandYankee, Cometstyles, Dkovalak, Bonadea, Jarry1250, Elephant101, Dog777, VolkovBot, AlnoktaBOT, Philip Trueman, TXiKiBoT, Securitytester, Martin451, BotKung, Doug, Falcon8765, Unused0030, Monty845, A pop machine,
Mmairs, Whitehatnetizen, Neil Smithline, Ml-crest, Sephiroth storm, Rahk EX, KathrynLybarger, OKBot, Diego Grez, ClueBot, Badger Drink, Ddonzal, Pitt the elder, Marktompsett, Excirial, Cronus111, Rhododendrites, Andrew81446, Elizium23, Jinxpuppy, C628,
9010154g, Jasburger, GoldenPhoenix, DumZiBoT, Neuralwarp, XLinkBot, Jediknight304, Johndci, Addbot, ZXZYZXZY, CL, Proxima
Centauri, Buddha24, Muiranec, Yobot, THEN WHO WAS PHONE?, Tree-hugger-for-mccain, South Bay, Tom87020, Materialscientist,
Wodawik, Naga.naga2009, Obersachsebot, Xqbot, CXCV, Peterdx, Pradameinho, Bellerophon, Architectchamp, Moby-Dick3000, Extralars, Romangralewicz, DivineAlpha, Terence88, Pinethicket, Skyerise, Jandalhandler, Napsss, Krilykki, Lotje, Aoidh, Jerd10, No One
of Consequence, RjwilmsiBot, Alexandru47, Beyond My Ken, EmausBot, WikitanvirBot, Hirsutism, Dewritech, Arfharwinder, Ida Shaw,
F, Josephkristianblack, Kilopi, Tolly4bolly, Donner60, Nayak.rakesh70, ClueBot NG, Unscintillating, WhitehatGuru, Tws6-NJITWILL,
ScottSteiner, Mohsinmahfooz, Joshuajohnson555, Emasterashu, HMSSolent, Xcyss, DanyXyz, BattyBot, Smbcxkcd, Darylgolden, Frosty,
Aroratrishneet, Pkcoolpk, Malerooster, Dr Dinosaur IV, Mongo Feels Better, Babitaarora, Jemeares, Ginsuloft, Saniya2090, Akshay0000,
HelenaKitty, Pushpinder Joshi, Behroznathwani, FourViolas, Shesgirlfriday, Hoaxing, Prashanth 744, Jugad.ab, Rohi4417 and Anonymous:
261
Hacker (programmer subculture) Source: http://en.wikipedia.org/wiki/Hacker%20(programmer%20subculture)?oldid=662486288
Contributors: The Anome, Aldie, Phil Bordelon, ChangChienFu, Edward, Liftarn, Gabbe, Zanimum, TakuyaMurata, Dori, AquaRichy,
Stan Shebs, Stevenj, Pratyeka, Ylbissop, Dysprosia, Altenmann, Lowellian, Chris Roy, Pengo, Martinwguy, Eric S. Raymond, Kolab,
Ich, Ds13, Mboverload, AlistairMcMillan, Elmindreda, Vanished user wdjklasdjskla, Neilc, Utcursch, Piotrus, Billposer, Gscshoyru,
Trek011~enwiki, Rich Farmbrough, Triskaideka, Gronky, Bender235, Nabla, El C, Pikesta, Army1987, Ypacara, ~enwiki, Blotwell,
Pearle, Diego Moya, Sl, Bart133, Paul1337, Astralnaut, H2g2bob, Versageek, Ringbang, Markaci, Mindmatrix, Daira Hopwood, WadeSimMiser, The Wordsmith, Exxolon, Marudubshinki, Mycro, Windchaser, Quuxplusone, Jamessnell, Ahpook, WriterHound, Elfguy, Piet
Delport, Kerowren, Proidiot, Abb3w, Froth, Janizary, Karora, SmackBot, Rtc, 6Akira7, Sciintel, Renesis, Edgar181, Unforgettableid,
Gilliam, Thumperward, Audriusa, Frap, Dee man 45, Pete Fenelon, Dmitrios, Cybercobra, N Shar, AmiDaniel, Dwpaul, Al1encas1no,
Colonel Warden, Twas Now, Tawkerbot2, Kingoomieiii, JForget, Paulmlieberman, ShelfSkewed, Lentower, Neelix, JustAGal, AntiVandalBot, Joachim Michaelis, Dylan Lake, Vendettax, Utopiantheorist, Tedickey, Thireus, Scenestar, STBot, R'n'B, VirtualDelight, J.delanoy,
Falljorda, Cometstyles, Jevansen, Funandtrvl, Je G., Rocka89, Comrade Graham, Getonyourfeet, Falcon8765, Scarian, Phe-bot, Topher385, DancingPhilosopher, Svick, Torchwoodwho, Martarius, ClueBot, The Thing That Should Not Be, TableManners, Ndenison, Bob
