The White Book

Contents
Antivirus software
1.1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.1
1949-1980 period (pre-antivirus days) . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.2
1980-1990 period (early days) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.3
1990-2000 period (emergence of the antivirus industry) . . . . . . . . . . . . . . . . . . .
1.1.4
2000-2005 period
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.5
2005 to present . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2
1.3
History
Identication methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.1
Signature-based detection
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2
Heuristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.3
Rootkit detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.4
Real-time protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issues of concern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.1
Unexpected renewal costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.2
Rogue security applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.3
Problems caused by false positives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.4
System and interoperability related issues . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.5
Eectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.6
New viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.7
Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.8
Damaged les . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.9
Firmware issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4
Performance and other drawbacks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5
Alternative solutions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.1
Hardware and network Firewall
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.2
Cloud antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.3
Online scanning
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.4
Specialist tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.6
Usage and risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.7
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.8
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.9
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
ii
CONTENTS
1.10 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
Application security
13
2.1
Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
2.2
Threats, Attacks, Vulnerabilities, and Countermeasures
. . . . . . . . . . . . . . . . . . . . . . .
13
2.3
Application Threats / Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
2.4
Mobile application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
2.5
Security testing for applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
2.6
Security certications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
2.7
Security standards and regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
2.8
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
2.9
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
2.10 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
Backdoor (computing)
17
3.1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
3.1.1
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
3.1.2
Object code backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
3.1.3
Asymmetric backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
Compiler backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
3.2.1
Occurrences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
3.2.2
Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
3.3
List of known backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
3.4
References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
3.5
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
3.2
Black hat
21
4.1
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
4.2
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
Black Hat Briengs
22
5.1
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.2
The conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.3
Conferences topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.4
New conference goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.5
Antics and disclosures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
5.6
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
5.7
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
5.8
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
Botnet
24
6.1
Types of botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.1.1
24
Legal botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS
6.1.2
iii
Illegal botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.2
Recruitment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.3
Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
6.4
Formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
6.5
Types of attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
6.6
Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.7
Historical list of botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.8
Trivia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.9
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
6.10 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
27
6.11 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28
Computer crime
29
7.1
Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
7.1.1
Fraud and nancial crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
7.1.2
Cyberterrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
7.1.3
Cyberextortion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.4
Cyberwarfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.5
Computer as a target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.1.6
Computer as a tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
7.2
Documented cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
32
7.3
Combating computer crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.1
Diusion of Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.2
Investigation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.3
Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.3.4
Penalties
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.4
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
7.5
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34
7.6
Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
7.7
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36
7.7.1
36
Government resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Computer security
37
8.1
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
8.1.1
Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
8.1.2
Denial-of-service attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.3
Direct-access attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.4
Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.5
Spoong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.6
Tampering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.7
Repudiation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
8.1.8
Information disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
iv
CONTENTS
8.1.9
8.2
8.3
8.4
Privilege escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.1.10 Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.1.11 Social engineering and trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.1.12 Indirect attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.1.13 Computer crime
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.1
Financial systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.2
Utilities and industrial equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.3
Aviation
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
8.2.4
Consumer devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.5
Large corporations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.6
Automobiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.2.7
Government . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
Financial cost of security breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
8.3.1
41
Vulnerable areas
Reasons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Computer protection (countermeasures)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
8.4.1
Security and systems design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
8.4.2
Security measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
8.4.3
Reducing vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
42
8.4.4
Security by design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.5
Security architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.6
Hardware protection mechanisms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
8.4.7
Secure operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
44
8.4.8
Secure coding
45
8.4.9
Capabilities and access control lists
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
8.4.10 Hacking back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
Notable computer security attacks and breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
8.5.1
Robert Morris and the rst computer worm . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.2
Rome Laboratory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.3
TJX loses 45.7m customer credit card details . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.4
Stuxnet attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.5
Global surveillance disclosures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.5.6
Target And Home Depot Breaches by Rescator . . . . . . . . . . . . . . . . . . . . . . . .
46
8.6
Legal issues and global regulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
46
8.7
Government . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
8.7.1
Publicprivate cooperation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
Actions and teams in the US . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
8.8.1
Cybersecurity Act of 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
8.8.2
International Cybercrime Reporting and Cooperation Act . . . . . . . . . . . . . . . . . .
47
8.8.3
Protecting Cyberspace as a National Asset Act of 2010 . . . . . . . . . . . . . . . . . . .
48
8.8.4
White House proposes cybersecurity legislation . . . . . . . . . . . . . . . . . . . . . . .
48
8.5
8.8
CONTENTS
8.8.5
White House Cybersecurity Summit . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
48
8.8.6
Government initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
48
8.8.7
Military agencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
48
8.8.8
FCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
8.8.9
Computer Emergency Readiness Team . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
International actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
8.9.1
Germany . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.2
South Korea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.3
India . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
8.9.4
Canada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
8.10 National teams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
8.10.1 Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
8.10.2 Other countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
8.11 Cybersecurity and modern warfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
8.12 The cyber security job market . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
52
8.13 Terminology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
52
8.14 Scholars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54
8.15 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54
8.16 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
8.17 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
8.18 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
58
Computer worm
59
9.1
Worms with good intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
59
9.2
Protecting against dangerous computer worms . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
9.3
Mitigation techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
9.4
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
9.5
See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
9.6
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
9.7
External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
8.9
10 Crimeware
62
10.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
10.2 Delivery vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
10.3 Concerns
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
10.3.1 United States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
10.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
63
10.5 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
63
10.6 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
63
11 Cryptovirology
11.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
64
64
vi
CONTENTS
11.2 Examples of viruses with cryptography and ransom capabilities . . . . . . . . . . . . . . . . . . .
65
11.3 Creation of cryptoviruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
11.4 Other uses of cryptography enabled malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
11.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
11.6 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
12 DEF CON
12.1 History
66
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2 Noteworthy incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.1 1999 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.2 2001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.3 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.4 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.5 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.6 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.7 2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
12.2.8 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.2.9 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.3 List of venues and dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.3.1 Upcoming venues and dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68
12.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
69
12.6 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
69
12.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
69
13 Exploit (computer security)
70
13.1 Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
13.1.1 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
13.1.2 Pivoting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
13.2 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
71
13.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
71
14 Firewall (computing)
14.1 History
72
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.1.1 First generation: packet lters
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.1.2 Second generation: stateful lters
72
73
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
73
14.1.3 Third generation: application layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
73
14.2 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
14.2.1 Network layer or packet lters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
14.2.2 Application-layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
14.2.3 Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
14.2.4 Network address translation
75
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS
vii
14.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
14.4 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
14.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
76
15 Grey hat
77
15.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
77
15.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
15.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
15.4 Related literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
15.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
16 Hacker
80
16.1 Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.2 Entertainment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3 People . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3.1 Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.3.2 Fictional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
16.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
81
16.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
81
17 Hacker (computer security)
82
17.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
17.2 Classications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
17.2.1 White hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
17.2.2 Black hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
17.2.3 Grey hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.4 Elite hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.5 Script kiddie . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.6 Neophyte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.7 Blue hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.8 Hacktivist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.9 Nation state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.2.10 Organized crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.3 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
17.3.1 Security exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84
17.3.2 Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84
17.4 Notable intruders and criminal hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
85
17.5 Notable security hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
85
17.6 Customs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
17.6.1 Hacker groups and conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
17.7 Consequences for malicious hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
17.7.1 India . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
viii
CONTENTS
17.7.2 Netherlands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
17.7.3 United States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
17.8 Hacking and the media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
17.8.1 Hacker magazines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
17.8.2 Hackers in ction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
17.8.3 Non-ction books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
17.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
88
17.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
88
17.11Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
89
17.12External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
89
18 Hacker (term)
90
18.1 Hacker denition controversy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
90
18.2 Computer security hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
91
18.3 Programmer subculture of hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92
18.4 Home computer hackers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
18.5 Overlaps and dierences
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
18.6 Filmography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
95
18.7 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
96
18.8 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
96
18.9 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
96
18.9.1 Computer security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
97
18.9.2 Free Software/Open Source
97
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19 Hacker group
98
19.1 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
98
19.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
98
19.3 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
98
20 Hacker Manifesto
99
20.1 In popular culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
99
20.2 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
99
20.3 Related . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
99
20.4 References
99
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21 Hacking tool
101
21.1 Worms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
21.2 Port Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

21.3 Hacking Linux
21.4 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
21.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

22 Keystroke logging
102
CONTENTS
ix
22.1 Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

22.1.1 Software-based keyloggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
22.1.2 Hardware-based keyloggers
22.2 History
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.3 Cracking
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.3.1 Trojan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.3.2 Use by police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

22.4 Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
22.4.1 Anti keyloggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
22.4.2 Live CD/USB
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
22.4.3 Anti-spyware / Anti-virus programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

22.4.4 Network monitors
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
22.4.5 Automatic form ller programs

22.4.6 One-time passwords (OTP)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
22.4.7 Security tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

22.4.8 On-screen keyboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
22.4.9 Keystroke interference software
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
22.4.10 Speech recognition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

22.4.11 Handwriting recognition and mouse gestures . . . . . . . . . . . . . . . . . . . . . . . . . 107
22.4.12 Macro expanders/recorders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
22.4.13 Non-technological methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
22.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

22.6 References
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
22.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

23 List of computer criminals
110
23.1 Computer criminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

23.2 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
23.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
23.4 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
24 Phreaking
113
24.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

24.1.1 Switch hook and tone dialer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
24.1.2 2600 hertz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
24.1.3 Multi frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
24.1.4 Blue boxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
24.1.5 Computer hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
24.1.6 Toll fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
24.1.7 Diverters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
24.1.8 Voice mail boxes and bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
24.1.9 Cell phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
CONTENTS
24.1.10 End of multi-frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
24.2 2600 Hz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
24.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
24.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
24.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
25 Rootkit
119
25.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

25.1.1 Sony BMG copy protection rootkit scandal . . . . . . . . . . . . . . . . . . . . . . . . . . 119
25.1.2 Greek wiretapping case 200405 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
25.2 Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
25.3 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
25.3.1 User mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
25.3.2 Kernel mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
25.3.3 Hypervisor level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
25.3.4 Firmware and hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
25.4 Installation and cloaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
25.5 Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
25.5.1 Alternative trusted medium . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
25.5.2 Behavioral-based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
25.5.3 Signature-based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
25.5.4 Dierence-based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
25.5.5 Integrity checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
25.5.6 Memory dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
25.6 Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
25.7 Public availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
25.8 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
25.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
25.10Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
25.11References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
25.12Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
25.13External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
26 Script kiddie
130
26.1 Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

26.2 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
26.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
26.4 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
26.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
27 Spyware
132
27.1 Routes of infection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
CONTENTS
xi
27.2 Eects and behaviors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

27.3 Remedies and prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
27.3.1 Anti-spyware programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
27.3.2 How anti-spyware software works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
27.3.3 Security practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
27.4 Comparison of spyware, adware, and viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
27.4.1 Spyware, adware and trackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
27.4.2 Spyware, viruses and worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
27.4.3 Stealware and aliate fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
27.4.4 Identity theft and fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
27.4.5 Digital rights management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
27.4.6 Personal relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
27.4.7 Browser cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
27.4.8 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
27.5 History and development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
27.6 Programs distributed with spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
27.6.1 Programs formerly distributed with spyware . . . . . . . . . . . . . . . . . . . . . . . . . 137
27.7 Rogue anti-spyware programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
27.8 Legal issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
27.8.1 Criminal law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
27.8.2 Administrative sanctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
27.8.3 Civil law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
27.8.4 Libel suits by spyware developers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
27.8.5 WebcamGate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
27.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
27.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
27.11External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
27.12Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
28 Timeline of computer security hacker history
28.1 1903
142
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.2 1930s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

28.2.1 1932 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.2.2 1939 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.2.3 1943 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.3 1960s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.3.1 1965 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.4 1970s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.4.1 1971 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.5 1980s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.5.1 1981 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
28.5.2 1983 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
xii
CONTENTS
28.5.3 1984 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
28.5.4 1985 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
28.5.5 1986 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.6 1987 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.7 1988 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.5.8 1989 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6 1990s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.1 1990 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.2 1992 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
28.6.3 1993 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.4 1994 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.5 1995 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.6 1996 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.7 1997 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.8 1998 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
28.6.9 1999 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7 2000s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.1 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.2 2001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.3 2002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
28.7.4 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.5 2004 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.6 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.7 2006 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.8 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
28.7.9 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.7.10 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8 2010s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.1 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.2 2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.3 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
28.8.4 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.8.5 2014 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
28.10Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
29 Trojan horse (computing)
152
29.1 Purpose and uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

29.2 Notable Trojan horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
29.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
29.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
29.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
CONTENTS
xiii
30 Vulnerability (computing)
155
30.1 Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

30.2 Vulnerability and risk factor models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
30.3 Information security management system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
30.4 Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
30.5 Causes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
30.6 Vulnerability consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
30.7 Vulnerability disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
30.7.1 Vulnerability inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
30.8 Vulnerability disclosure date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
30.9 Identifying and removing vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
30.10Examples of vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
30.10.1 Software vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
30.11See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
30.12References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
30.13External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
31 White hat (computer security)
162
31.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

31.2 Tactics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
31.3 Legality in the UK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
31.4 Employment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
31.4.1 List of prominent white hat hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
31.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
31.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
32 Hacker (programmer subculture)
164
32.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

32.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
32.3 Ethics and principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
32.4 Use outside of computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
32.5 Hack value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
32.6 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
32.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
32.8 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
32.9 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
33 Hacker ethic
168
33.1 The hacker ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

33.1.1 Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
33.1.2 Hands-On Imperative . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
33.1.3 Community and collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
xiv
CONTENTS
33.2 Levys true hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
33.3 Other descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.5 Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
33.7 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
33.8 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
33.9 Text and image sources, contributors, and licenses . . . . . . . . . . . . . . . . . . . . . . . . . . 173
33.9.1 Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
33.9.2 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
33.9.3 Content license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter 1
Antivirus software
Antivirus redirects here. For the antiviral medication, 1.1.1
see Antiviral drug.
Antivirus or anti-virus software (often abbreviated
1949-1980
days)
period
(pre-antivirus
Although the roots of the computer virus date back

as early as 1949, when the Hungarian scientist John
von Neumann published the Theory of self-reproducing
automata,[3] the rst known computer virus appeared
in 1971 and was dubbed the "Creeper virus".[4] This
computer virus infected Digital Equipment Corporation's (DEC) PDP-10 mainframe computers running the
TENEX operating system.[5][6]
The Creeper virus was eventually deleted by a program
created by Ray Tomlinson and known as The Reaper.[7]
Some people consider The Reaper the rst antivirus
software ever written - it may be the case, but it is important to note that the Reaper was actually a virus itself
specically designed to remove the Creeper virus.[7][8][9]
ClamTk, an open source antivirus based on the ClamAV antivirus
engine, originally developed by Tomasz Kojm in 2001.
The Creeper virus was followed by several other

viruses. The rst known that appeared in the wild
in 1981, which infected Apple II
as AV), sometimes known as anti-malware software, is was "Elk Cloner",
[10][11][12]
computers.
computer software used to prevent, detect and remove
malicious software.
In 1983, the term computer virus was coined by Fred
Cohen
in one of the rst ever published academic papers
Antivirus software was originally developed to detect and
on
computer
viruses.[13] Cohen used the term computer
remove computer viruses, hence the name. However,
with the proliferation of other kinds of malware, antivirus virus to describe a program that: aect other computer
a way as to include
software started to provide protection from other com- programs by modifying them in such
[14]
a
(possibly
evolved)
copy
of
itself.
(note that a more
puter threats. In particular, modern antivirus software
recent,
and
precise,
denition
of
computer
virus has been
can protect from: malicious Browser Helper Objects
Pter Szr: a
given
by
the
Hungarian
security
researcher
(BHOs), browser hijackers, ransomware, keyloggers,
code
that
recursively
replicates
a
possibly
evolved
copy of
backdoors, rootkits, trojan horses, worms, malicious
[15][16]
itself
)
[1]
LSPs, dialers, fraudtools, adware and spyware. Some
products also include protection from other computer
threats, such as infected and malicious URLs, spam, scam
and phishing attacks, online identity (privacy), online
banking attacks, social engineering techniques, Advanced
Persistent Threat (APT), botnets, DDoS attacks.[2]
The rst IBM PC-compatible in the wild computer

virus, and one of the rst real widespread infections, was
"Brain" in 1986. From then, the number of viruses has
grown exponentially.[17][18] Most of the computer viruses
written in the early and mid-1980s were limited to selfreproduction and had no specic damage routine built
into the code. That changed when more and more programmers became acquainted with computer virus pro1.1 History
gramming and created viruses that manipulated or even
See also: Timeline of notable computer viruses and destroyed data on infected computers.
worms
Before internet connectivity was widespread, computer
viruses were typically spread by infected oppy disks.
1
CHAPTER 1. ANTIVIRUS SOFTWARE
Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable les and the boot sectors
of oppy disks and hard disks. However, as internet usage
became common, viruses began to spread online.[19]
later joined FRISK Software). Also Frans Veldman released the rst version of ThunderByte Antivirus, also
known as TBAV (he sold his company to Norman Safeground in 1998). In Czech Republic, Pavel Baudi and
Eduard Kuera started avast! (at the time ALWIL Software) and released their rst version of avast! antivirus.
In June 1988, in South Korea, Dr. Ahn Cheol-Soo released its rst antivirus software, called V1 (he founded
1.1.2 1980-1990 period (early days)
AhnLab later in 1995). Finally, in the Autumn 1988, in
There are competing claims for the innovator of the rst United Kingdom, Alan Solomon founded S&S Internaantivirus product. Possibly, the rst publicly documented tional and created his Dr. Solomons Anti-Virus Toolkit
removal of an in the wild computer virus (i.e. the Vi- (although he launched it commercially only in 1991 - in
enna virus) was performed by Bernd Fix in 1987.[20][21] 1998 Dr. Solomons company was acquired by McAfee).
At the end of the year, in the USA, Ross M. Greenberg
In 1987, Andreas Lning and Kai Figge founded G Data
released his second antivirus program, called VirexPC.
Software and released their rst antivirus product for the
[22]
Atari ST platform. Later in the same year, also the Ul- Also in 1988, a mailing list named VIRUS-L[33] was
timate Virus Killer (UVK) 2000 antivirus was released.[23] started on the BITNET/EARN network where new
viruses and the possibilities of detecting and eliminating
In 1987, in USA, John McAfee founded the McAfee
viruses were discussed. Some members of this mailing
company (now part of Intel Security[24] ) and, at the end
list were: Alan Solomon, Eugene Kaspersky (Kaspersky
[25]
of that year, he released the rst version of VirusScan.
Lab), Fririk Sklason (FRISK Software), John McAfee
In the meanwhile, in Slovakia, Peter Pako and Miroslav
(McAfee), Luis Corrons (Panda Security), Mikko HypTrnka created the rst version of NOD32 antivirus (albeit
pnen (F-Secure), Pter Szr, Tjark Auerbach (Avira)
they established ESET only in 1992).
and Dr. Vesselin Bontchev (FRISK Software).[33]
In 1987, Fred Cohen wrote that there is no algoIn 1989, in Iceland, Fririk Sklason created the
rithm that can perfectly detect all possible computer
rst version of F-PROT Anti-Virus back in 1989 (he
viruses.[26]
founded FRISK Software only in 1993). In the meanThe rst antivirus signatures were simply hashes of the while, in USA, Symantec (founded by Gary Hendrix in
entire les or sequences of bytes that represented the par- 1982) launched its rst Symantec antivirus for Macintosh
ticular malware.
(SAM).[34][35] SAM 2.0, released March 1990, incorpoFinally, in the end of 1987, the rst two heuristic an- rated technology allowing users to easily update SAM to
that
tivirus utilities were released: FluShot Plus by Ross intercept and eliminate new viruses, including many
[36]
[27][28][29]
[30][31]
didn't
exist
at
the
time
of
the
programs
release.
Greenberg
and Anti4us by Erwin Lanting.
However, the kind of heuristic they were using was totally
dierent from the one used today by many antivirus products. The rst antivirus product with an heuristic engine
which resembles the ones used nowadays was F-PROT
in 1991.[32] The early heuristic engines were based on dividing the binary in dierent sections: data section, code
section (in legitimate binary it usually starts always from
the same location). Indeed the initial viruses re-organise
the layout of the sections, or override the initial portion
of section in order to jump to the very end of the le
where malicious code was located and then, later on, go
back to resume the execution of the original code. This
was a very specic pattern, not used at the time by any
legitimate software, that initially represented a very nice
heuristic to catch where something was suspicious or not.
Later, in time, other kind of more advanced heuristics
have been added, such as: suspicious sections name, incorrect header size, wildcards and regular expressions and
partial pattern in-mermory metching.
In the end of the 1980s, in United Kingdom, Jan Hruska

and Peter Lammer founded the security rm Sophos and
began producing their rst antivirus and encryption products. In the same period, in Hungary, also VirusBuster
was founded (which has recently being incorporated by
Sophos).
In 1988, the growth of antivirus companies continued. In

Germany, Tjark Auerbach founded Avira (H+BEDV at
the time) and released the rst version of AntiVir (named
Luke Filewalker at the time). In Bulgaria, Dr. Vesselin
Bontchev released his rst freeware antivirus program (he
In 1990, the Computer Antivirus Research Organization (CARO) was founded. In 1991, CARO released
the Virus Naming Scheme, originally written by Fririk
Sklason and Vesselin Bontchev.[38] Although this naming scheme is now outdated, it remains the only existing
1.1.3 1990-2000 period (emergence of the

antivirus industry)
In 1990, in Spain, Mikel Urizarbarrena founded Panda
Security (Panda Software at the time). In Hungary, the
security researcher Pter Szr released the rst version of
Pasteur antivirus. In Italy, Gianfranco Tonello created the
rst version of VirIT eXplorer antivirus (he founded TG
Soft one year later).[37] Finally, in the end of the year,
Trend Micro released its rst antivirus software, named
PC-Cillin.
1.1. HISTORY
standard that most computer security companies and researchers ever attempted to adopt. CARO members includes: Alan Solomon, Costin Raiu, Dmitry Gryaznov,
Eugene Kaspersky, Fririk Sklason, Igor Muttik, Mikko
Hyppnen, Morton Swimmer, Nick FitzGerald, Padgett
Peterson, Peter Ferrie, Righard Zwienenberg and Dr.
Vesselin Bontchev.[39][40]
In 1991, in the USA, Symantec released the rst version of Norton Anti-Virus. In the same year, in
Czechoslovakia, Jan Gritzbach and Tom Hofer founded
AVG Technologies (Grisoft at the time), although they released the rst version of their Anti-Virus Guard (AVG)
only in 1992. On the other hand, in Finland, F-Secure
(founded in 1988 by Petri Allas and Risto Siilasmaa with the name of Data Fellows) released the rst version
of their antivirus product. F-Secure claims to be the rst
antivirus rm to establish a presence on the World Wide
Web.[41]
1.1.5 2005 to present

As always-on broadband connections became the norm,
and more and more viruses were released, it became essential to update antiviruses more and more frequently.
Even then, a new zero-day or next-generation malware
could become widespread before antivirus rms released
an update to protect against it.
In 2007, AV-TEST reported a number of 5,490,960 new
unique malware samples (based on MD5) only for that
year.[45] In 2012 and 2013, antivirus rms reported a new
malware samples range from 300.000 to over 500.000 per
day.[53][54]
Slowly, in order to catch up with the malware productions,
antivirus rms have moved to more and more complex
algorithms.
Over the years it has become necessary for antivirus software to use several dierent strategies (e.g. specic email
In 1991, the European Institute for Computer An- and network protection or low level modules) and detectivirus Research (EICAR) was founded to further an- tions algorithms, as well as to check an increasing variety
tivirus research and improve development of antivirus of les, rather than just executables, for several reasons:
software.[42][43]
In 1992, in Russia, Igor Danilov released the rst version
of SpiderWeb, which later became Dr. Web.[44]
In 1994, AV-TEST reported that there were 28,613
unique malware samples (based on MD5) in their
database.[45]
Over time other companies were been founded. In 1996,
in Romania, Bitdefender was founded and released the
rst version of Anti-Virus eXpert (AVX).[46] In 1997,
in Russia, Eugene Kaspersky and Natalia Kaspersky cofounded security rm Kaspersky Lab.[47]
In 1996, there was also the rst in the wild Linux virus,
known as Staog.[48]
In 1999, AV-TEST reported that there were 98,428
unique malware samples (based on MD5) in their
database.[45]
1.1.4
2000-2005 period
Powerful macros used in word processor applications, such as Microsoft Word, presented a risk.
Virus writers could use the macros to write viruses
embedded within documents. This meant that
computers could now also be at risk from infection by opening documents with hidden attached
macros.[55]
The possibility of embedding executable objects inside otherwise non-executable le formats can make
opening those les a risk.[56]
Later email programs, in particular Microsofts
Outlook Express and Outlook, were vulnerable to
viruses embedded in the email body itself. A users
computer could be infected by just opening or previewing a message.[57]
In 2005, F-Secure was the rst security rm that developed an Anti-Rootkit technology, called BlackLight.
Given the consideration that most of the people is nowaIn 2000, Rainer Link and Howard Fuhs started the
days connected to the Internet round-the-clock, in 2008,
rst open source antivirus engine, called OpenAntivirus Jon Oberheide rst proposed a Cloud-based antivirus
[49]
Project.
design.[58]
In 2001, Tomasz Kojm released the rst version of In November 2009, Panda Security unveiled its rst
ClamAV, the rst ever open source antivirus engine to Cloud-based antivirus technology, the rst commercial
be commercialised. In 2007, ClamAV was bought by CloudAV ever released. A year after, Sophos also
Sourcere,[50] which in turn was acquired by Cisco Sys- added to its host-based antivirus product a Cloud-based
tems in 2013.[51]
one. In the following years, many other antivirus
In 2002, in United Kingdom, Morten Lund and Theis rms have added a CloudAV to their security products
Sndergaard co-founded the antivirus rm BullGuard.[52] (see Comparison of antivirus software for a complete
In 2005, AV-TEST reported that there were 333,425 overview).
unique malware samples (based on MD5) in their In 2011, AVG introduced a similar cloud service, called
Protective Cloud Technology.[59]
database.[45]
Most recently, the industry has seen approaches to the

problem of detecting and mitigating Zero-day attacks.
One method from Bromium involves micro-virtualization
to protect desktops from malicious code execution initiated by the end user. Another approach from SentinelOne
focuses on behavioral detection by building a full context
around every process execution path in real time.[60] [61]
1.2 Identication methods

One of the few solid theoretical results in the study of
computer viruses is Frederick B. Cohens 1987 demonstration that there is no algorithm that can perfectly detect
all possible viruses.[26] However, using dierent layer of
defense, a good detection rate may be achieved.
1.2.1 Signature-based detection

Traditionally, antivirus software heavily relied upon signatures to identify malware.
Substantially, when a malware arrives in the hands of an
antivirus rm, it is analysed by malware researchers or by
dynamic analysis systems. Then, once it is sure it is actually a malware, a proper signature of the le is extracted
and added to the signatures database of the antivirus software. When a particular le has to be scanned, the antivirus engine compares the content of the le with all the
malware signatures in the signatures database. If the le
matches one signature, then the engine is able to know
which malware it is and which procedure has to be performed in order to clean the infection.
Signature-based detection technique can be very eecThere are several methods which antivirus engine can use tive but, clearly, cannot defend against malware unless
to identify malware:
some of its samples have already been obtained, a proper
signatures generated and the antivirus product updated.
Signature-based detection: is the most common Signature-based detection system rely on the consideramethod. To identify viruses and other malware, the tion that, generally speaking, the more infective a malantivirus engine compares the contents of a le to its ware is the faster arrives in the hands of security redatabase of known malware signatures.
searchers. Thus, even if it does not guarantee perfection,
it guarantees the protection from the most widespread
Heuristic-based detection: is generally used to- threats. However, this approach is not really eective
gether with signature-based detection. It detects against zero-day or next-generation malware, i.e. malmalware based on characteristics typically used in ware that has not been yet encountered/analysed.
known malware code.
As new malware are being created each day, the
Behavioural-based detection:
is similar to signature-based detection approach requires frequent upheuristic-based detection and used also in Intrusion dates of the signatures database. To assist the antivirus
Detection System. The main dierence is that, rms, the software may automatically upload new malinstead of characteristics hardcoded in the malware ware to the company or allow the user to manually do
code itself, it is based on the behavioural ngerprint it, allowing the antivirus rms to dramatically shorten
of the malware at run-time. Clearly, this technique the life of those threats. Some antivirus products inis able to detect (known or unknown) malware cludes also advanced software to spot zero-day or nextonly after they have starting doing their malicious generation malware.
actions.
Although the signature-based approach can eectively

contain malware outbreaks, malware authors have tried
to stay a step ahead of such software by writing
"oligomorphic", "polymorphic" and, more recently,
"metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of
disguise, so as to not match virus signatures in the
dictionary.[78]
Sandbox detection: is a particular behaviouralbased detection technique that, instead of detecting

the behavioural ngerprint at run time, it executes
the programs in a virtual environment, logging what
actions the program performs. Depending on the actions logged, the antivirus engine can determine if
the program is malicious or not.[62] If not, then, the
program is executed in the real environment. Albeit this technique has shown to be quite eective,
1.2.2 Heuristics
given its heaviness and slowness, it is rarely used in
[63]
end-user antivirus solutions.
Some more sophisticated antivirus software uses heuristic
Data mining techniques: are one of the lat- analysis to identify new malware or variants of known
est approach applied in malware detection. Data malware.
mining and machine learning algorithms are used
to try to classify the behaviour of a le (as
either malicious or benign) given a series of
le features, that are extracted from the le
itself.[64][65][66][67][68][69][70][71][72][73][74][75][76][77]
Many viruses start as a single infection and through either mutation or renements by other attackers, can grow
into dozens of slightly dierent strains, called variants.
Generic detection refers to the detection and removal of
multiple threats using a single virus denition.[79]
1.3. ISSUES OF CONCERN

For example, the Vundo trojan has several family members, depending on the antivirus vendors classication. Symantec classies members of the Vundo family into two distinct categories, Trojan.Vundo and Trojan.Vundo.B.[80][81]
While it may be advantageous to identify a specic virus,
it can be quicker to detect a virus family through a generic
signature or through an inexact match to an existing signature. Virus researchers nd common areas that all viruses
in a family share uniquely and can thus create a single
generic signature. These signatures often contain noncontiguous code, using wildcard characters where dierences lie. These wildcards allow the scanner to detect
viruses even if they are padded with extra, meaningless
code.[82] A detection that uses this method is said to be
heuristic detection.
1.2.3
Rootkit detection
Main article: Rootkit

Anti-virus software can attempt to scan for rootkits;
a rootkit is a type of malware that is designed to
gain administrative-level control over a computer system without being detected. Rootkits can change how
the operating system functions and in some cases can
tamper with the anti-virus program and render it ineffective. Rootkits are also dicult to remove, in some
cases requiring a complete re-installation of the operating system.[83]
1.2.4
Real-time protection
Real-time protection, on-access scanning, background

guard, resident shield, autoprotect, and other synonyms
refer to the automatic protection provided by most antivirus, anti-spyware, and other anti-malware programs.
This monitors computer systems for suspicious activity
such as computer viruses, spyware, adware, and other malicious objects in 'real-time', in other words while data
loaded into the computers active memory: when inserting a CD, opening an email, or browsing the web, or when
a le already on the computer is opened or executed.[84]
1.3 Issues of concern

1.3.1
Unexpected renewal costs
Some commercial antivirus software end-user license

agreements include a clause that the subscription will be
automatically renewed, and the purchasers credit card
automatically billed, at the renewal time without explicit
approval. For example, McAfee requires users to unsubscribe at least 60 days before the expiration of the
5
present subscription[85] while BitDefender sends notications to unsubscribe 30 days before the renewal.[86]
Norton AntiVirus also renews subscriptions automatically by default.[87]
1.3.2 Rogue security applications

Main article: Rogue security software
Some apparent antivirus programs are actually malware
masquerading as legitimate software, such as WinFixer,
MS Antivirus, and Mac Defender.[88]
1.3.3 Problems caused by false positives

A false positive or false alarm is when antivirus software identies a non-malicious le as malware. When
this happens, it can cause serious problems. For example, if an antivirus program is congured to immediately delete or quarantine infected les, as is common on
Microsoft Windows antivirus applications, a false positive in an essential le can render the Windows operating
system or some applications unusable.[89] Recovering
from such damage to critical software infrastructure incurs technical support costs and businesses can be forced
to close whilst remedial action is undertaken.[90][91] For
example, in May 2007 a faulty virus signature issued by
Symantec mistakenly removed essential operating system
les, leaving thousands of PCs unable to boot.[92]
Also in May 2007, the executable le required by Pegasus
Mail on Windows was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. Norton
AntiVirus had falsely identied three releases of Pegasus Mail as malware, and would delete the Pegasus Mail
installer le when that happened.[93] In response to this
Pegasus Mail stated:
In April 2010, McAfee VirusScan detected svchost.exe,
a normal Windows binary, as a virus on machines running
Windows XP with Service Pack 3, causing a reboot loop
and loss of all network access.[94][95]
In December 2010, a faulty update on the AVG anti-virus
suite damaged 64-bit versions of Windows 7, rendering it
unable to boot, due to an endless boot loop created.[96]
In October 2011, Microsoft Security Essentials (MSE)
removed the Google Chrome web browser, rival to Microsofts own Internet Explorer. MSE agged Chrome as
a Zbot banking trojan.[97]
In September 2012, Sophos' anti-virus suite identied
various update-mechanisms, including its own, as malware. If it was congured to automatically delete detected les, Sophos Antivirus could render itself unable to update, required manual intervention to x the
problem.[98][99]
1.3.4
System and interoperability related nanced by criminal organizations.[112]

issues
In 2008, Eva Chen, CEO of Trend Micro, stated that the
Running (the real-time protection of) multiple antivirus

programs concurrently can degrade performance and
create conicts.[100] However, using a concept called
multiscanning, several companies (including G Data[101]
and Microsoft[102] ) have created applications which can
run multiple engines concurrently.
anti-virus industry has over-hyped how eective its products are and so has been misleading customers for
years.[113]
Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection.
The best ones provided as high as 99.9% detection for
simulated real-world situations, while the lowest provided
It is sometimes necessary to temporarily disable virus 91.1% in tests conducted in August 2013. Many virus
protection when installing major updates such as Win- scanners produce false positive results as well, identifydows Service Packs or updating graphics card drivers.[103] ing benign les as malware.[114]
Active antivirus protection may partially or completely
prevent the installation of a major update. Anti-virus Although methodologies may dier, some notable
software can cause problems during the installation of independent quality testing agencies include AVan operating system upgrade, e.g. when upgrading to a Comparatives, ICSA Labs, West Coast Labs, Virus
of the Antinewer version of Windows in place without eras- Bulletin, AV-TEST and other members[115][116]
ing the previous version of Windows. Microsoft recom- Malware Testing Standards Organization.
mends that anti-virus software be disabled to avoid conicts with the upgrade installation process.[104][105][106]
The functionality of a few computer programs can be
hampered by active anti-virus software. For example
TrueCrypt, a disk encryption program, states on its troubleshooting page that anti-virus programs can conict
with TrueCrypt and cause it to malfunction or operate
very slowly.[107] Anti-virus software can impair the performance and stability of games running in the Steam
platform.[108]
Support issues also exist around antivirus application interoperability with common solutions like SSL VPN remote access and network access control products.[109]
These technology solutions often have policy assessment
applications which require that an up to date antivirus is
installed and running. If the antivirus application is not
recognized by the policy assessment, whether because the
antivirus application has been updated or because it is not
part of the policy assessment library, the user will be unable to connect.
1.3.5
Eectiveness
Studies in December 2007 showed that the eectiveness of antivirus software had decreased in the previous
year, particularly against unknown or zero day attacks.
The computer magazine c't found that detection rates for
these threats had dropped from 40-50% in 2006 to 2030% in 2007. At that time, the only exception was the
NOD32 antivirus, which managed a detection rate of 68
percent.[110] According to the ZeuS tracker website the
average detection rate for all variants of the well-known
ZeuS trojan is as low as 40%.[111]
The problem is magnied by the changing intent of virus
authors. Some years ago it was obvious when a virus
infection was present. The viruses of the day, written
by amateurs, exhibited destructive behavior or pop-ups.
Modern viruses are often written by professionals, -
1.3.6 New viruses

Anti-virus programs are not always eective against new
viruses, even those that use non-signature-based methods
that should detect new viruses. The reason for this is that
the virus designers test their new viruses on the major
anti-virus applications to make sure that they are not detected before releasing them into the wild.[117]
Some new viruses, particularly ransomware, use
polymorphic code to avoid detection by virus scanners.
Jerome Segura, a security analyst with ParetoLogic,
explained:[118]
A proof of concept virus has used the Graphics Processing Unit (GPU) to avoid detection from anti-virus
software. The potential success of this involves bypassing the CPU in order to make it much harder for security researchers to analyse the inner workings of such
malware.[119]
1.3.7 Rootkits
Detecting rootkits is a major challenge for anti-virus programs. Rootkits have full administrative access to the
computer and are invisible to users and hidden from the
list of running processes in the task manager. Rootkits can modify the inner workings of the operating system[120] and tamper with antivirus programs.
1.3.8 Damaged les