bobato, Trivialist, Excirial, OpinionPerson, Rhododendrites, Andrew81446, Subash.chandran007, Anonymasity, Bearsona, XLinkBot,
David Delony, Dsimic, Addbot, Jojhutton, Grandscribe, Fluernutter, TSWcontentlady, MrOllie, Glane23, Roux, AgadaUrbanit, Lightbot, OlEnglish, Jarble, Yobot, Eric-Wester, AnomieBOT, Rjanag, Aditya, Darolew, Materialscientist, MaxWinsForever, Karlzt, 2ndAccount, Joaquin008, A. di M., FrescoBot, W3bW4rL0cK, Citation bot 1, Pinethicket, Jonesey95, Eagles247, Skyerise, Robvanvee, Detoxicated, Aoidh, Jerd10, Lynkynpark86, Scil100, Grrow, Dewritech, Wikipelli, Younghackerx, QEDK, Cosman246, Coasterlover1994,
Palosirkka, Bk314159, Pun, Ego White Tray, Tijfo098, ClueBot NG, Peter James, Gilderien, Decepticon1, Magister Scienta, Reifytech, Nick7244, BG19bot, Arbsn, Eugn Jung, MusikAnimal, Valentine Wyggin, Bhanusharma027, Harban.mital, Hasimas, Avantiext,
ChrisGualtieri, Billyshiverstick, Shikhil sharma(ethical hacker), Hnurgds, BreakfastJr, Jennpliu, NickDragonRyder, Blosoya, TheBigBadHACKAH, Usman ki rani, Lakun.patra, Rotaryphone111, Orhanbajrami, PShermz, S166865h, OMPIRE, Aerial1030, Crystallizedcarbon,
Anonymous6767, TheGamingMun and Anonymous: 176
Hacker ethic Source: http://en.wikipedia.org/wiki/Hacker%20ethic?oldid=660465151 Contributors: The Anome, Vovkav~enwiki,
Michael Hardy, Pnm, Dori, (, Darkwind, Dpbsmith, Jeq, Pengo, DocWatson42, Long John Silver~enwiki, Ashmodai, Rich Farmbrough, Harriv, Gronky, Bobo192, Army1987, Adrian~enwiki, H0mee, Batmanand, Keziah, Danaman5, H2g2bob, Markaci, True~enwiki,
Mindmatrix, Marudubshinki, Cuvtixo, Aputtu, Mycro, WhyBeNormal, Bjwebb, YurikBot, NTBot~enwiki, Gaius Cornelius, Trisapeace,
Nlu, Ted@SysAdminDay.com, Victor falk, Karora, SmackBot, Rtc, InverseHypercube, Gilliam, Chris the speller, Thumperward, Oli
Filth, Audriusa, Frap, Xillion, Vanished user 9i39j3, Unclaimed avatar, Noah Salzman, Doczilla, Wwagner, Spinnick597, Colonel Warden, Johnthescavenger, Beno1000, Markg123, JohnCD, Tomchance, Shandris, Neelix, Victornrm, Jcmtan, XP105, Sirmylesnagopaleentheda, Omicronpersei8, Thijs!bot, Carolmooredc, Pixelface, Leuko, Lsi, SteveSims, Magioladitis, Gwern, ArcAngel, Jdfulmer, GreenRunner0, Eliz81, Rich Janis, AllGloryToTheHypnotoad, Aphilo, Andy Dingley, Tomaxer, Fischer.sebastian, Indexum, Hmwith, Scarbrow,
Mikemoral, Mikazo, Sethop, Denisarona, Floorwalker, Mr. Granger, Noctivigant wow, AlexConnell, Tangmas214, John723, Qianruomas214, Rhododendrites, Nguyenmas214, SjaichudinMAS214, Hilton214, Dmyersturnbull, Lombana, Kakofonous, Error 128, BlackDeath3, RyanCross, Linuxguymarshall, JWCurtis2003, TSWcontentlady, AnnaFrance, MisterB777, Lightbot, Jarble, Legobot, Yobot,
AnomieBOT, Lphung32, Paterson229, Parker229, Xqbot, Hamiltonmas229, Ahernmas214, Cloutmas229, Rawhunger, Pradameinho,
Sophus Bie, Harkatline, D'ohBot, Mhollo, Citation bot 1, Pinethicket, Kiefer.Wolfowitz, Zeptozoid, Ingrid Krunge, Wakelamp, Daulfn,
Ripchip Bot, MithrandirAgain, Ego White Tray, Will Beback Auto, ClueBot NG, Reify-tech, Helpful Pixie Bot, Sbark26, Whitehatpeople,
HelioSeven, Ugncreative Usergname, Mottengott, Avantiext, CheezRulez, Webclient101, Hnurgds, Eugpop2014, OMPIRE, Bcbethevans
and Anonymous: 84
33.9.2
Images
File:2010-T10-ArchitectureDiagram.png
Source:
2010-T10-ArchitectureDiagram.png License:
CC BY-SA
2010-T10-ArchitectureDiagram.png Original artist: Neil Smithline
3.0
http://upload.wikimedia.org/wikipedia/commons/8/86/
Contributors:
http://www.owasp.org/index.php/File:
188
File:Ambox_important.svg Source: http://upload.wikimedia.org/wikipedia/commons/b/b4/Ambox_important.svg License: Public domain Contributors: Own work, based o of Image:Ambox scales.svg Original artist: Dsmurat (talk contribs)
File:Ambox_rewrite.svg Source: http://upload.wikimedia.org/wikipedia/commons/1/1c/Ambox_rewrite.svg License: Public domain
Contributors: self-made in Inkscape Original artist: penubag
File:Bending.jpg Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Bending.jpg License: CC BY-SA 2.5 Contributors: Own
work - Original artist: Holotone / Holotone at en.wikipedia
File:Botnet.svg Source: http://upload.wikimedia.org/wikipedia/commons/c/c6/Botnet.svg License: CC BY-SA 3.0 Contributors: Own
work Original artist: Tom-b
File:CPU_ring_scheme.svg Source: http://upload.wikimedia.org/wikipedia/commons/2/25/CPU_ring_scheme.svg License: CC-BYSA-3.0 Contributors: This vector image was created with Inkscape. Original artist: User:Sven, original Author User:Cljk
File:ClamAV0.95.2.png Source: http://upload.wikimedia.org/wikipedia/commons/2/2f/ClamAV0.95.2.png License: GPL Contributors:
my PC running Ubuntu 9.04 Original artist: SourceFire
File:ClamTK3.08.jpg Source: http://upload.wikimedia.org/wikipedia/commons/2/26/ClamTK3.08.jpg License: GPL Contributors: Own
work (own screenshot) Original artist: Dave Mauroni
File:Commons-logo.svg Source: http://upload.wikimedia.org/wikipedia/en/4/4a/Commons-logo.svg License: ? Contributors: ? Original
artist: ?
File:Conficker.svg Source: http://upload.wikimedia.org/wikipedia/commons/5/53/Conficker.svg License: CC BY-SA 3.0 Contributors:
Own work Original artist: Gppande
File:Crystal_Clear_device_cdrom_unmount.png Source:
http://upload.wikimedia.org/wikipedia/commons/1/10/Crystal_Clear_
device_cdrom_unmount.png License: LGPL Contributors: All Crystal Clear icons were posted by the author as LGPL on kde-look;
Original artist: Everaldo Coelho and YellowIcon;
File:DC13_Badge.jpg Source: http://upload.wikimedia.org/wikipedia/commons/8/84/DC13_Badge.jpg License: Public domain Contributors: enwiki (http://en.wikipedia.org/wiki/Image:DC13_Badge.jpg) Took image in bedroom. Origional can be found at the following:
http://google.gotdns.com/modules.php?name=coppermine&file=displayimage&album=96&cat=0&pos=12". (en:Prosavage2600) Original artist: en:Prosavage2600
File:DEF_CON_17_CTF_competition.jpg Source:
http://upload.wikimedia.org/wikipedia/commons/4/47/DEF_CON_17_CTF_
competition.jpg License: CC BY 2.0 Contributors: Flickr Original artist: Nate Grigg
File:Disambig_gray.svg Source: http://upload.wikimedia.org/wikipedia/en/5/5f/Disambig_gray.svg License: Cc-by-sa-3.0 Contributors:
? Original artist: ?