Files which have been damaged by computer viruses, e.g.
by ransomware, may be damaged beyond recovery. Antivirus software removes the virus code from the le during disinfection, but this does not always restore the le
to its undamaged state. In such circumstances, damaged
les can only be restored from existing backups or shadow
1.5. ALTERNATIVE SOLUTIONS
copies;[121] installed software that is damaged requires reinstallation[122] (however, see System File Checker).
1.3.9
Firmware issues
Active anti-virus software can interfere with a rmware

update process.[123] Any writeable rmware in the computer can be infected by malicious code.[124] This is a major concern, as an infected BIOS could require the actual BIOS chip to be replaced to ensure the malicious
code is completely removed.[125] Anti-virus software is
not eective at protecting rmware and the motherboard
BIOS from infection.[126] In 2014, security researchers
discovered that USB devices contain writeable rmware
which can be modied with malicious code (dubbed
"BadUSB"), which anti-virus software cannot detect or
prevent. The malicious code can run undetected on the
computer and could even infect the operating system prior
to it booting up.[127][128]
The command-line virus scanner of Clam AV 0.95.2, an open

source antivirus originally developed by Tomasz Kojm in 2001.
Here running a virus signature denition update, scanning a le
and identifying a Trojan.
antivirus systems and make no attempt to identify or remove anything. They may protect against infection from
outside the protected computer or network, and limit
1.4 Performance and other draw- the activity of any malicious software which is present
by blocking incoming or outgoing requests on certain
backs
TCP/IP ports. A rewall is designed to deal with broader
system threats that come from network connections into
Antivirus software has some drawbacks, rst of which the system and is not an alternative to a virus protection
that it can impact a computers performance.[129]
system.
Furthermore, inexperienced users can be lulled into a
false sense of security when using the computer, considering themselves to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect deci- 1.5.2 Cloud antivirus
sion may lead to a security breach. If the antivirus software employs heuristic detection, it must be ne-tuned to Cloud antivirus is a technology that uses lightweight
minimize misidentifying harmless software as malicious agent software on the protected computer, while of(false positive).[130]
oading the majority of data analysis to the providers
[132]
Antivirus software itself usually runs at the highly trusted infrastructure.
kernel level of the operating system to allow it access to One approach to implementing cloud antivirus involves
all the potential malicious process and les, creating a po- scanning suspicious les using multiple antivirus engines.
tential avenue of attack.[131]
This approach was proposed by an early implementation
of the cloud antivirus concept called CloudAV. CloudAV
was designed to send programs or documents to a network
cloud where multiple antivirus and behavioral detection
1.5 Alternative solutions
programs are used simultaneously in order to improve detection rates. Parallel scanning of les using potentially
Installed antivirus solutions, running on an individual
incompatible antivirus scanners is achieved by spawncomputers, although the most used, is only one method
ing a virtual machine per detection engine and therefore
of guarding against malware. Other alternative solutions
eliminating any possible issues. CloudAV can also perare also used, including: Unied Threat Management
form retrospective detection, whereby the cloud detec(UTM), hardware and network rewalls, Cloud-based antion engine rescans all les in its le access history when a
tivirus and on-line scanners.
new threat is identied thus improving new threat detection speed. Finally, CloudAV is a solution for eective
virus scanning on devices that lack the computing power
1.5.1 Hardware and network Firewall
to perform the scans themselves.[133]
Network rewalls prevent unknown programs and pro- Some examples of cloud anti-virus products are Panda
cesses from accessing the system. However, they are not Cloud Antivirus and Immunet.
1.5.3
Online scanning
Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical
areas only, local disks, folders or les. Periodic online
scanning is a good idea for those that run antivirus applications on their computers because those applications are
frequently slow to catch threats. One of the rst things
that malicious software does in an attack is disable any
existing antivirus software and sometimes the only way
to know of an attack is by turning to an online resource
that is not installed on the infected computer.[134]
1.5.4
Specialist tools
to medium-sized business did not use antivirus protection at that time, whereas more than 80% of home users
had some kind of antivirus installed.[142] According to
a sociological survey conducted by G Data Software in
2010 49% of women did not use any antivirus program
at all.[143]
1.7 See also

Anti-virus and anti-malware software
CARO, the Computer Antivirus Research Organization
Comparison of antivirus software
EICAR, the European Institute for Computer Antivirus Research
Firewall software
Internet Security
Linux malware
Comparison of computer viruses
List of trojan horses
Quarantine technology
The command-line rkhunter scanner, an engine to scan for Linux

rootkits. Here running the tool on Ubuntu.
Sandbox (computer security)
Virus removal tools are available to help remove stubborn

infections or certain types of infection. Examples include
Trend Micro's Rootkit Buster,[135] and rkhunter for the
detection of rootkits, Avira's AntiVir Removal Tool,[136]
PCTools Threat Removal Tool,[137] and AVG's Anti-Virus
Free 2011.[138]
Virus hoax
A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus software outside of the installed operating system, in order to remove infections while they are dormant. A bootable
antivirus disk can be useful when, for example, the installed operating system is no longer bootable or has
malware that is resisting all attempts to be removed by
the installed antivirus software. Examples of some of
these bootable disks include the Avira AntiVir Rescue System,[136] PCTools Alternate Operating System Scanner,[139]
and AVG Rescue CD.[140] The AVG Rescue CD software
can also be installed onto a USB storage device, that is
bootable on newer computers.[140]
1.6 Usage and risks

According to an FBI survey, major businesses lose $12
million annually dealing with virus incidents.[141] A survey by Symantec in 2009 found that a third of small
Timeline of notable computer viruses and worms
1.8 References
[1] lifehacker: The Dierence Between Antivirus and AntiMalware (and Which to Use)
[2] What is antivirus software?". Microsoft.
[3] John von Neumann: Theory of self-reproducing automata (1949)
[4] Thomas Chen, Jean-Marc Robert (2004). The Evolution
of Viruses and Worms. Retrieved 2009-02-16.
[5] From the rst email to the rst YouTube video: a denitive
internet history. Tom Meltzer and Sarah Phillips. The
Guardian. 23 October 2009
[6] IEEE Annals of the History of Computing, Volumes 2728. IEEE Computer Society, 2005. 74. Retrieved from
Google Books on 13 May 2011. "[...]from one machine to
another led to experimentation with the Creeper program,
which became the worlds rst computer worm: a computation that used the network to recreate itself on another
node, and spread from node to node.
[7] John Metcalf (2014). Core War: Creeper & Reaper.
Retrieved 2014-05-01.
1.8. REFERENCES
[8] Creeper - The Virus Encyclopedia

[9] What was the First Antivirus Software?
[35] SAM Identies Virus-Infected Files, Repairs Applications, InfoWorld, May 22, 1989
[10] Elk Cloner. Retrieved 2010-12-10.
[36] SAM Update Lets Users Program for New Viruses, InfoWorld, Feb 19, 1990
[11] Top 10 Computer Viruses: No. 10 - Elk Cloner. Retrieved 2010-12-10.
[37] TG Soft History
[12] List of Computer Viruses Developed in 1980s. Retrieved 2010-12-10.
[39] CARO Members. CARO. Retrieved 6 June 2011.
[13] Fred Cohen: Computer Viruses Theory and Experiments (1983)

[14] Fred Cohen 1988 On the implications of Computer
Viruses and Methods of Defense
[15] Pter Szr: The Art of Computer Virus Research and
Defense (2005)
[16] VirusBulletin: In memoriam: Pter Szr 1970-2013
(2013)
[17] History of viruses
[18] Leyden, John (January 19, 2006). PC virus celebrates
20th birthday. The Register. Retrieved March 21, 2011.
[19] Panda Security (April 2004). "(II) Evolution of computer
viruses. Archived from the original on 2 August 2009.
[20] Kaspersky Lab Virus list
[21] Wells, Joe (1996-08-30). Virus timeline. IBM.
Archived from the original on 4 June 2008. Retrieved
2008-06-06.
[22] G Data Software AG (2011). G Data presents security
rsts at CeBIT 2010. Retrieved 22 August 2011.
[38] Sklason and Bontchev: Virus Naming Scheme (1991)
[40] CAROids, Hamburg 2003

[41] F-Secure Weblog : News from the Lab. F-secure.com.
[42] About EICAR. EICAR ocial website. Retrieved 28
October 2013.
[43] David Harley, Lysa Myers & Eddy Willems. Test Files
and Product Evaluation: the Case for and against Malware Simulation (PDF). AVAR2010 13th Association of
anti Virus Asia Researchers International Conference. Retrieved June 30, 2011.
[44] Dr. Web LTD Doctor Web / Dr. Web Reviews, Best
AntiVirus Software Reviews, Review Centre. Reviewcentre.com. Retrieved 2014-02-17.
[45] [In 1994, AV-Test.org reported 28,613 unique malware
samples (based on MD5). A Brief History of Malware;
The First 25 Years"]
[46] BitDefender Product History.
[47] InfoWatch Management. InfoWatch. Retrieved 12 August 2013.
[48] Linuxvirus
[49]
[23] Karsmakers, Richard (January 2010). The ultimate

Virus Killer UVK 2000. Retrieved 22 August 2011.
[50] Sourcere acquires ClamAV. ClamAV. 2007-09-17.

[24] McAfee Becomes Intel Security. McAfee Inc. Retrieved 15 January 2014.
[51] Cisco Completes Acquisition of Sourcere. cisco.com.

2013-10-07. Retrieved 2014-06-18.
[25] Cavendish, Marshall (2007). Inventors and Inventions,

Volume 4. Paul Bernabeo. p. 1033. ISBN 0761477675.
[52] "(german) Interview with Morten Lund in Brandeins.
[26] Cohen, Fred, An Undetectable Computer Virus

(Archived), 1987, IBM
[27] Patricia A. Yevics:"Flu Shot for Computer Viruses
[28] How friends help friends on the Internet: The Ross Greenberg Story
[29] Anti-virus is 30 years old
[30] A Brief History of Antivirus Software
[31] Antivirus software history
[32] http://www.frisk.is/fyrirtaeki.html
[33] VIRUS-L mailing list archive
[34] Symantec Softwares and Internet Security at PCM
[53] The digital detective: Mikko Hypponens war on malware is escalating. (March 2012, Wired)
[54] James Lyne: Everyday cybercrime and what you can
do about it (February 2013, TED)
[55] Szor 2005, pp. 6667
[56] New virus travels in PDF les. 7 August 2001. Retrieved 2011-10-29.
[57] Slipstick Systems (February 2009). Protecting Microsoft
Outlook against Viruses. Archived from the original on
2 June 2009. Retrieved 2009-06-18.
[58] Jon Oberheide: CloudAV: N-Version Antivirus in the
Network Cloud (2008, Usenix)
[59] TECHNOLOGY OVERVIEW. AVG Security. Retrieved 16 February 2015.
10
[60] NetworkWorld, Ellen Messmer, August 19, 2014:"Startup oers up endpoint detection and response for behaviorbased malware detection
[61] HSToday.US, Kylie Bull, June 19, 2014:"Bromium Research Reveals Insecurity In Existing Endpoint Malware
Protection Deployments
[62] Sandboxing against unknown zero day threats. Retrieved 2015-01-30.
[63] Szor 2005, pp. 474481
[64] A Machine Learning Approach to Anti-virus System
[65] Data Mining Methods for Malware Detection
[66] Data mining and Machine Learning in Cybersecurity
[67] Analysis of Machine learning Techniques Used in
Behavior-Based Malware Detection
[68] A survey of data mining techniques for malware detection
using le features
[69] Intelligent automatic malicious code signatures extraction
[70] Malware Detection by Data Mining Techniques Based on
Positionally Dependent Features
[71] Data mining methods for detection of new malicious executables
[72] IMDS: Intelligent Malware Detection System
[73] Learning to Detect and Classify Malicious Executables in
the Wild
[74] Malware detection using statistical analysis of byte-level
le content
[75] An intelligent PE-malware detection system based on association mining
[76] Malware detection based on mining API calls
[77] Andromaly": a behavioral malware detection framework
for android devices
[78] Szor 2005, pp. 252288
[79] Generic detection. Kaspersky. Retrieved 2013-07-11.
[80]
[81]
[82]
[83]
[84]
[85] Kelly, Michael (October 2006). Buying Dangerously.

[86] Bitdefender (2009). Automatic Renewal. Retrieved
2009-11-29.
[87] Symantec (2014). Norton Automatic Renewal Service
FAQ. Retrieved 2014-04-09.
[88] SpywareWarrior (2007). Rogue/Suspect Anti-Spyware
Products & Web Sites. Retrieved 2009-11-29.
[89] Emil Protalinski (November 11, 2008). AVG incorrectly
ags user32.dll in Windows XP SP2/SP3. Ars Technica.
[90] McAfee to compensate businesses for buggy update, retrieved 2 December 2010
[91] Buggy McAfee update whacks Windows XP PCs, archived
from the original on 13 January 2011, retrieved 2 December 2010
[92] Aaron Tan (May 24, 2007). Flawed Symantec update
cripples Chinese PCs. CNET Networks. Retrieved 200904-05.
[93] David Harris (June 29, 2009). January 2010 - Pegasus
Mail v4.52 Release. Pegasus Mail. Archived from the
original on 28 May 2010. Retrieved 2010-05-21.
[94] McAfee DAT 5958 Update Issues. 21 April 2010.
Archived from the original on 24 April 2010. Retrieved
22 April 2010.
[95] Botched McAfee update shutting down corporate XP
machines worldwide. 21 April 2010. Archived from the
original on 22 April 2010. Retrieved 22 April 2010.
[96] John Leyden (December 2, 2010). Horror AVG update
ballsup bricks Windows 7. The Register. Retrieved 201012-02.
[97] MSE false positive detection forces Google to update
Chrome, retrieved 3 October 2011
[98] Sophos Antivirus Detects Itself as Malware, Deletes Key Binaries, The Next Web, retrieved 5 March 2014
[99] Shh/Updater-B false positive by Sophos anti-virus products, Sophos, retrieved 5 March 2014
[100] Microsoft (January 2007). Plus! 98: How to Remove

McAfee VirusScan. Archived from the original on 27
Symantec
Corporation
(February
2009).
September 2014. Retrieved 2014-09-27.
Trojan.Vundo. Archived from the original on 9
April 2009. Retrieved 2009-04-14.
[101] Robert Vamosi (May 28, 2009). G-Data Internet Security 2010. PC World. Retrieved 2011-02-24.
Symantec
Corporation
(February
2007).
Trojan.Vundo.B.
Archived from the original on [102] Kelly Jackson Higgins (May 5, 2010). New Microsoft
27 April 2009. Retrieved 2009-04-14.
Forefront Software Runs Five Antivirus Vendors Engines. Darkreading. Retrieved 2011-02-24.
Antivirus Research and Detection Techniques. ExtremeTech. Archived from the original on 27 February [103] Microsoft (April 2009). Steps to take before you install
Windows XP Service Pack 3. Archived from the original
2009. Retrieved 2009-02-24.
on 8 December 2009. Retrieved 2009-11-29.
Rootkit
[104] Upgrading from Windows Vista to Windows 7. ReKaspersky Lab Technical Support Portal Archived 13
trieved 24 March 2012. Mentioned within Before you
February 2011 at WebCite
begin.
1.9. BIBLIOGRAPHY
11
[105] Upgrading to Microsoft Windows Vista recommended [126] Phrack Inc. Persistent BIOS Infection. June 1, 2009.
steps.. Retrieved 24 March 2012.
Archived from the original on 30 April 2011. Retrieved
2011-03-06.
[106] How to troubleshoot problems during installation when
you upgrade from Windows 98 or Windows Millennium [127] Turning USB peripherals into BadUSB. Retrieved
2014-10-11.
Edition to Windows XP. Last Review: May 7, 2007.
Retrieved 24 March 2012. Check date values in: |date=
[128] Why the Security of USB Is Fundamentally Broken.
(help) Mentioned within General troubleshooting.
2014-07-31. Retrieved 2014-10-11.
[107] Troubleshooting. Retrieved 2011-02-17.
[129] How Antivirus Software Can Slow Down Your Computer. Support.com Blog. Retrieved 2010-07-26.
[108] Spyware, Adware, and Viruses Interfering with Steam.
Retrieved 11 April 2013. Steam support page.
[130] Softpedia Exclusive Interview: Avira 10. Ionut Ilascu.
Softpedia. 14 April 2010. Retrieved 2011-09-11.
[109] Field Notice: FN - 63204 - Cisco Clean Access has Interoperability issue with Symantec Anti-virus - delays Agent
[131] Norton AntiVirus ignores malicious WMI instructions.
start-up
Munir Kotadia. CBS Interactive. 21 October 2004. Retrieved 2009-04-05.
[110] Dan Goodin (December 21, 2007). Anti-virus protection gets worse. Channel Register. Retrieved 2011-02[132] Zeltser, Lenny (October 2010). What Is Cloud Anti24.
Virus and How Does It Work?". Archived from the original on 10 October 2010. Retrieved 2010-10-26.
[111]
[112] Dan Illett (July 13, 2007). Hacking poses threats to busi- [133] Jon Erickson (August 6, 2008). Antivirus Software
Heads for the Clouds. Information Week. Retrieved
ness. Computer Weekly. Retrieved 2009-11-15.
2010-02-24.
[113] Tom Espiner (June 30, 2008). Trend Micro: Antivirus
industry lied for 20 years. ZDNet. Retrieved 2014-09- [134] Brian Krebs (March 9, 2007). Online Anti-Virus Scans:
A Free Second Opinion. Washington Post. Retrieved
27.
2011-02-24.
[114] AV Comparatives (December 2013). Whole Prod[135] Ryan Naraine (February 2, 2007). Trend Micro ships
uct Dynamic Real World Production Test (PDF).
free 'rootkit buster'". ZDNet. Retrieved 2011-02-24.
Archived (PDF) from the original on 2 January 2013. Retrieved 2 January 2014.
[136] Neil J. Rubenking (March 26, 2010). Avira AntiVir Per[115] Guidelines released for antivirus software tests
[116] Harley, David (2011). AVIEN Malware Defense Guide for
the Enterprise. Elsevier. p. 487. ISBN 9780080558660.
[117] Kotadia, Munir (July 2006). Why popular antivirus apps
'do not work'". Retrieved 14 April 2010.
[118] The Canadian Press (April 2010). Internet scam uses
adult game to extort cash. CBC News. Archived from the
original on 18 April 2010. Retrieved 17 April 2010.
[119] Researchers up evilness ante with GPU-assisted malware
- Coming to a PC near you, by Dan Goodin
[120] GIBSON RESEARCH CORPORATION SERIES: Security Now!
[121] Cryptolocker Ransomware: What You Need To Know.
sonal 10. PC Magazine. Retrieved 2011-02-24.

[137] Neil J. Rubenking (September 16, 2010). PC Tools Spyware Doctor with AntiVirus 2011. PC Magazine. Retrieved 2011-02-24.
[138] Neil J. Rubenking (October 4, 2010). AVG Anti-Virus
Free 2011. PC Magazine. Retrieved 2011-02-24.
[139] Neil J. Rubenking (November 19, 2009). PC Tools Internet Security 2010. PC Magazine. Retrieved 2011-0224.
[140] Carrie-Ann Skinner (March 25, 2010). AVG Oers Free
Emergency Boot CD. PC World. Retrieved 2011-02-24.
[141] FBI estimates major companies lose $12m annually from
viruses. 30 January 2007. Retrieved 20 February 2011.
[142] Michael Kaiser (April 17, 2009). Small and Medium
Size Businesses are Vulnerable. National Cyber Security
Alliance. Retrieved 2011-02-24.
[122] How Anti-Virus Software Works. Retrieved 2011-02- [143] Nearly 50% of women don't use antivirus. SPAM16.
ghter.
[123] BT Home Hub Firmware Upgrade Procedure. Retrieved 2011-03-06.
[124] The 10 faces of computer malware. July 17, 2009. Retrieved 2011-03-06.
[125] New BIOS Virus Withstands HDD Wipes. 27 March
2009. Retrieved 2011-03-06.
1.9 Bibliography
Szor, Peter (2005), The Art of Computer Virus Research and Defense, Addison-Wesley, ISBN 0-32130454-3
12
1.10 External links

Antivirus software at DMOZ
Chapter 2
Application security
Asset. A resource of value such as the data in a
database or on the le system, or a system resource.
Application security (short: AppSec) encompasses

measures taken throughout the codes life-cycle to prevent
gaps in the security policy of an application or the underlying system (vulnerabilities) through aws in the design,
development, deployment, upgrade, or maintenance of
the application.
Threat. Anything that can exploit a vulnerability

and obtain, damage, or destroy an asset.
Vulnerability. A weakness or gap in security program that can be exploited by threats to gain unauthorized access to an asset.
Applications only control the kind of resources granted to

them, and not which resources are granted to them. They,
in turn, determine the use of these resources by users of
the application through application security.
Open Web Application Security Project (OWASP) and
Web Application Security Consortium (WASC) updates
on the latest threats which impair web based applications.
This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP
Top 10 has become an industrial norm in assessing Web
Applications.
Attack (or exploit). An action taken to harm an asset.

Countermeasure. A safeguard that addresses a
threat and mitigates risk.
2.3 Application Threats / Attacks

According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks:[1]
2.1 Methodology
According to the patterns & practices Improving Web Application Security book, a principle-based approach for
application security includes:[1]
2.4 Mobile application security

Main article: Mobile security
Knowing your threats.
OWASP, a leading application security industry authority, has acknowledged and prioritized the need for mobile
application security, and recommended binary protection
Incorporating security into your software develop- to mitigate the business and technical risks that mobile
ment process
apps face. See Mobile Security Project - Top Ten Mobile
Risks for Top Ten Mobile Risks based on new vulneraNote that this approach is technology / platform indepen- bility statistics in the eld of mobile applications.
dent. It is focused on principles, patterns, and practices. The proportion of mobile devices providing open platform functionality is expected to continue to increase in
future. The openness of these platforms oers signicant
2.2 Threats, Attacks, Vulnerabili- opportunities to all parts of the mobile eco-system by delivering the ability for exible program and service delivties, and Countermeasures
ery options that may be installed, removed or refreshed
multiple times in line with the users needs and requireAccording to the patterns & practices Improving Web Ap- ments. However, with openness comes responsibility and
plication Security book, the following terms are relevant unrestricted access to mobile resources and APIs by apto application security:[1]
plications of unknown or untrusted origin could result in
Securing the network, host and application..
13
14
damage to the user, the device, the network or all of these,
if not managed by suitable security architectures and network precautions. Application security is provided in
some form on most open OS mobile devices (Symbian
OS,[2] Microsoft, [3] BREW, etc.). Industry groups have
also created recommendations including the GSM Association and Open Mobile Terminal Platform (OMTP).[4]
CHAPTER 2. APPLICATION SECURITY

commercially versus trying to trace every possible path
through a compiled code base to nd the root cause level
vulnerabilities.
The two types of automated tools associated with application vulnerability detection (application vulnerability scanners) are Penetration Testing Tools (often categorized as Black Box Testing Tools) and static code analyThere are several strategies to enhance mobile application sis tools (often categorized as White Box Testing Tools).
security including
Tools for Black Box Testing include IBM Rational AppScan, HP Application Security Center[5] suite of applications (through the acquisition of SPI Dynamics[6] ), N Application white listing
Stalker Web Application Security Scanner (original de Ensuring transport layer security
velopers of N-Stealth back in 2000), Nikto (open source),
and NTObjectives.
Strong authentication and authorization
[7][8]
Static code analysis tools include Coverity,[9]
Encryption of data when written to memory
Polyspace,[10] ECLAIR,[11] GrammaTech,[12] Fortify
Software, Klocwork,[13] Parasoft,[14] and Veracode.[15]
Sandboxing of applications
According to Gartner Research,[16] "...next-generation
Granting application access on a per-API level
modern Web and mobile applications requires a combination of SAST and DAST techniques, and new in Processes tied to a user ID
teractive application security testing (IAST) approaches
Predened interactions between the mobile applica- have emerged that combine static and dynamic techniques to improve testing..., including: Contrast [17]
tion and the OS
and Quotium Technologies.[18] Because IAST combines
Requiring user input for privileged/elevated access SAST and DAST techniques, the results are highly actionable, can be linked to the specic line of code, and
Proper session handling
can be recorded for replay later for developers.
2.5 Security testing for applications

Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave
applications open to exploitation. Ideally, security testing
is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. Unfortunately,
testing is often conducted as an afterthought at the end of
the development cycle.
Banking and large E-Commerce corporations have been

the very early adopter customer prole for these types
of tools. It is commonly held within these rms that
both Black Box testing and White Box testing tools are
needed in the pursuit of application security. Typically
sited, Black Box testing (meaning Penetration Testing
tools) are ethical hacking tools used to attack the application surface to expose vulnerabilities suspended within
the source code hierarchy. Penetration testing tools are
executed on the already deployed application. White Box
testing (meaning Source Code Analysis tools) are used
by either the application security groups or application
development groups. Typically introduced into a company through the application security organization, the
White Box tools complement the Black Box testing tools
in that they give specic visibility into the specic root
vulnerabilities within the source code in advance of the
source code being deployed. Vulnerabilities identied
with White Box testing and Black Box testing are typically in accordance with the OWASP taxonomy for software coding errors. White Box testing vendors have recently introduced dynamic versions of their source code
analysis methods; which operates on deployed applications. Given that the White Box testing tools have dynamic versions similar to the Black Box testing tools, both
tools can be correlated in the same software error detection paradigm ensuring full application protection to the
client company.
Vulnerability scanners, and more specically web application scanners, otherwise known as penetration testing
tools (i.e. ethical hacking tools) have been historically
used by security organizations within corporations and
security consultants to automate the security testing of
http request/responses; however, this is not a substitute
for the need for actual source code review. Physical code
reviews of an applications source code can be accomplished manually or in an automated fashion. Given the
common size of individual programs (often 500,000 lines
of code or more), the human brain can not execute a comprehensive data ow analysis needed in order to completely check all circuitous paths of an application program to nd vulnerability points. The human brain is
suited more for ltering, interrupting and reporting the
The advances in professional Malware targeted at the
outputs of automated source code analysis tools available
2.7. SECURITY STANDARDS AND REGULATIONS

Internet customers of online organizations has seen a
change in Web application design requirements since
2007. It is generally assumed that a sizable percentage
of Internet users will be compromised through malware
and that any data coming from their infected host may
be tainted. Therefore application security has begun to
manifest more advanced anti-fraud and heuristic detection systems in the back-oce, rather than within the
client-side or Web server code.[19]
2.6 Security certications

There are a number of certications available for security professionals to demonstrate their knowledge in the
subject matter (e.g. Certied Information Systems Security Professional, Certied Information Security Manager, etc.), however the usefulness of security certications and certications in general typically receives mixed
reviews by experienced professionals.
2.7 Security standards and regulations

Sarbanes-Oxley Act (SOX)
Health Insurance Portability and Accountability Act
(HIPAA)
IEEE P1074
ISO/IEC 7064:2003 Information technology -- Security techniques -- Check character systems
ISO/IEC 9796-2:2002 Information technology -- Security techniques -- Digital signature schemes giving message recovery -- Part 2: Integer factorization
based mechanisms
ISO/IEC 9796-3:2006 Information technology -- Security techniques -- Digital signature schemes giving
message recovery -- Part 3: Discrete logarithm based
mechanisms
15
ISO/IEC 9798-2:1999 Information technology -Security techniques -- Entity authentication -- Part
2: Mechanisms using symmetric encipherment algorithms
ISO/IEC 9798-3:1998 Information technology -- Security techniques -- Entity authentication -- Part 3:
Mechanisms using digital signature techniques
Mechanisms using a cryptographic check function
Mechanisms using zero-knowledge techniques
Mechanisms using manual data transfer
ISO/IEC 14888-1:1998 Information technology - Security techniques -- Digital signatures with appendix -- Part 1: General
ISO/IEC 14888-2:1999 Information technology - Security techniques -- Digital signatures with appendix -- Part 2: Identity-based mechanisms
ISO/IEC 14888-3:2006 Information technology - Security techniques -- Digital signatures with appendix -- Part 3: Discrete logarithm based mechanisms
ISO/IEC 27001:2005 and ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements
ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information
security management
ISO/IEC 24762:2008 Information technology -- Security techniques -- Guidelines for information and
communications technology disaster recovery services - now withdrawn.
ISO/IEC 9797-1:1999 Information technology -- Security techniques -- Message Authentication Codes

(MACs) -- Part 1: Mechanisms using a block cipher
ISO/IEC 27006:2007 Information technology -- Security techniques -- Requirements for bodies providing audit and certication of information security
management systems
ISO/IEC 9797-2:2002 Information technology -- Security techniques -- Message Authentication Codes

(MACs) -- Part 2: Mechanisms using a dedicated
hash-function
ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for ICT readiness for
Business Continuity

General
ISO/IEC 27034-1:2011 Information technology

Security techniques Application security -- Part 1:
Overview and concepts
16
ISO/IEC TR 24772:2013 Information technology
Programming languages Guidance to avoiding
vulnerabilities in programming languages through
language selection and use
Gramm-Leach-Bliley Act
PCI Data Security Standard (PCI DSS)
2.8 See also

Countermeasure
CHAPTER 2. APPLICATION SECURITY
[12] http://www.grammatech.com/products/codesonar GrammaTech CodeSonar

[13] http://www.klocwork.com/products Klocwork Insight
[14] http://www.parasoft.com/parasoft_security Parasoft Application Security Solution
[15] http://www.veracode.com/solutions Veracode Security
Static Analysis Solutions
[16] http://www.gartner.com/technology/reprints.do?
id=1-1GT3BKT&ct=130702&st=sb&mkt_tok=
3RkMMJWWfF9wsRokvazAZKXonjHpfsX76%
252B4qX6WylMI%252F0ER3fOvrPUfGjI4CTsRmI%
252BSLDwEYGJlv6SgFTbnFMbprzbgPUhA%253D
Data security
[17] http://www.ContrastSecurity.com
Database security
[18] http://www.quotium.com
Information security
Trustworthy Computing Security Development
Lifecycle
Web application
Web application framework
XACML
HERAS-AF
2.9 References
[1] Improving Web Application Security: Threats and Countermeasures, published by Microsoft Corporation.
[2] Platform Security Concepts, Simon Higginson.
[3] Windows Phone 8.1 Security Overview
[4] Application Security Framework, Open Mobile Terminal
Platform
[19] Continuing Business with Malware Infected Customers.

Gunter Ollmann. October 2008.
2.10 External links

Open Web Application Security Project OWASP
The Web Application Security Consortium
The Microsoft Security Development Lifecycle
(SDL)
patterns & practices Security Guidance for Applications
Advantages of an integrated security solution for
HTML and XML
patterns & practices Application Security Methodology
Understanding the Windows Mobile Security
Model, Windows Mobile Security]
Application Security, Building Business Agreement
[5] Application security: Find web application security vulnerabilities during every phase of the software development lifecycle, HP center
[6] HP acquires SPI Dynamics, CNET news.com
[7] http://www.securityweek.com/
web-application-scanners-challenged-modern-web-technologies
[8] http://www.ntobjectives.com/security-software/
ntospider-application-security-scanner/
[9] http://www.coverity.com/products Coverity Static Analysis
[10] http://www.mathworks.com/products/polyspace/index.
html Polyspace Static Analysis
[11] http://bugseng.com/products/eclair ECLAIR Software
Verication Platform
Chapter 3
Backdoor (computing)
A backdoor in a computer system (or cryptosystem
or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and
so on, while attempting to remain undetected. The
backdoor may take the form of a hidden part of a
program,[1] a separate program (e.g., Back Orice) may
subvert the system through a rootkit[2]
proprietary software (software whose source code is not

publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code
as Easter eggs in programs, although such cases may involve ocial forbearance, if not actual permission.
Default passwords can function as backdoors if they are 3.1.1 Examples

not changed by the user. Some debugging features can
also act as backdoors if they are not removed in the release Many computer worms, such as Sobig and Mydoom, inversion.[3]
stall a backdoor on the aected computer (generally a PC
on broadband running Microsoft Windows and Microsoft
Outlook). Such backdoors appear to be installed so that
spammers can send junk e-mail from the infected ma3.1 Overview
chines. Others, such as the Sony/BMG rootkit distributed
silently on millions of music CDs through late 2005, are
The threat of backdoors surfaced when multiuser and net- intended as DRM measuresand, in that case, as data
worked operating systems became widely adopted. Pe- gathering agents, since both surreptitious programs they
tersen and Turn discussed computer subversion in a pa- installed routinely contacted central servers.
per published in the proceedings of the 1967 AFIPS A sophisticated attempt to plant a backdoor in the Linux
Conference.[4] They noted a class of active inltration at- kernel, exposed in November 2003, added a small and
tacks that use trapdoor entry points into the system to subtle code change by subverting the revision control sysbypass security facilities and permit direct access to data.
tem.[6] In this case, a two-line change appeared to check
The use of the word trapdoor here clearly coincides with root access permissions of a caller to the sys_wait4 funcmore recent denitions of a backdoor. However, since
tion, but because it used assignment = instead of equality
the advent of public key cryptography the term trapdoor checking ==, it actually granted permissions to the syshas acquired a dierent meaning (see trapdoor function),
tem. This dierence is easily overlooked, and could even
and thus the term backdoor is now preferred. More be interpreted as an accidental typographical error, rather
generally, such security breaches were discussed at length
than an intentional attack.[7]
in a RAND Corporation task force report published under
ARPA sponsorship by J.P. Anderson and D.J. Edwards in In January 2014, a backdoor was discovered in certain
Samsung Android products, like the Galaxy devices. The
1970.[5]
Samsung proprietary Android versions are tted with a
A backdoor in a login system might take the form of a backdoor that provides remote access to the data stored
hard coded user and password combination which gives on the device. In particular, the Samsung Android softaccess to the system. A famous example of this sort ware that is in charge of handling the communications
of backdoor was used as a plot device in the 1983 lm with the modem, using the Samsung IPC protocol, imWarGames, in which the architect of the "WOPR" com- plements a class of requests known as remote le server
puter system had inserted a hardcoded password (his dead (RFS) commands, that allows the backdoor operator to
sons name) which gave the user access to the system, perform via modem remote I/O operations on the device
and to undocumented parts of the system (in particular, hard disk or other storage. As the modem is running Sama video game-like simulation mode and direct interaction sung proprietary Android software, it is likely that it ofwith the articial intelligence).
fers over-the-air remote control that could then be used
Although the number of backdoors in systems using to issue the RFS commands and thus to access the le
17
18
CHAPTER 3. BACKDOOR (COMPUTING)
system on the device.[8]
3.1.2
Object code backdoors
Harder to detect backdoors involve modifying object

code, rather than source code object code is much
harder to inspect, as it is designed to be machinereadable, not human-readable. These backdoors can be
inserted either directly in the on-disk object code, or inserted at some point during compilation, assembly linking, or loading in the latter case the backdoor never appears on disk, only in memory. Object code backdoors
are dicult to detect by inspection of the object code,
but are easily detected by simply checking for changes
(dierences), notably in length or in checksum, and in
some cases can be detected or analyzed by disassembling
the object code. Further, object code backdoors can be
removed (assuming source code is available) by simply
recompiling from source.
Thus for such backdoors to avoid detection, all extant
copies of a binary must be subverted, and any validation checksums must also be compromised, and source
must be unavailable, to prevent recompilation. Alternatively, these other tools (length checks, di, checksumming, disassemblers) can themselves be compromised to
conceal the backdoor, for example detecting that the subverted binary is being checksummed and returning the
expected value, not the actual value. To conceal these further subversions, the tools must also conceal the changes
in themselves for example, a subverted checksummer
must also detect if it is checksumming itself (or other
subverted tools) and return false values. This leads to extensive changes in the system and tools being needed to
conceal a single change.
Because object code can be regenerated by recompiling
(reassembling, relinking) the original source code, making a persistent object code backdoor (without modifying source code) requires subverting the compiler itself
so that when it detects that it is compiling the program under attack it inserts the backdoor or alternatively the assembler, linker, or loader. As this requires
subverting the compiler, this in turn can be xed by recompiling the compiler, removing the backdoor insertion
code. This defense can in turn be subverted by putting
a source meta-backdoor in the compiler, so that when it
detects that it is compiling itself it then inserts this metabackdoor generator, together with the original backdoor
generator for the original program under attack. After
this is done, the source meta-backdoor can be removed,
and the compiler recompiled from original source with
the compromised compiler executable: the backdoor has
been bootstrapped. This attack dates to Karger & Schell
(1974), and was popularized in Thompson (1984), entitled Reections on Trusting Trust"; it is hence colloquially known as the Trusting Trust attack. See compiler
backdoors, below, for details. Analogous attacks can target lower levels of the system, such as the operating sys-
tem, and can be inserted during the system booting process; these are also mentioned in Karger & Schell (1974),
and now exist in the form of boot sector viruses.[9]
3.1.3 Asymmetric backdoors

A traditional backdoor is a symmetric backdoor: anyone
that nds the backdoor can in turn use it. The notion of
an asymmetric backdoor was introduced by Adam Young
and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be
used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via
publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable
to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been
termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors
is part of a larger eld now called cryptovirology. Notably, NSA inserted a kleptographic backdoor into the
Dual_EC_DRBG standard.[2][10][11]
There exists an experimental asymmetric backdoor in
RSA key generation. This OpenSSL RSA backdoor was
designed by Young and Yung, utilizes a twisted pair of
elliptic curves, and has been made available.[12]
3.2 Compiler backdoors