File:Edit-clear.svg Source: http://upload.wikimedia.org/wikipedia/en/f/f2/Edit-clear.svg License: Public domain Contributors: The
Tango! Desktop Project. Original artist:
The people from the Tango! project. And according to the meta-data in the le, specically: Andreas Nilsson, and Jakub Steiner (although
minimally).
File:Encryption_-_decryption.svg Source: http://upload.wikimedia.org/wikipedia/commons/b/bf/Encryption_-_decryption.svg License: CC-BY-SA-3.0 Contributors: based on png version originally uploaded to the English-language Wikipedia by mike40033, and
moved to the Commons by MichaelDiederich. Original artist: odder
File:Firewall.png Source: http://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png License: CC BY-SA 3.0 Contributors:
Feito por mim Original artist: Bruno Pedrozo
File:Firewall_bw.png Source: http://upload.wikimedia.org/wikipedia/commons/1/10/Firewall_bw.png License: GPL Contributors: http:
//www.opendesktop.org/content/show.php?content=72618 Original artist: DBGthekafu
File:Flag_of_Las_Vegas,_Nevada.svg Source:
http://upload.wikimedia.org/wikipedia/commons/e/ed/Flag_of_Las_Vegas%2C_
Nevada.svg License: Public domain Contributors: Own work Original artist: Dyfsunctional
File:Folder_Hexagonal_Icon.svg Source: http://upload.wikimedia.org/wikipedia/en/4/48/Folder_Hexagonal_Icon.svg License: Cc-bysa-3.0 Contributors: ? Original artist: ?
File:Free_Software_Portal_Logo.svg Source:
http://upload.wikimedia.org/wikipedia/commons/3/31/Free_and_open-source_
software_logo_%282009%29.svg License: Public domain Contributors: FOSS Logo.svg Original artist: Free Software Portal Logo.svg
(FOSS Logo.svg): ViperSnake151
File:Glider.svg Source: http://upload.wikimedia.org/wikipedia/commons/4/45/Glider.svg License: Public domain Contributors: Hacker
Emblem Original artist: Eric S. Raymond
File:Gnome-mime-sound-openclipart.svg
Source:
http://upload.wikimedia.org/wikipedia/commons/8/87/
Gnome-mime-sound-openclipart.svg License: Public domain Contributors: Own work. Based on File:Gnome-mime-audio-openclipart.
svg, which is public domain. Original artist: User:Eubulides
File:Gufw_10.04.4.png Source: http://upload.wikimedia.org/wikipedia/commons/b/ba/Gufw_10.04.4.png License: GPL Contributors:
http://gufw.tuxfamily.org Original artist: ?
File:Internet_map_1024.jpg Source: http://upload.wikimedia.org/wikipedia/commons/d/d2/Internet_map_1024.jpg License: CC BY
2.5 Contributors: Originally from the English Wikipedia; description page is/was here. Original artist: The Opte Project
File:Internet_map_1024_-_transparent.png Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Internet_map_1024_-_
transparent.png License: CC BY 2.5 Contributors: Originally from the English Wikipedia; description page is/was here. Original artist:
The Opte Project
File:Keylogger-hardware-PS2-example-connected.jpg
Keylogger-hardware-PS2-example-connected.jpg License:
59-430-large.jpg Original artist: http://www.weboctopus.nl
Source:
GFDL
http://upload.wikimedia.org/wikipedia/commons/d/dc/
Contributors:
http://www.weboctopus.nl/webshop/img/p/
189
33.9.3
Content license