A sophisticated form of black box backdoor is a compiler backdoor, where not only is a compiler subverted
(to insert a backdoor in some other program, such as
a login program), but it is further modied to detect
when it is compiling itself and then inserts both the backdoor insertion code (targeting the other program) and
the code modifying self-compilation, like the mechanism
how retroviruses infect their host. This can be done by
modifying the source code, and the resulting compromised compiler (object code) can compile the original
(unmodied) source code and insert itself: the exploit has
been boot-strapped.
This attack was originally presented in Karger & Schell
(1974, p. 52, section 3.4.5: Trap Door Insertion),
which was a United States Air Force security analysis of
Multics, where they described such an attack on a PL/I
compiler, and call it a compiler trap door"; they also
mention a variant where the system initialization code is
modied to insert a backdoor during booting, as this is
complex and poorly understood, and call it an initialization trapdoor"; this is now known as a boot sector virus.[9]
This attack was then actually implemented and popularized by Ken Thompson in Thompson (1984), in his
Turing Award acceptance speech in 1983 (published
1984), Reections on Trusting Trust, which points out
3.3. LIST OF KNOWN BACKDOORS
19
that trust is relative, and the only software one can truly
trust is code where every step of the bootstrapping has
been inspected. This backdoor mechanism is based on
the fact that people only review source (human-written)
code, and not compiled machine code (object code). A
program called a compiler is used to create the second
from the rst, and the compiler is usually trusted to do an
honest job.
is very hard for the rightful user to regain control of

the system typically one should rebuild a clean system
and transfer data (but not executables!) over. However,
several practical weaknesses in the Trusting Trust scheme
have been suggested. For example, a suciently motivated user could painstakingly review the machine code
of the untrusted compiler before using it. As mentioned
above, there are ways to hide the Trojan horse, such as
subverting the disassembler; but there are ways to counter
Thompsons paper describes a modied version of the
that defense, too, such as writing your own disassembler
Unix C compiler that would:
from scratch.
Put an invisible backdoor in the Unix login com- A generic method to counter trusting trust attacks is
mand when it noticed that the login program was called Diverse Double-Compiling (DDC). The method
requires a dierent compiler and the source code of the
being compiled, and as a twist
compiler-under-test. That source, compiled with both
Also add this feature undetectably to future compiler compilers, results in two dierent stage-1 compilers,
versions upon their compilation as well.
which however should have the same behavior. Thus
the same source compiled with both stage-1 compilers
Because the compiler itself was a compiled program, must then result in two identical stage-2 compilers. A
users would be extremely unlikely to notice the machine formal proof is given that the latter comparison guarancode instructions that performed these tasks. (Because of tees that the purported source code and executable of
the second task, the compilers source code would appear the compiler-under-test correspond, under some assumpclean.) Whats worse, in Thompsons proof of concept tions. This method was applied by its author to verify that
implementation, the subverted compiler also subverted the C compiler of the GCC suite (v. 3.0.4) contained no
the analysis program (the disassembler), so that anyone trojan, using icc (v. 11.0) as the dierent compiler.[16]
who examined the binaries in the usual way would not actually see the real code that was running, but something In practice such verications are not done by end users,
except in extreme circumstances of intrusion detection
else instead.
and analysis, due to the rarity of such sophisticated atAn updated analysis of the original exploit is given in tacks, and because programs are typically distributed in
Karger & Schell (2002, Section 3.2.4: Compiler trap binary form. Removing backdoors (including compiler
doors), and a historical overview and survey of the liter- backdoors) is typically done by simply rebuilding a clean
ature is given in Wheeler (2009, Section 2: Background system. However, the sophisticated verications are of
and related work).
interest to operating system vendors, to ensure that they
are not distributing a compromised system, and in highsecurity settings, where such attacks are a realistic con3.2.1 Occurrences
cern.
Thompsons version was, ocially, never released into
the wild. It is believed, however, that a version was distributed to BBN and at least one use of the backdoor
was recorded.[13] There are scattered anecdotal reports
of such backdoors in subsequent years.[14]
This attack was recently (August 2009) discovered by
Sophos labs: The W32/Induc-A virus infected the program compiler for Delphi, a Windows programming language. The virus introduced its own code to the compilation of new Delphi programs, allowing it to infect
and propagate to many systems, without the knowledge
of the software programmer. An attack that propagates
by building its own Trojan horse can be especially hard to
discover. It is believed that the Induc-A virus had been
propagating for at least a year before it was discovered.[15]
3.2.2
Countermeasures
Once a system has been compromised with a backdoor

or Trojan horse, such as the Trusting Trust compiler, it
3.3 List of known backdoors

Back Orice was created in 1998 by hackers from
Cult of the Dead Cow group as a remote administration tool. It allowed Windows computers to be remotely controlled over a network and exploited the
name similarity with Microsoft BackOce.
The Dual_EC_DRBG cryptographically secure
pseudorandom number generator was revealed in
2013 to possibly have a kleptographic backdoor deliberately inserted by NSA, who also had the private
key to the backdoor.[2][11]
Several backdoors in the pirated copies of
WordPress plug-ins were discovered in March
2014.[17] They were inserted as obfuscated
JavaScript code and silently created, for example, an admin account in the website database.
20
CHAPTER 3. BACKDOOR (COMPUTING)

The similar scheme was later exposed in Joomla
plugin.[18]
[18] Sinegubko, Denis. Joomla Plugin Constructor Backdoor. Securi. Retrieved 13 March 2015.
Borland Interbase versions 4.0 through 6.0 had a

hard-coded backdoor, put there by the developers.
The server code contains a compiled-in backdoor
account (username: politically, password: correct),
which could be accessed over a network connection, and once a user logged in with it, he could
take full control over all Interbase databases. The
backdoor was detected in 2001 and the patch was
released.[19][20]
[19] Vulnerability Note VU#247371. Vulnerability Note

Database. Retrieved 13 March 2015.
3.4 References
[1] Chris Wysopal, Chris Eng. Static Detection of Application Backdoors (PDF). Veracode. Retrieved 2015-0314.
[2] .wired.com: How a Crypto Backdoor Pitted the Tech
World Against the NSA (Zetter) 24 Sep 2013
[3] http://blog.erratasec.com/2012/05/
bogus-story-no-chinese-backdoor-in.html
[4] H.E. Petersen, R. Turn. System Implications of Information Privacy. Proceedings of the AFIPS Spring Joint
Computer Conference, vol. 30, pages 291300. AFIPS
Press: 1967.
[5] Security Controls for Computer Systems, Technical Report
R-609, WH Ware, ed, Feb 1970, RAND Corp.
[6] Larry McVoy (November 5, 2003) Linux-Kernel Archive:
Re: BK2CVS problem. ussg.iu.edu
[7] Thwarted Linux backdoor hints at smarter hacks; Kevin
Poulsen; SecurityFocus, 6 November 2003.
[8] replicant.us: Samsung Galaxy Back-door 28 Jan 2014
[9] Karger & Schell 2002.
[20] Interbase Server Contains Compiled-in Back Door Account. http://www.cert.org/''. Retrieved 13 March 2015.
Karger, Paul A.; Schell, Roger R. (June 1974).

Multics Security Evaluation: Vulnerability Analysis
(PDF). Vol II (ESD-TR-74-193).
Karger, Paul A.; Schell, Roger R. (September
18, 2002). Thirty Years Later: Lessons from
the Multics Security Evaluation (PDF). Computer Security Applications Conference, 2002.
Proceedings.
18th Annual (IEEE): 119126.
doi:10.1109/CSAC.2002.1176285.
Retrieved
2014-11-08.
Thompson, Ken (August 1984). Reections on
Trusting Trust. Communications of the ACM 27
(8): 761763. doi:10.1145/358198.358210. Retrieved 2014-11-08.
Wheeler, David A. (7 December 2009). Fully
Countering Trusting Trust through Diverse DoubleCompiling (Ph.D.). Fairfax, VA: George Mason
University. Retrieved 2014-11-09.
3.5 External links

Three Archaic Backdoor Trojan Programs That Still
Serve Great Pranks
Backdoors removal List of backdoors and their
removal instructions.
FAQ Farms Backdoors FAQ: wiki question and answer forum
[10] G+M: The strange connection between the NSA and an

Ontario tech rm 20 Jan 2014
List of backdoors and Removal
[11] nytimes.com: N.S.A. Able to Foil Basic Safeguards of

Privacy on Web (Perlroth et al) 5 Sep 2013
David A. Wheelers Page on Fully Countering Trusting Trust through Diverse DoubleCompilingAuthors 2009 Ph.D. thesis at George
Mason University
[12] cryptovirology.com page on OpenSSL RSA backdoor

[13] Jargon File entry for backdoor at catb.org, describes
Thompson compiler hack
[14] Mick Stutes answer to "What is a coders worst nightmare?", Quora describes a case in 1989.
[15] Compile-a-virus W32/Induc-A Sophos labs on the discovery of the Induc-A virus
[16] Wheeler 2009.
[17] Unmasking Free Premium WordPress Plugins. Sucuri
Blog. Retrieved 3 March 2015.
Chapter 4
Black hat
Blackhat redirects here.
Blackhat (lm).
For the 2015 lm, see
A black hat hacker is a hacker who violates computer

security for little reason beyond maliciousness or for personal gain (Moore, 2005).[1] Black hat hackers form the
stereotypical, illegal hacking groups often portrayed in
popular culture, and are the epitome of all that the public
fears in a computer criminal.[2] Black hat hackers break
into secure networks to destroy, modify, or steal data; or
to make the network unusable for those who are authorized to use the network. Black hat hackers are also referred to as the crackers within the security industry and
by modern programmers. Crackers keep the awareness
of the vulnerabilities to themselves and do not notify the
general public or the manufacturer for patches to be applied. Individual freedom and accessibility is promoted
over privacy and security. Once they have gained control
over a system, they may apply patches or xes to the system only to keep their reigning control. Richard Stallman
invented the denition to express the maliciousness of a
criminal hacker versus a white hat hacker who performs
hacking duties to identify places to repair.[3]
4.1 References
[1] Moore, Robert (2005). Cybercrime: Investigating High
Technology Computer Crime. Matthew Bender & Company. p. 258. ISBN 1-59345-303-5.Robert Moore
[2] Moore, Robert (2006). Cybercrime: Investigating HighTechnology Computer Crime (1st ed.). Cincinnati, Ohio:
Anderson Publishing. ISBN 978-1-59345-303-9.
[3] O'Brien, Marakas, James, George (2011). Management
Information Systems. New York, NY: McGraw-Hill/ Irwin. pp. 536537. ISBN 978-0-07-752217-9.
4.2 See also

Hacker (computer security)
21
Chapter 5
Black Hat Briengs

hosted the National Security Agency's information assurance manager course, and various courses by Cisco Systems, Oensive Security, and others.[5][6]
The Briengs are composed of tracks, covering various
topics including reverse engineering, identity and privacy,
and hacking. The briengs also contain keynote speeches
from leading voices in the information security eld, including Kevin Mitnick, Robert Lentz Chief Security Ofcer, United States Department of Defense; Michael
Lynn; Amit Yoran, former Director of the National Cyber Security Division of the Department of Homeland
Security;[2][7] and General Keith B. Alexander, former
Director of the National Security Agency and former
commander of the United States Cyber Command.[8]
Michael Lynn presenting a brieng in 2005
Black Hat Briengs is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with
hackers. The Briengs take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo.[1] An event dedicated to the US federal agencies is organized in Washington, D.C.[2]
5.3 Conferences topics

USA :
July - August 2009 : MCS-ATL vulnerabilities // attack
against MD2 - Breaking SSL ... validation certicate ...[9]
July - August 2010 : Cloudcracker ...
(wpacracker.com service)[10]
such as
July 27 - August 1, 2013 : Android hacking : application

and root
5.1 History
Black Hat was founded in 1997 by Je Moss, who also
founded DEF CON. Today, Moss is the Conference
Chair of the Black Hat Review Board.[3] These are considered the premier information security conferences in
the world. Black Hat started as a single annual conference in Las Vegas, Nevada and is now held in multiple
locations around the world.[4]
5.4 New conference goals
5.2 The conference
5.5 Antics and disclosures
The conference is composed of two major sections, the

Black Hat Briengs, and Black Hat Trainings. Training is
oered by various computer security vendors, in eort to
keep the conference vendor-neutral. The conference has
Black Hat is known for the antics of its hacker contingent,

and the disclosures brought in its talks. Conference attendees have been known to hijack wireless connections of
the hotels, hack hotel TV billing systems, and even hack
There is now more focus on tools that can be used or protected, so a new type of conferences called Black Hat Arsenal Briengs has been added since 2011.[11] See here
Blackhat Arsenal Archives since 2011 on ToolsWatch
website.[12]
22
5.8. EXTERNAL LINKS

the automated teller machine in a hotel lobby. In 2009,
web sites belonging to a handful of security researchers
and groups were hacked and passwords, private e-mails,
IM chats, and sensitive documents were exposed on the
vandalized site of Dan Kaminsky, days before the conference. During Black Hat 2009, a USB thumb drive that
was passed around among attendees was found to be infected with the Concker virus, and in 2008, three men
were expelled for packet sning the press room local area
network.[13]
23
[11] https://www.blackhat.com/html/bh-us-11/
bh-us-11-arsenal.html
[12] https://www.toolswatch.org/category/arsenal/
[13] Hanging with hackers can make you paranoid. CNN. 4
August 2009.
[14] Security Expert: PC Media Players Full of Holes. Fox
News. 3 August 2007.
[15] Microsoft Dares Security Experts to Find Holes in Windows Vista. Fox News. 4 August 2006.
In the past, companies have attempted to ban researchers

from disclosing vital information about their products. [16] Microsoft Challenges Hackers On Vista. CBS News. 3
At Black Hat 2005, Cisco Systems tried to stop Michael
August 2006.
Lynn from speaking about a vulnerability that he said
could let hackers virtually shut down the Internet.[2] How- [17] Associated Press (2 August 2009). Hackers expose
weakness in trusted sites - Technology & science - Secuever, in recent years, researchers have worked with venrity. NBC News. Retrieved 2014-10-09.
dors to resolve issues, and some vendors have challenged
[14][15][16][17]
hackers to attack their products.
5.8 External links

5.6 See also
Hacker conference
Chaos Communication Congress
Summercon
Positive Hack Days
5.7 References
[1] https://www.blackhat.com/html/archives.html
[2] Computer Security Conferences Attract Both Hackers,
Anti-Hackers. Fox News. 4 August 2006.
[3] http://www.blackhat.com/review-board.html
[4] http://www.blackhat.com/html/bh-about/about.html
[5] http://www.blackhat.com/html/bh-dc-09/
train-bh-dc-09-index.html
[6] http://www.blackhat.com/html/bh-europe-09/
train-bh-eu-09-index.html
[7] http://news.prnewswire.com/ViewContent.aspx?
ACCT=109&STORY=/www/story/07-10-2009/
0005057983&EDATE=
[8] Commander of U.S. Cyber Command and National Security Agency Director, General Keith Alexander, To
Keynote Day One of Black Hat USA 2013 (Press release). WWBT-TV NBC 12, WorldNow (Gannaway).
May 14, 2013. Retrieved June 13, 2013.
[9] http://blogs.cisco.com/security/black_hat_usa_2009_
summary/
[10] http://blogs.cisco.com/security/black_hat_usa_2010_
summary1/
Ocial website
Chapter 6
Botnet
A botnet is a number of Internet-connected computers
communicating with other similar machines in an eort
to complete repetitive tasks and objectives. This can be
as mundane as keeping control of an Internet Relay Chat
(IRC) channel, or it could be used to send spam email or
participate in distributed denial-of-service attacks. The
word botnet is a combination of the words robot and
network. The term is usually used with a negative or malicious connotation.
6.1 Types of botnets

6.1.1
The rst botnet was rst acknowledged and exposed by

Earthlink during a lawsuit with notorious spammer Khan
C. Smith[3] in 2001 for the purpose of bulk spam accounting for nearly 25% of all spam at the time.
Legal botnets
The term botnet is widely used when several IRC bots

have been linked and may possibly set channel modes
on other bots and users while keeping IRC channels free
from unwanted users. This is where the term is originally
from, since the rst illegal botnets were similar to legal
botnets. A common bot used to set up botnets on IRC is
eggdrop.
6.1.2
running a Trojan horse program, which may come from

an email attachment. This malware will typically install
modules that allow the computer to be commanded and
controlled by the botnets operator. Many computer users
are unaware that their computer is infected with bots.[2]
Depending on how it is written, a Trojan may then delete
itself, or may remain present to update and maintain the
modules.
Illegal botnets
Botnets sometimes compromise computers whose security defenses have been breached and control conceded
to a third party. Each such compromised device, known
as a "bot", is created when a computer is penetrated by
software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network
protocols such as IRC and Hypertext Transfer Protocol
(HTTP).[1]
6.2 Recruitment
Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by
luring users into making a drive-by download, exploiting
web browser vulnerabilities, or by tricking the user into
6.3 Organization
While botnets are often named after the malware that created them, multiple botnets typically use the same malware, but are operated by dierent entities.[4]
A botnets originator (known as a "bot herder" or bot
master) can control the group remotely, usually through
IRC, and often for criminal purposes. This server is
known as the command-and-control (C&C) server.
Though rare, more experienced botnet operators program command protocols from scratch. These protocols include a server program, a client program for operation, and the program that embeds the client on the
victims machine. These communicate over a network,
using a unique encryption scheme for stealth and protection against detection or intrusion into the botnet.
A bot typically runs hidden and uses a covert channel
(e.g. the RFC 1459 (IRC) standard, Twitter, or IM) to
communicate with its C&C server. Generally, the perpetrator has compromised multiple systems using various tools (exploits, buer overows, as well as others; see
also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities
and weak passwords. Generally, the more vulnerabilities
a bot can scan and propagate through, the more valuable
it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a botnet is sometimes referred to
as scrumping.
24
6.5. TYPES OF ATTACKS

Botnet servers are typically redundant, linked for greater
redundancy so as to reduce the threat of a takedown. Actual botnet communities usually consist of one or several controllers that rarely have highly developed command hierarchies; they rely on individual peer-to-peer
relationships.[5]
25
mining bitcoins, spamdexing, and the theft of application
serial numbers, login IDs, and nancial information such
as credit card numbers.
The botnet controller community features a constant and

continuous struggle over who has the most bots, the highest overall bandwidth, and the most high-quality inBotnet architecture evolved over time, and not all bot- fected machines, like university, corporate, and even govnets exhibit the same topology for command and control. ernment machines.[8]
Advanced topology is more resilient to shutdown, enumeration or discovery. However, some topologies limit
the marketability of the botnet to third parties.[6] Typical 6.5 Types of attacks
botnet topologies are Star, Multi-server, Hierarchical and
Random.
In distributed denial-of-service attacks, multiple
To thwart detection, some botnets are scaling back in size.
systems submit as many requests as possible to a
As of 2006, the average size of a network was estimated
single Internet computer or service, overloading it
at 20,000 computers.[7]
and preventing it from servicing legitimate requests.
An example is an attack on a victims phone number. The victim is bombarded with phone calls by
the bots, attempting to connect to the Internet.
6.4 Formation
This example illustrates how a botnet is created and used
to send email spam.
Adware advertises a commercial oering actively

and without the users permission or awareness, for
example by replacing banner ads on web pages with
those of another advertiser.
Spyware is software which sends information to its
creators about a users activities typically passwords, credit card numbers and other information
that can be sold on the black market. Compromised
machines that are located within a corporate network can be worth more to the bot herder, as they
can often gain access to condential corporate information. Several targeted attacks on large corporations aimed to steal sensitive information, such as
the Aurora botnet.[9]
How a botnet works
1. A botnet operator sends out viruses or worms, infecting ordinary users computers, whose payload is
a malicious applicationthe bot.
2. The bot on the infected PC logs into a particular
C&C server.
E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious.
Click fraud occurs when the users computer visits
websites without the users awareness to create false
web trac for personal or commercial gain.
Fast ux is a DNS technique used by botnets to hide
phishing and malware delivery sites behind an everchanging network of compromised hosts acting as
proxies.
3. A spammer purchases the services of the botnet

from the operator.
Brute-forcing remote machines services such as

FTP, SMTP and SSH.
4. The spammer provides the spam messages to the operator, who instructs the compromised machines via
the control panel on the web server, causing them to
send out spam messages.
Worms. The botnet focuses on recruiting other

hosts.
Botnets can be exploited for various other purposes, including denial-of-service attacks, creation or misuse of
SMTP mail relays for spam (see Spambot), click fraud,
Scareware is software that is marketed by creating

fear in users. Once installed, it can install malware
and recruit the host into a botnet. For example users
can be induced to buy a rogue anti-virus to regain
access to their computer.[10]
26
CHAPTER 6. BOTNET
Exploiting systems by observing users playing online tempts to investigate them, reacting perhaps with a DDoS
games such as poker and see the players cards.[11]
attack on the IP address of the investigator.
Researchers at Sandia National Laboratories are analyzing botnets behavior by simultaneously running one million Linux kernelsa similar scale to a botnetas virtual
6.6 Countermeasures
machines on a 4,480-node high-performance computer
cluster to emulate a very large network, allowing them
The geographic dispersal of botnets means that each reto watch how botnets work and experiment with ways to
cruit must be individually identied/corralled/repaired
stop them.[14]
and limits the benets of ltering. Some botnets use free
DNS hosting services such as DynDns.org, No-IP.com,
and Afraid.org to point a subdomain towards an IRC
server that harbors the bots. While these free DNS ser- 6.7 Historical list of botnets
vices do not themselves host attacks, they provide reference points (often hard-coded into the botnet executable).
Researchers at the University of California, Santa
Removing such services can cripple an entire botnet.
Barbara took control of a botnet that was six times
Some botnets implement custom versions of well-known
smaller than expected. In some countries, it is comprotocols. The implementation dierences can be used
mon that users change their IP address a few times
for detection of botnets. For example, Mega-D features a
in one day. Estimating the size of the botnet by the
slightly modied SMTP protocol implementation for testnumber of IP addresses is often used by researchers,
ing spam capability. Bringing down the Mega-D's SMTP
possibly leading to inaccurate assessments.[37]
server disables the entire pool of bots that rely upon the
same SMTP server.[12]
The botnet server structure mentioned above has inherent
vulnerabilities and problems. For example, nding one 6.8 Trivia
server with one botnet channel can often reveal the other
servers, as well as their bots. A botnet server structure On 4chans technology board, the term botnet is often
that lacks redundancy is vulnerable to at least the tempo- used to indicate proprietary software, bloatware, and even
rary disconnection of that server. However, recent IRC online services with dubious privacy practices.
server software includes features to mask other connected
servers and bots, eliminating that approach.
Security companies such as Aerent Security Labs,
Symantec, Trend Micro, FireEye, Umbra Data, Cyren,
and Damballa have announced oerings to counter botnets. Norton AntiBot was aimed at consumers, but most
target enterprises and/or ISPs. Host-based techniques use
heuristics to identify bot behavior that has bypassed conventional anti-virus software. Network-based approaches
tend to use the techniques described above; shutting down
C&C servers, nullrouting DNS entries, or completely
shutting down IRC servers. BotHunter is software, developed with support from the U.S. Army Research Oce,
that detects botnet activity within a network by analysing
network trac and comparing it to patterns characteristic
of malicious processes.
Some newer botnets are almost entirely P2P. Command
and control is embedded into the botnet rather than relying on external servers, thus avoiding any single point
of failure and evading many countermeasures.[13] Commanders can be identied just through secure keys, and
all data except the binary itself can be encrypted. For
example, a spyware program may encrypt all suspected
passwords with a public key that is hard-coded into it, or
distributed with the bot software. Only with the private
key (known only by the botnet operators) can the data
captured by the bot be read.
Some botnets are capable of detecting and reacting to at-
6.9 See also

Anti-spam techniques (e-mail)
Command and control (malware)
Computer worm
DoSnet
E-mail address harvesting
E-mail spam
List poisoning
Spambot
Spamtrap
Zombie computer
4chan
6.10. REFERENCES
27
6.10 References
[1] Ramneek, Puri (2003-08-08). Bots &; Botnet: An
Overview (PDF). SANS Institute. Retrieved 12 November 2013.
[2] Teresa Dixon Murray. Banks can't prevent cyber attacks
like those hitting PNC, Key, U.S. Bank this week. Cleveland.com. Retrieved 2 September 2014.
[3] Credeur, Mary. Atlanta Business Chronicle, Sta
Writer. bizjournals.com. Retrieved 22 July 2002.
[4] Many-to-Many Botnet Relationships, Damballa, 8 June
2009.
[5] what is a Botnet trojan?". DSL Reports. Retrieved 7
April 2011.
[6] Botnet Communication Topologies, Damballa, 10 June
2009.
[7] Hackers Strengthen Malicious Botnets by Shrinking
Them (PDF). Computer; News Briefs (IEEE Computer
Society). April 2006. Retrieved 12 November 2013. The
size of bot networks peaked in mid-2004, with many using
more than 100,000 infected machines, according to Mark
Sunner, chief technology ocer at MessageLabs.The average botnet size is now about 20,000 computers, he said.
[8] Trojan horse, and Virus FAQ. DSLReports. Retrieved
7 April 2011.
[9] Operation Aurora The Command Structure.
Damballa.com. Retrieved 30 July 2010.
[10] Larkin, Erik (2009-02-10). Fake Infection Warnings
Can Be Real Trouble. PCWorld. Retrieved 10 November 2011.
[11] 8 Jul 2010 (2010-07-08). Korean Poker Hackers Arrested. Poker.gamingsupermarket.com. Retrieved 10
November 2011.
[12] C.Y. Cho, D. Babic, R. Shin, and D. Song. Inference and
Analysis of Formal Models of Botnet Command and Control Protocols, 2010 ACM Conference on Computer and
Communications Security.
[13] Wang, Ping et al (2010). Peer-to-peer botnets. In
Stamp, Mark & Stavroulakis, Peter. Handbook of Information and Communication Security. Springer. ISBN
9783642041174.
[14] Researchers Boot Million Linux Kernels to Help Botnet
Research. IT Security & Network Security News. 200908-12. Retrieved 23 April 2011.
[19] Cmo detectar y borrar el rootkit TDL4

(TDSS/Alureon)". kasperskytienda.es. 2011-07-03.
Retrieved 11 July 2011.
[20] Americas 10 most wanted botnets. Networkworld.com.
2009-07-22. Retrieved 10 November 2011.
[21] Pushdo Botnet New DDOS attacks on major web sites
Harry Waldron IT Security. Msmvps.com. 201002-02. Retrieved 30 July 2010.
[22] Sality: Story of a Peer-to-Peer Viral Network (PDF).
Symantec. 2011-08-03. Retrieved 12 January 2012.
[23] Research: Small DIY botnets prevalent in enterprise networks. ZDNet. Retrieved 30 July 2010.
[24] Warner, Gary (2010-12-02). Oleg Nikolaenko, Mega-D
Botmaster to Stand Trial. CyberCrime & Doing Time.
Retrieved 6 December 2010.
[25] New Massive Botnet Twice the Size of Storm Security/Perimeter. DarkReading. Retrieved 30 July 2010.
[26] Technology | Spam on rise after brief reprieve. BBC
News. 2008-11-26. Retrieved 24 April 2010.
[27] Symantec.cloud | Email Security, Web Security, Endpoint Protection, Archiving, Continuity, Instant Messaging Security (PDF). Messagelabs.com. Retrieved 201401-30.
[28] Chuck Miller (2009-05-05). Researchers hijack control of Torpig botnet. SC Magazine US. Retrieved 10
November 2011.
[29] Storm Worm network shrinks to about one-tenth of its
former size. Tech.Blorge.Com. 2007-10-21. Retrieved
30 July 2010.
[30] Chuck Miller (2008-07-25). The Rustock botnet spams
again. SC Magazine US. Retrieved 30 July 2010.
[31] Spam Botnets to Watch in 2009 | Dell SecureWorks.
Secureworks.com. Retrieved 16 January 2012.
[32] Discovered: Botnet Costing Display Advertisers over Six
Million Dollars per Month. Spider.io. 2013-03-19. Retrieved 21 March 2013.
[33] Waledac botnet 'decimated' by MS takedown. The Register. 2010-03-16. Retrieved 23 April 2011.
[34] Gregg Keizer (2008-04-09). Top botnets control 1M hijacked computers. Computerworld. Retrieved 23 April
2011.
[35] Botnet sics zombie soldiers on gimpy websites. The
Register. 2008-05-14. Retrieved 23 April 2011.
[15] http://phys.org/news/
2015-02-eu-police-malicious-network.html
[16] Infosecurity (UK) - BredoLab downed botnet linked with
Spamit.com. .canada.com. Retrieved 10 November
2011.
[17] How FBI, police busted massive botnet.
ter.co.uk. Retrieved 3 March 2010.
[18] Calculating the Size of the Downadup Outbreak FSecure Weblog : News from the Lab. F-secure.com.
2009-01-16. Retrieved 24 April 2010.
theregis-
[36] New Zealand teenager accused of controlling botnet of

1.3 million computers. The H security. 2007-11-30. Retrieved 12 November 2011.
[37] Espiner, Tom (2011-03-08). Botnet size may be exaggerated, says Enisa | Security Threats | ZDNet UK. Zdnet.com. Retrieved 10 November 2011.
28
6.11 External links

Wired.com How-to: Build your own botnet with
open source software
The Honeynet Project & Research Alliance, Know
your Enemy: Tracking Botnets.
The Shadowserver Foundation - An all volunteer
security watchdog group that gathers, tracks, and
reports on malware, botnet activity, and electronic
fraud.
NANOG Abstract: Botnets - John Kristos
NANOG32 Botnets presentation.
Mobile botnets - An economic and technological assessment of mobile botnets.
Lowkeysoft - Intrusive analysis of a web-based
proxy botnet (including administration screenshots).
EWeek.com - Is the Botnet Battle Already Lost?.
Attack of the Bots at Wired
Dark Reading - Botnets Battle Over Turf.
ATLAS Global Botnets Summary Report - Realtime database of malicious botnet command and
control servers.
FBI LAX Press Release DOJ - FBI April 16, 2008
Milcord Botnet Defense - DHS-sponsored R&D
project that uses machine learning to adaptively detect botnet behavior at the network-level
A Botnet by Any Other Name - SecurityFocus column by Gunter Ollmann on botnet naming.
Botnet Bust - SpyEye Malware Mastermind Pleads
Guilty, FBI
CHAPTER 6. BOTNET
Chapter 7
Computer crime
Computer crime, or cybercrime, is any crime that involves a computer and a network.[1] The computer may
have been used in the commission of a crime, or it
may be the target.[2] Netcrime is criminal exploitation
of the Internet, inherently a cybercrime.[3] Dr. Debarati
Halder and Dr. K. Jaishankar (2011) dene Cybercrimes
as: Oences that are committed against individuals or
groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental harm, or loss, to the victim directly or indirectly,
using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups)
and mobile phones (SMS/MMS)".[4] Such crimes may
threaten a nations security and nancial health.[5] Issues
surrounding these types of crimes have become highprole, particularly those surrounding hacking, copyright
infringement, child pornography, and child grooming.
There are also problems of privacy when condential information is intercepted or disclosed, lawfully or otherwise. Dr.Debarati Halder and Dr.K.Jaishankar(2011)
further dene cybercrime from the perspective of gender
and dened 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm
the victim psychologically and physically, using modern
telecommunication networks such as internet and mobile
phones.[4]
7.1 Classication
Computer crime encompasses a broad range of activities.
7.1.1 Fraud and nancial crimes

Computer fraud is any dishonest misrepresentation of fact
intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will
result in obtaining a benet by:
Altering in an unauthorized way. This requires little
technical expertise and is common form of theft by
employees altering the data before entry or entering
false data, or by entering unauthorized instructions
or using unauthorized processes;
Altering, destroying, suppressing, or stealing output,
usually to conceal unauthorized transactions. This is
dicult to detect;
Altering or deleting stored data;
Other forms of fraud may be facilitated using computer

An Australian nationwide survey conducted in 2006 systems, including bank fraud, identity theft, extortion,
found that two in three convicted cybercriminals were be- and theft of classied information.
tween the ages of 15 and 26.
A variety of internet scams, many based on phishing and
Internationally, both governmental and non-state actors social engineering, target consumers and businesses.
engage in cybercrimes, including espionage, nancial
theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least 7.1.2 Cyberterrorism
one nation state is sometimes referred to as cyberwarfare.
The international legal system is attempting to hold actors Main article: Cyberterrorism
accountable for their actions through the International
Criminal Court.[6]
Government ocials and Information Technology secuA report (sponsored by McAfee) estimates the annual rity specialists have documented a signicant increase
damage to the global economy at $445 billion;[7] how- in Internet problems and server scans since early 2001.
ever, a Microsoft report shows that such survey-based es- But there is a growing concern among federal ocials
timates are hopelessly awed and exaggerate the true that such intrusions are part of an organized eort by
losses by orders of magnitude.[8] Approximately $1.5 bil- cyberterrorists, foreign intelligence services, or other
lion was lost in 2012 to online credit and debit card fraud groups to map potential security holes in critical systems.
in the US.[9]
A cyberterrorist is someone who intimidates or coerces a
29
30
CHAPTER 7. COMPUTER CRIME
government or organization to advance his or her political

or social objectives by launching a computer-based attack
against computers, networks, or the information stored on
them.
through several recent events of geo-strategic signicance. Among those are included, the attack on Estonia's
infrastructure in 2007, allegedly by Russian hackers. In
August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic
and non-kinetic campaign against the country of Georgia.
Fearing that such attacks may become the norm in future
warfare among nation-states, the concept of cyberspace
operations impacts and will be adapted by warghting
military commanders in the future.[12]
Cyberterrorism in general, can be dened as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks
during the holidays can be considered cyberterrorism. As
well there are also hacking activities directed towards individuals, families, organized by groups within networks,
tending to cause fear among people, demonstrate power,
7.1.5 Computer as a target
collecting information relevant for ruining peoples lives,
robberies, blackmailing etc.[10]
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these
crimes requires the technical knowledge of the perpetra7.1.3 Cyberextortion
tors. These crimes are relatively new, having been in existence for only as long as computers have - which exCyberextortion occurs when a website, e-mail server, or plains how unprepared society and the world in general
computer system is subjected to repeated denial of ser- is towards combating these crimes. There are numerous
vice or other attacks by malicious hackers, who demand crimes of this nature committed daily on the internet:
money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyberex- Crimes that primarily target computer networks or detortionists are increasingly attacking corporate websites vices include:
and networks, crippling their ability to operate and de Computer viruses
manding payments to restore their service. More than 20
cases are reported each month to the FBI and many go
Denial-of-service attacks
unreported in order to keep the victims name out of the
public domain. Perpetrators typically use a distributed
Malware (malicious code)
denial-of-service attack.[11]
An example of cyberextortion was the attack on Sony Pic7.1.6
tures of 2014.
7.1.4
Cyberwarfare
Computer as a tool
When the individual is the main target of cybercrime,

the computer can be considered as the tool rather than
the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited.
The damage dealt is largely psychological and intangible,
making legal action against the variants more dicult.
These are the crimes which have existed for centuries in
the oine world. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool
which increases his potential pool of victims and makes
him all the harder to trace and apprehend.[13]
Crimes that use computer networks or devices to advance
other ends include:
Sailors analyze, detect and defensively respond to unauthorized

activity within U.S. Navy information systems and computer networks
Fraud and identity theft (although this increasingly

uses malware, hacking and/or phishing, making it
an example of both computer as target and computer as tool crime)
Main article: Cyberwarfare
Information warfare
The U.S. Department of Defense (DoD) notes that

the cyberspace has emerged as a national-level concern
Phishing scams
Spam
7.1. CLASSIFICATION
31
Propagation of illegal obscene or oensive content, sentence according to the U.S. Sentencing Guidelines
including harassment and threats
Manual 2G1.3(b)(3)[17] for his use of a cell phone to
persuade, induce, entice, coerce, or facilitate the travel
The unsolicited sending of bulk email for commercial of, the minor to engage in prohibited sexual conduct.
Kramer argued that this claim was insucient because
purposes (spam) is unlawful in some jurisdictions.
his charge included persuading through a computer dePhishing is mostly propagated via email. Phishing emails vice and his cellular phone technically is not a computer.
may contain links to other websites that are aected by Although Kramer tried to argue this point, U.S. Senmalware.[14] Or, they may contain links to fake online tencing Guidelines Manual states that the term computer
banking or other websites used to steal private account means an electronic, magnetic, optical, electrochemical,
information.
or other high speed data processing device performing
logical, arithmetic, or storage functions, and includes
any data storage facility or communications facility diObscene or oensive content
rectly related to or operating in conjunction with such
[18]
The content of websites and other electronic communica- device.
tions may be distasteful, obscene or oensive for a variety Connecticut was the rst state to pass a statute making
of reasons. In some instances these communications may it a criminal oense to harass someone by computer.
be legal.
Michigan, Arizona, and Virginia and South Carolina[19]
Over 25 jurisdictions within the USA place limits on cer- have also passed laws banning harassment by electronic
[20][21]
tain speech and ban racist, blasphemous, politically sub- means.
versive, libelous or slanderous, seditious, or inammatory Harassment as dened in the U.S. computer statutes is
material that tends to incite hate crimes.
typically distinct from cyberbullying, in that the former
The extent to which these communications are unlawful usually relates to a persons use a computer or computer
varies greatly between countries, and even within nations. network to communicate obscene, vulgar, profane, lewd,
It is a sensitive area in which the courts can become in- lascivious, or indecent language, or make any suggestion
volved in arbitrating between groups with strong beliefs. or proposal of an obscene nature, or threaten any illegal or
immoral act, while the latter need not involve anything
One area of Internet pornography that has been the target of a sexual nature.
of the strongest eorts at curtailment is child pornography.
Threats
Harassment Whereas content may be oensive in
a non-specic way, harassment directs obscenities and
derogatory comments at specic individuals focusing for
example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyberbullying, cyberstalking, hate crime, online
predator, and stalking). Any comment that may be
found derogatory or oensive is considered harassment.
Harassment targeting women and children in the internet also includes revenge pornography. Dr.Debarati
Halder and Dr.K.Jaishankar (2013) dened online revenge pornography as an act whereby the perpetrator
satises his anger and frustration for a broken relationship through publicising false, sexually provocative portrayal of his/her victim, by misusing the information that
he may have known naturally, and that he may have stored
in his personal computer, or may have been conveyed to
his electronic device by the victim herself, or may have
been stored in the device with the consent of the victim
herself; and which may essentially have been done to publicly defame the victim..[15][16]
There are instances where committing a crime, which involves the use of a computer, can lead to an enhanced
sentence. For example, in the case of United States
v. Neil Scott Kramer, Kramer was served an enhanced
Main article: Intimidation

Although freedom of speech is protected by law in most
democratic societies (in the US this is done by the First
Amendment), it does not include all types of speech. In
fact spoken or written true threat speech/text is criminalized because of intent to harm or intimidate, that
also applies for online or any type of network related
threats in written text or speech.[22] The US Supreme
Court denition of true threat is statements where the
speaker means to communicate a serious expression of an
intent to commit an act of unlawful violence to a particular individual or group.[22]
Drug tracking
Drug trackers are increasingly taking advantage of the
Internet according to cyber authorities and personnel.
to sell their illegal substances through encrypted e-mail
and other Internet Technology. Some drug trackers
arrange deals at internet cafes, use courier Web sites to
track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The deep
web site Silk Road was a major online marketplace for
drugs before it was shut down by law enforcement (then
32
reopened under new management, and then shut down by bad.[25] It oers web hosting services and internet aclaw enforcement again).
cess to all kinds of criminal and objectionable activities,
The rise in Internet drug trades could also be attributed to with an individual activities earning up to $150 million in
the lack of face-to-face communication. These virtual ex- one year. It specialized in and in some cases monopolized
changes allow more intimidated individuals to more com- personal identity theft for resale. It is the originator of
fortably purchase illegal drugs. The sketchy eects that MPack and an alleged operator of the now defunct Storm
are often associated with drug trades are severely mini- botnet.
mized and the ltering process that comes with physical On 2 March 2010, Spanish investigators arrested 3 in ininteraction fades away.
fection of over 13 million computers around the world.
The botnet of infected computers included PCs inside
more than half of the Fortune 1000 companies and more
than 40 major banks, according to investigators.
7.2 Documented cases
One of the highest proled banking computer crime occurred during a course of three years beginning in 1970.
The chief teller at the Park Avenue branch of New Yorks
Union Dime Savings Bank embezzled over $1.5 million
from hundreds of accounts.[23]
In August 2010 the international investigation Operation

Delego, operating under the aegis of the Department
of Homeland Security, shut down the international
pedophile ring Dreamboard. The website had approximately 600 members, and may have distributed up to
123 terabytes of child pornography (roughly equivalent
to 16,000 DVDs). To date this is the single largest U.S.
prosecution of an international child pornography ring;
52 arrests were made worldwide.[26]
A hacking group called MOD (Masters of Deception),

allegedly stole passwords and technical data from Pacic
Bell, Nynex, and other telephone companies as well
as several big credit agencies and two major universi- On March 1, 2011 at Lassiter High School, two students
ties. The damage caused was extensive, one company, were accused of impersonation of a sta member via cySouthwestern Bell suered losses of $370,000 alone.[23] bercrime, but both claimed they were uninvolved. The
oense was made a felony in the Cobb County School
In 1983, a nineteen-year-old UCLA student used his PC District two months after the impersonation had hapto break into a Defense Department international com- pened. Shortly afterwards, the head of the LHS School
munications system.[23]
Board said The teacher just wouldn't do this at all. The
Between 1995 and 1998 the Newscorp satellite pay to case ended on May 9, and no evidence was found.
view encrypted SKY-TV service was hacked several In June 2012 LinkedIn and eHarmony were attacked,
times during an ongoing technological arms race between compromising 65 million password hashes. 30,000 passa pan-European hacking group and Newscorp. The orig- words were cracked and 1.5 million EHarmony passinal motivation of the hackers was to watch Star Trek re- words were posted online.[27]
runs in Germany; which was something which Newscorp
December 2012 Wells Fargo website experienced a dedid not have the copyright to allow.[24]
nial of service attack. Potentially compromising 70 milOn 26 March 1999, the Melissa worm infected a docu- lion customers and 8.5 million active viewers. Other
ment on a victims computer, then automatically sent that banks thought to be compromised: Bank of America, J.
document and a copy of the virus spread via e-mail to P. Morgan U.S. Bank, and PNC Financial Services.[28]
other people.
In January 2012 Zappos.com experienced a security
In February 2000, an individual going by the alias of breach after as many as 24 million customers credit card
MaaBoy began a series denial-of-service attacks against numbers, personal information, billing and shipping adhigh prole websites, including Yahoo!, Amazon.com, dresses had been compromised.[29]
Dell, Inc., E*TRADE, eBay, and CNN. About fty computers at Stanford University, and also computers at the April 23, 2013 saw the Associated Press Twitter acUniversity of California at Santa Barbara, were amongst counts hacking to release a hoax tweet about ctional
the zombie computers sending pings in DDoS attacks. attacks in the White House that left President Obama
[30]
On 3 August 2000, Canadian federal prosecutors charged injured. This erroneous tweet resulted in a brief plunge
MaaBoy with 54 counts of illegal access to computers, of 130 points from the Dow Jones Industrial Average, re[31]
and the
plus a total of ten counts of mischief to data for his at- moval of $136 billion from S&P 500 index,
temporary
suspension
of
their
Twitter
account.
The
Dow
tacks.
Jones later restored its session gains.
The Russian Business Network (RBN) was registered as
an internet site in 2006. Initially, much of its activity was
legitimate. But apparently the founders soon discovered
that it was more protable to host illegitimate activities
and started hiring its services to criminals. The RBN
has been described by VeriSign as the baddest of the
7.4. SEE ALSO
7.3 Combating computer crime

7.3.1
Diusion of Cybercrime
The broad diusion of cybercriminal activities is an issue in computer crimes detection and prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC
ISIS), technical expertise and accessibility no longer act
as barriers to entry into cybercrime.[32] Indeed, hacking is
much less complex than it was a few years ago, as hacking communities have greatly diused their knowledge
through the Internet. Blogs and communities have hugely
contributed to information sharing: beginners could benet from older hackers knowledge and advice. Furthermore, Hacking is cheaper than ever: before the cloud
computing era, in order to spam one needed a dedicated
server, skills in server management, network conguration and maintenance, knowledge of Internet service
provider standards, etc. By comparison, a mail softwareas-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and
could be easily set up for spam.[33] Jean-Loup Richet explains that cloud computing could be helpful for a cybercriminal as a way to leverage his attack - brute-forcing a
password, improve the reach of a botnet, or facilitating a
spamming campaign.[34]
7.3.2
Investigation
A computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for
criminal purposes, it may contain records of value to
criminal investigators in the form of a logle. In most
countries Internet Service Providers are required, by law,
to keep their logles for a predetermined amount of time.
For example; a European wide directive[35] (applicable to
all EU member states) states that all E-mail trac should
be retained for a minimum of 12 months.
33
United States by oering them work with this company.
Upon completion of the interview, the suspects were arrested outside of the building. Clever tricks like this are
sometimes a necessary part of catching cybercriminals
when weak legislation makes it impossible otherwise.[36]
President Barack Obama released in an executive order
in April 2015 to combat cybercrime. The executive order
allows the United States to freeze assets of convicted cybercriminals and block their economic activity within the
United States. This is some of the rst solid legislation
that combats cybercrime in this way.[37]
7.3.4 Penalties
Penalties for computer related crimes in New York State
can range from a ne and a short period of jail time for
a Class A misdemeanor such as unauthorized use of a
computer up to computer tampering in the rst degree
which is a Class C felony and can carry 3 to 15 years in
prison.[38][39]
However, some hackers have been hired as information
security experts by private companies due to their inside knowledge of computer crime, a phenomenon which
theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the internet or computers, even after they
have been released from prison though as computers
and the internet become more and more central to everyday life, this type of punishment may be viewed as more
and more harsh and draconian. However, nuanced approaches have been developed that manage cyberoender
behavior without resorting to total computer and/or Internet bans.[40] These approaches involve restricting individuals to specic devices which are subject to computer
monitoring and/or computer searches by probation and/or
parole ocers.[41]
7.4 See also

7.3.3
Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries, such
as the Philippines, laws against cybercrime are weak or
sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain
undetected. Even when identied, these criminals avoid
being punished or extradited to a country, such as the
United States, that has developed laws that allow for prosecution. While this proves dicult in some cases, agencies, such as the FBI, have uses deception and subterfuge
to catch criminals. For example, two Russian hackers
had been evading the FBI for some time. The FBI set
up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the
Computer trespass
Cyber Cyberbullying
Cyberdefamation law
Cyberheist
Cyberterrorism
Economic and Industrial Espionage
Federal Bureau of Investigation (FBI)
34
Hacking
Immigration and Customs Enforcement (ICE)
Internet homicide
Internet stalking
Internet suicide
Internet War
INTERPOL
[8] Sex, Lies and Cybercrime Surveys (PDF). Microsoft.

2011-06-15. Retrieved 2015-03-11.
[9] "#Cybercrime what are the costs to victims - North
Denver News. North Denver News. Retrieved 16 May
2015.
[10] Future Crimes. Retrieved 8 March 2015.
[11] http://www.ere-security.ca/PDF/Cyberextortion%
20by%20DoS,%20Risk%20Magazine%20June%
202006.pdf
Legal aspects of computing
[12] http://www.carlisle.army.mil/DIME/documents/War%
20is%20War%20Issue%20Paper%20Final2.pdf
List of computer criminals
[13] Cyber Crime denition.
Metasploit Project
[14] Save browsing. google.
Online predator
[15]
Organized crime
Penetration test
Personal Jurisdiction over International Defendants
in US Courts
Police National E-Crime Unit
Protected computer
Techno-thriller
United States Secret Service
White collar crime
Halder, D., & Jaishankar, K. (2013) Revenge Porn

by Teens in the United States and India: A Sociolegal Analysis. International Annals of Criminology, 51(1-2), 85-111.
[16] Revenge Porn by Teens in the United States and India: A

Socio-Legal Analysis. Retrieved 16 May 2015.
[17] 2011 U.S.
2G1.3(b)(3)".
Sentencing
Guidelines
Manual
[18] United States of America v. Neil Scott Kramer. Retrieved 2013-10-23.

[19] South Carolina. Retrieved 16 May 2015.
[20]
[21] Section 18.2-152.7:1. Code of Virginia. Legislative Information System of Virginia. Retrieved 2008-11-27.
7.5 References
[1] Moore, R. (2005) Cyber crime: Investigating HighTechnology Computer Crime, Cleveland, Mississippi:
Anderson Publishing.
[2] Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p.
392. ISBN 0-201-70719-5.
[3] David Mann And Mike Sutton (2011-11-06).
Netcrime. Bjc.oxfordjournals.org. Retrieved 2011-1110.
[4]
Halder, D., & Jaishankar, K. (2011) Cyber crime

and the Victimization of Women: Laws, Rights,
and Regulations. Hershey, PA, USA: IGI Global.
ISBN 978-1-60960-830-9
[5] Internet Security Systems. March-2005.
[22] Susan W. Brenner, Cybercrime: Criminal Threats from

Cyberspace, ABC-CLIO, 2010, pp. 91
[23] Weitzer, Ronald (2003). Current Controversies in Criminology. Upper Saddle River, New Jersey: Pearson Education Press. p. 150.
[24] David Mann
">>Netcrime.
2011-11-10.
And Mike Sutton (2011-11-06).

Bjc.oxfordjournals.org.
Retrieved
[25] A walk on the dark side. The Economist. 2007-09-30.

[26] DHS: Secretary Napolitano and Attorney General Holder
Announce Largest U.S. Prosecution of International
Criminal Network Organized to Sexually Exploit Children. Dhs.gov. Retrieved 2011-11-10.
[27] Salvador Rodriguez (June 6, 2012). Like LinkedIn,
eHarmony is hacked; 1.5 million passwords stolen. Los
Angeles Times.
[6] Cyber Warfare And The Crime Of Aggression: The

Need For Individual Accountability On TomorrowS Battleeld. Law.duke.edu. Retrieved 2011-11-10.
[28] Rick Rothacker (Oct 12, 2012). Cyber attacks against

Wells Fargo signicant, handled well: CFO. Reuters.
[7] Cyber crime costs global economy $445 billion a year:

report. Reuters. 2014-06-09. Retrieved 2014-06-17.
[29] DAVID K. LI (January 17, 2012). Zappos cyber attack.

New York Post.
7.6. FURTHER READING
[30] AP Twitter Hack Falsely Claims Explosions at White

House. Samantha Murphy. April 23, 2013. Retrieved
April 23, 2013.
[31] Fake Tweet Erasing $136 Billion Shows Markets Need
Humans. Bloomberg. April 23, 2013. Retrieved April
23, 2013.
[32] Richet, Jean-Loup (2013). From Young Hackers to
Crackers. International Journal of Technology and Human Interaction 9 (1).
[33] Richet, Jean-Loup (2011). Adoption of deviant behavior and cybercrime Know how diusion. York Deviancy
Conference.
[34] Richet, Jean-Loup (2012). How to Become a Black Hat
Hacker? An Exploratory Study of Barriers to Entry Into
Cybercrime.. 17th AIM Symposium.
[35] Data Retention (EC Directive) Regulations SI 2007/2199
[36] Kshetri, Nir. Diusion and Eects of Cyber Crime in
Developing Countries.
[37] Northam, Jackie. U.S. Creates First Sanctions Program
Against Cybercriminals.
[38] Kenni, Raiser. New York Internet Crimes Laws.
[39] Computer fraud charges in New York. May 2011. Bukh
Law Firm, PC - 14 Wall St, New York NY 10005 - (212)
729-1632. New York computer fraud lawyer
[40] Managing the Risks Posed by Oender Computer
Use, Perspectives, December 2011,http://appaweb.csg.
org/Perspectives/Perspectives_V35_N4_P40.pdf
[41] Bowker, Art (2012). The Cybercrime Handbook for Community Corrections: Managing Risk in the 21st Century.
Springeld: Thomas. ISBN 9780398087289.
7.6 Further reading

Balkin, J., Grimmelmann, J., Katz, E., Kozlovski,
N., Wagman, S. & Zarsky, T. (2006) (eds) Cybercrime: Digital Cops in a Networked Environment,
New York University Press, New York.
Bowker, Art (2012) The Cybercrime Handbook
for Community Corrections: Managing Risk in the
21st Century Charles C. Thomas Publishers, Ltd.
Springeld.
Brenner, S. (2007) Law in an Era of Smart Technology, Oxford: Oxford University Press
Csonka P. (2000) Internet Crime; the Draft council
of Europe convention on cyber-crime: A response
to the challenge of crime in the age of the internet?
Computer Law & Security Report Vol.16 no.5.
Easttom C. (2010) Computer Crime Investigation
and the Law
35
Fanski, S. (2009) Computer Misuse: Response, regulation and the law Cullompton: Willan
Glenny, Misha, DarkMarket : cyberthieves, cybercops, and you, New York, NY : Alfred A. Knopf,
2011. ISBN 978-0-307-59293-4
Grabosky, P. (2006) Electronic Crime, New Jersey:
Prentice Hall
Halder, D., & Jaishankar, K. (2011) Cyber crime
and the Victimization of Women: Laws, Rights, and
Regulations. Hershey, PA, USA: IGI Global. ISBN
978-1-60960-830-9
Jaishankar, K. (Ed.) (2011). Cyber Criminology:
Exploring Internet Crimes and Criminal behavior.
Boca Raton, FL, USA: CRC Press, Taylor and Francis Group.
McQuade, S. (2006) Understanding and Managing
Cybercrime, Boston: Allyn & Bacon.
McQuade, S. (ed) (2009) The Encyclopedia of Cybercrime, Westport, CT: Greenwood Press.
Parker D (1983) Fighting Computer Crime, U.S.:
Charles Scribners Sons.
Pattavina, A. (ed) Information Technology and the
Criminal Justice System, Thousand Oaks, CA: Sage.
Paul Taylor. Hackers: Crime in the Digital Sublime
(November 3, 1999 ed.). Routledge; 1 edition. p.
200. ISBN 0-415-18072-4.
Robertson, J. (2010, March 2). Authorities bust 3 in
infection of 13m computers. Retrieved March 26,
2010, from Boston News: Boston.com
Walden, I. (2007) Computer Crimes and Digital Investigations, Oxford: Oxford University Press.
Roln, Daro N. Control, vigilancia y respuesta penal en el ciberespacio, Latin Americans New Security Thinking, Clacso, 2014, pp. 167/182
Richet, J.L. (2013) From Young Hackers to Crackers, International Journal of Technology and Human
Interaction (IJTHI), 9(3), 53-62.
Wall, D.S. (2007) Cybercrimes: The transformation
of crime in the information age, Cambridge: Polity.
Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online, Routledge, London.
Yar, M. (2006) Cybercrime and Society, London:
Sage.
36
7.7 External links

Centre for Cyber Victim Counselling (CCVC)
The American Society of Digital Forensics & eDiscovery - Cybercrime Information
A Guide to Computer
gal.practitioner.com
Crime
from
le-
International Journal of Cyber Criminology

Virtual Forum Against Cybercrime
High Technology Crime Investigation Association
Computer Crime Research Center
CyberCrime Asia Research Center - Information
about computer crime, Internet fraud and CyberTerrorism in Asia
Information and Research Center for Cybercrime
Germany
7.7.1
Government resources
Cybercrime.gov from the United States Department

of Justice
National Institute of Justice Electronic Crime Program from the United States Department of Justice
FBI Cyber Investigations home page
US Secret Service Computer Fraud
Australian High Tech Crime Centre
Chapter 8
Computer security
Computer security, also known as cybersecurity or IT
security, is security applied to computing devices such
as computers and smartphones, as well as computer networks such as private and public networks, including the
whole Internet. The eld includes all the processes and
mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized
access, change or destruction, and is of growing importance due to the increasing reliance of computer systems
in most societies.[1] It includes physical security to prevent theft of equipment and information security to protect the data on that equipment. Those terms generally
do not refer to physical security, but a common belief
among computer security experts is that a physical security breach is one of the worst kinds of security breaches
as it generally allows full access to both data and equipment.
A large number of vulnerabilities are documented in the

Common Vulnerabilities and Exposures (CVE) database.
Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems.
A security risk may be classied as a vulnerability. The

use of vulnerability with the same meaning of risk can
lead to confusion. The risk is tied to the potential of a
signicant loss. There can also be vulnerabilities without risk, like when the asset has no value. A vulnerability
with one or more known (publicly or privately) instances
of working and fully implemented attacks is classied as
an exploitable vulnerability- a vulnerability for which an
exploit exists. To exploit those vulnerabilities, perpetrators (individual hacker, criminal organization, or a nation
state) most commonly use malware (malicious software),
Cybersecurity is the process of applying security mea- worms, viruses, and targeted attacks.
sures to ensure condentiality, integrity, and availability
of data. Cybersecurity attempts to assure the protection Dierent scales exist to assess the risk of an attack. In the
of assets, which includes data, desktops, servers, build- United States, authorities use the Information Operations
ings, and most importantly, humans. The goal of cyber- Condition (INFOCON) system. This system is scaled
security is to protect data both in transit and at rest. Coun- from 5 to 1 (INFOCON 5 being an harmless situation
termeasures can be put in place in order to increase the and INFOCON 1 representing the most critical threats).
security of data. Some of these measures include, but are To understand the techniques for securing a computer
not limited to, access control, awareness training, audit system, it is important to rst understand the various
and accountability, risk assessment, penetration testing, types of attacks that can be made against it. These
vulnerability management, and security assessment and threats can typically be classied into one of the cateauthorization.[2]
gories in the section below.
8.1 Vulnerabilities
Main article: Vulnerability (computing)
8.1.1 Backdoors
A backdoor in a computer system, a cryptosystem or an
algorithm, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain
undetected. A special form of asymmetric encryption attacks, known as kleptographic attack, resists to be useful
to the reverse engineer even after it is detected and analyzed.
A vulnerability is a weakness which allows an attacker to

reduce a systems information assurance. Vulnerability is
the intersection of three elements: a system susceptibility
or aw, attacker access to the aw, and attacker capability
to exploit the aw. To exploit a vulnerability, an attacker
must have at least one applicable tool or technique that The backdoor may take the form of an installed program
can connect to a system weakness. In this frame, vulner- (e.g., Back Orice), or could be a modication to an existing program or hardware device. A specic form of backability is also known as the attack surface.
37
38
CHAPTER 8. COMPUTER SECURITY
door is a rootkit, which replaces system binaries and/or

hooks into the function calls of an operating system to
hide the presence of other programs, users, services and
open ports. It may also fake information about disk and
memory usage.
An unauthorized user gaining physical access to a computer (or part thereof) can perform many functions or
install dierent types of devices to compromise security, including operating system modications, software
worms, keyloggers, and covert listening devices. The attacker can also easily download large quantities of data
onto backup media, like CD-R/DVD-R or portable devices such as ash drives, digital cameras or digital audio
8.1.2 Denial-of-service attack
players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable
Main article: Denial-of-service attack
media and read the data from the harddrive(s) this way.
The only way to prevent this is to encrypt the storage meUnlike other exploits, denial of service attacks are not dia and store the key separate from the system. Directused to gain unauthorized access or control of a system. access attacks are the only type of threat to air gapped
They are instead designed to render it unusable. Attack- computers in most cases.
ers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive
times to cause the victim account to be locked, or they
8.1.4 Eavesdropping
may overload the capabilities of a machine or network
and block all users at once. These types of attack are, in
practice, dicult to prevent, because the behaviour of Eavesdropping is the act of surreptitiously listening to a
whole networks needs to be analyzed, not just the be- private conversation, typically between hosts on a nethaviour of small pieces of code. Distributed denial of work. For instance, programs such as Carnivore and
service (DDoS) attacks, where a large number of compro- NarusInsight have been used by the FBI and NSA to
mised hosts (commonly referred to as "zombie comput- eavesdrop on the systems of internet service providers.
ers", used as part of a botnet with, for example, a worm, Even machines that operate as a closed system (i.e., with
trojan horse, or backdoor exploit to control them) are no contact to the outside world) can be eavesdropped
used to ood a target system with network requests, thus upon via monitoring the faint electro-magnetic transmisattempting to render it unusable through resource exhaus- sions generated by the hardware; TEMPEST is a specition, are common. Another technique to exhaust victim cation by the NSA referring to these attacks.
resources is through the use of an attack amplier, where
the attacker takes advantage of poorly designed protocols
on third-party machines, such as NTP or DNS, in order to 8.1.5 Spoong
instruct these hosts to launch the ood. Some vulnerabilities in applications or operating systems can be exploited Spoong of user identity describes a situation in which
to make the computer or application malfunction or crash one person or program successfully masquerades as anto create a denial-of-service.
other by falsifying data.
8.1.3
Direct-access attacks
8.1.6 Tampering
Tampering describes an intentional modication of products in a way that would make them harmful to the consumer.
8.1.7 Repudiation
Repudiation describes a situation where the authenticity
of a signature is being challenged.
8.1.8 Information disclosure

Common consumer devices that can be used to transfer data surreptitiously.
Information disclosure (privacy breach or data leak) describes a situation where information, thought to be secure, is released in an untrusted environment.
8.2. VULNERABLE AREAS
8.1.9
Privilege escalation
39
8.1.12 Indirect attacks
Privilege escalation describes a situation where an at- An indirect attack is an attack launched by a third-party
tacker gains elevated privileges or access to resources that computer. By using someone elses computer to launch
an attack, it becomes far more dicult to track down the
were once restricted to them.
actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such
as the Tor onion router system.
8.1.10
Exploits
Main article: Exploit (computer security)
8.1.13 Computer crime

Computer crime refers to any crime that involves a computer and a network.[4]
An exploit is a software tool designed to take advantage

of a aw in a computer system. This frequently includes
gaining control of a computer system, allowing privilege
8.2 Vulnerable areas
escalation, or creating a denial of service attack. The
code from exploits is frequently reused in trojan horses
and computer viruses. In some cases, a vulnerability can Computer security is critical in almost any industry which
[5]
lie in certain programs processing of a specic le type, uses computers.
such as a non-executable media le. Some security web
sites maintain lists of currently known unpatched vulner8.2.1 Financial systems
abilities found in common programs.
8.1.11
Social engineering and trojans
Main article: Social engineering (security)

See also: Category:Cryptographic attacks
A computer system is no more secure than the persons
responsible for its operation. Malicious individuals have
regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted
individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as
social engineering.
In the world of information technology there are dierent
types of cyber attacklike code injection to a website or
utilising malware (malicious software) such as virus, trojans, or similar. Attacks of these kinds are counteracted
managing or improving the damaged product. But there
is one last type, social engineering, which does not directly aect the computers but instead their users, which
are also known as the weakest link. This type of attack is capable of achieving similar results to other class
of cyber attacks, by going around the infrastructure established to resist malicious software; since being more
dicult to calculate or prevent, it is many times a more
ecient attack vector.
Web sites that accept or store credit card numbers and

bank account information are prominent hacking targets,
because of the potential for immediate nancial gain from
transferring money, making purchases, or selling the information on the black market. In-store payment systems and ATMs have also been tampered with in order
to gather customer account data and PINs.
8.2.2 Utilities and industrial equipment

Computers control functions at many utilities, including coordination of telecommunications, the power grid,
nuclear power plants, and valve opening and closing in
water and gas networks. The Internet is a potential attack
vector for such machines if connected, but the Stuxnet
worm demonstrated that even equipment controlled by
computers not connected to the Internet can be vulnerable to physical damage caused by malicious commands
sent to industrial equipment (in that case uranium enrichment centrifuges) which are infected via removable media. In 2014, the Computer Emergency Readiness Team,
a division of the Department of Homeland Security, investigated 79 hacking incidents at energy companies.[6]
8.2.3 Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transThe main target is to convince the user by means of psy- portation infrastructure. Security can be compromised
chological ways to disclose secrets such as passwords, by hardware and software malpractice, human error, and
card numbers, etc. by, for example, impersonating a faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage,
bank, a contractor, or a customer.[3]
40
industrial competition, terrorist attack, mechanical mal- and ctional assassination of supreme leader Kim Jongfunction, and human error.[7]
un.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry
range from loss of condentiality to loss of system integrity, which may lead to more serious concerns such
as exltration (data theft or loss), network and air trac
control outages, which in turn can lead to airport closures,
loss of aircraft, loss of passenger life. Military systems
that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or
well funded; for a power outage at an airport alone can
cause repercussions worldwide.[8] One of the easiest and,
arguably, the most dicult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specic radio frequencies. These transmissions may spoof air trac controllers or simply disrupt communications altogether.[9] Controlling aircraft
over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles oshore. Beyond the
radars sight controllers must rely on periodic radio communications with a third party. [10] Another attack vector
of concern is onboard wi systems.[11]
8.2.4
Consumer devices
8.2.6 Automobiles
With physical access to a cars internal controller area network, hackers have demonstrated the ability to disable
the brakes and turn the steering wheel.[13] Computerized
engine timing, cruise control, anti-lock brakes, seat belt
tensioners, door locks, airbags and advanced driver assistance systems make these disruptions possible, and selfdriving cars go even further. Connected cars may use wi
and bluetooth to communicate with onboard consumer
devices, and the cell phone network to contact concierge
and emergency assistance services or get navigational or
entertainment information; each of these networks is a
potential entry point for malware or an attacker.[13] Researchers in 2011 were even able to use a malicious
compact disc in a cars stereo system as a successful attack vector,[14] and cars with built-in voice recognition
or remote assistance features have onboard microphones
which could be used for eavesdropping. A 2015 report
by U.S. Senator Edward Markey criticized manufacturers security measures as inadequate and also highlighted
privacy concerns about driving, location, and diagnostic
data being collected, which is vulnerable to abuse by both
manufacturers and hackers.[15]
Desktop computers and laptops are commonly infected

with malware, either to gather passwords or nancial
account information, or to construct a botnet to attack 8.2.7 Government
another target. Smart phones, tablet computers, smart
watches, and other mobile devices have also recently be- Military installations have been the target of hacks; vital
come targets for malware.
government infrastructure such as trac light controls,
Many smartphones have cameras, microphones, GPS police and intelligence agency communications, and receivers, compasses, and accelerometers.
Many nancial systems are also potential targets as they become
Quantied Self devices, such as activity trackers, and computerized.
mobile apps collect personal information, such as heartbeat, diet, notes on activities (from exercise in public to
sexual activities), and performance of bodily functions.
Wi, Bluetooth, and cell phone network devices can be
used as attack vectors, and sensors might be remotely activated after a successful attack. Many mobile applications do not use encryption to transmit this data, nor to
protect usernames and passwords, leaving the devices and
the web sites where data is stored vulnerable to monitoring and break-ins.[12]
8.3 Financial
breaches
cost
of
security
Serious nancial damage has been caused by security

breaches, but because there is no standard model for estimating the cost of an incident, the only data available is
that which is made public by the organizations involved.
Several computer security consulting rms produce esHacking techniques have also been demonstrated against
timates of total worldwide losses attributable to virus and
[12]
home automation devices such as the Nest thermostat.
worm attacks and to hostile digital acts in general. The
2003 loss estimates by these rms range from $13 billion
(worms and viruses only) to $226 billion (for all forms of
8.2.5 Large corporations
covert attacks). The reliability of these estimates is ofthe underlying methodology is basically
Data breaches at large corporations have become com- ten challenged;
[16]
anecdotal.
mon, largely for nancial gain through identity theft. Notably, the 2014 Sony Pictures Entertainment hack was al- However, reasonable estimates of the nancial cost of
legedly carried out by the government of North Korea or security breaches can actually help organizations make
its supporters, in retaliation for an unattering caricature rational investment decisions. According to the clas-
8.4. COMPUTER PROTECTION (COUNTERMEASURES)

sic Gordon-Loeb Model analyzing the optimal investment level in information security, one can conclude that
the amount a rm spends to protect information should
generally be only a small fraction of the expected loss
(i.e., the expected value of the loss resulting from a cyber/information security breach).[17]
41
dure, or technique that reduces a threat, a vulnerability,
or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting
it so that corrective action can be taken.[19][20] An alternate meaning of countermeasure from the InfosecToday
glossary[21] is:
Insecurities in operating systems have led to a massive

The deployment of a set of security services to
black market for rogue software. An attacker can use a
protect against a security threat.
security hole to install software that tricks the user into
buying a product. At that point, an aliate program pays
the aliate responsible for generating that installation
about $30. The software is sold for between $50 and $75 8.4.1 Security and systems design
per license.[18]
Although there are many aspects to take into consideration when designing a computer system, security can
prove to be very important. According to Symantec, in
8.3.1 Reasons
2010, 94 percent of organizations polled expect to imThere are many similarities (yet many fundamental dif- plement security improvements to their computer syswith 42 percent claiming cyber security as their top
ferences) between computer and physical security. Just tems,[22]
risk.
like real-world security, the motivations for breaches of
computer security vary between attackers, sometimes
called hackers or crackers. Some are thrill-seekers or
vandals (the kind often responsible for defacing web
sites); similarly, some web site defacements are done to
make political statements. However, some attackers are
highly skilled and motivated with the goal of compromising computers for nancial gain or espionage. An example of the latter is Markus Hess (more diligent than
skilled), who spied for the KGB and was ultimately caught
because of the eorts of Cliord Stoll, who wrote a memoir, The Cuckoos Egg, about his experiences.
At the same time, many organizations are improving security and many types of cyber criminals are nding ways
to continue their activities. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware
infections, denial-of-service attacks, password sning,
and web site defacements were signicantly higher than
in the previous two years.[23]
For those seeking to prevent security breaches, the rst

step is usually to attempt to identify what might motivate
an attack on the system, how much the continued operation and information security of the system are worth, and
who might be motivated to breach it. The precautions required for a home personal computer are very dierent
for those of banks' Internet banking systems, and dierent again for a classied military network. Other computer security writers suggest that, since an attacker using
a network need know nothing about you or what you have
on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking
all possible attacks is the only plausible action to take.
A state of computer security is the conceptual ideal,

attained by the use of the three processes: threat prevention, detection, and response. These processes are
based on various policies and system components, which
include the following:
8.4 Computer protection (countermeasures)

There are numerous ways to protect computers, including utilizing security-aware design techniques, building
on secure operating systems and installing hardware devices designed to protect the computer systems.
In general, a countermeasure is a measure or action taken
to counter or oset another one. In computer security
a countermeasure is dened as an action, device, proce-
8.4.2 Security measures
User account access controls and cryptography can

protect systems les and data, respectively.
Firewalls are by far the most common prevention
systems from a network security perspective as they
can (if properly congured) shield access to internal network services, and block certain kinds of attacks through packet ltering. Firewalls can be both
hardware- or software-based.
Intrusion Detection Systems (IDSs) are designed to
detect network attacks in progress and assist in postattack forensics, while audit trails and logs serve a
similar function for individual systems.
Response is necessarily dened by the assessed security requirements of an individual system and may
cover the range from simple upgrade of protections
to notication of legal authorities, counter-attacks,
and the like. In some special cases, a complete destruction of the compromised system is favored, as it
42

may happen that not all the compromised resources
are detected.
Today, computer security comprises mainly preventive

measures, like rewalls or an exit procedure. A rewall
can be dened as a way of ltering network data between
a host or a network and another network, such as the
Internet, and can be implemented as software running
on the machine, hooking into the network stack (or, in
the case of most UNIX-based operating systems such as
Linux, built into the operating system kernel) to provide
real time ltering and blocking. Another implementation
is a so-called physical rewall which consists of a separate
machine ltering network trac. Firewalls are common
amongst machines that are permanently connected to the
Internet.
However, relatively few organisations maintain computer
systems with eective detection systems, and fewer still
have organised response mechanisms in place. As result,
as Reuters points out: Companies for the rst time report they are losing more through electronic theft of data
than physical stealing of assets.[24] The primary obstacle
to eective eradication of cyber crime could be traced to
excessive reliance on rewalls and other automated detection systems. Yet it is basic evidence gathering by using packet capture appliances that puts criminals behind
bars.
Diculty with response
Responding forcefully to attempted security breaches (in
the manner that one would for attempted physical security
breaches) is often very dicult for a variety of reasons:
Identifying attackers is dicult, as they are often
in a dierent jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymising procedures which
make backtracing dicult and are often located in
yet another jurisdiction. If they successfully breach
security, they are often able to delete logs to cover
their tracks.
The sheer number of attempted attacks is so large
that organisations cannot spend time pursuing each
attacker (a typical home user with a permanent (e.g.,
cable modem) connection will be attacked at least
several times per day, so more attractive targets
could be presumed to see many more). Note however, that most of the sheer bulk of these attacks
are made by automated vulnerability scanners and
computer worms.
Law enforcement ocers are often unfamiliar with
information technology, and so lack the skills and
interest in pursuing attackers. There are also budgetary constraints. It has been argued that the high
cost of technology, such as DNA testing, and improved forensics mean less money for other kinds of
law enforcement, so the overall rate of criminals not
getting dealt with goes up as the cost of the technology increases. In addition, the identication of attackers across a network may require logs from various points in the network and in many countries, the
release of these records to law enforcement (with
the exception of being voluntarily surrendered by a
network administrator or a system administrator) requires a search warrant and, depending on the circumstances, the legal proceedings required can be
drawn out to the point where the records are either
regularly destroyed, or the information is no longer
relevant.
8.4.3 Reducing vulnerabilities

Computer code is regarded by some as a form of
mathematics. It is theoretically possible to prove the
correctness of certain classes of computer programs,
though the feasibility of actually achieving this in largescale practical systems is regarded as small by some with
practical experience in the industry; see Bruce Schneier
et al.
It is also possible to protect messages in transit (i.e.,
communications) by means of cryptography. One
method of encryptionthe one-time padis unbreakable when correctly used. This method was used by
the Soviet Union during the Cold War, though aws in
their implementation allowed some cryptanalysis; see the
Venona project. The method uses a matching pair of
key-codes, securely distributed, which are used onceand-only-once to encode and decode a single message.
For transmitted computer encryption this method is difcult to use properly (securely), and highly inconvenient
as well. Other methods of encryption, while breakable in
theory, are often virtually impossible to directly break by
any means publicly known today. Breaking them requires
some non-cryptographic input, such as a stolen key, stolen
plaintext (at either end of the transmission), or some other
extra cryptanalytic information.
Social engineering and direct computer access (physical)
attacks can only be prevented by non-computer means,
which can be dicult to enforce, relative to the sensitivity
of the information. Even in a highly disciplined environment, such as in military organizations, social engineering
attacks can still be dicult to foresee and prevent.
Trusting computer program code to behave securely has
been pursued for decades. It has proven dicult to determine what code 'will never do.' Mathematical proofs are
illusive in part because it is so dicult to dene secure
behavior even notionally, let alone mathematically. In
practice, only a small fraction of computer program code
is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but
8.4. COMPUTER PROTECTION (COUNTERMEASURES)

extremely valuable computer security audits, so it is usually possible for a determined hacker to read, copy, alter
or destroy data in well secured computers, albeit at the
cost of great time and resources. Few attackers would
audit applications for vulnerabilities just to attack a single specic system. It is possible to reduce an attackers
chances by keeping systems up to date, using a security
scanner or/and hiring competent people responsible for
security. The eects of data loss/damage can be reduced
by careful backing up and insurance. However softwarebased strategies have not yet been discovered for protecting computers from adequately funded, dedicated malicious attacks.
8.4.4
Security by design
Main article: Secure by design

Security by design, or alternately secure by design, means
that the software has been designed from the ground up
to be secure. In this case, security is considered as a main
feature.
Some of the techniques in this approach include:
43
8.4.5 Security architecture

The Open Security Architecture organization denes IT
security architecture as the design artifacts that describe
how the security controls (security countermeasures) are
positioned, and how they relate to the overall information
technology architecture. These controls serve the purpose to maintain the systems quality attributes: condentiality, integrity, availability, accountability and assurance
services".[25]
Techopedia denes security architecture as a unied security design that addresses the necessities and potential
risks involved in a certain scenario or environment. It
also species when and where to apply security controls.
The design process is generally reproducible. The key
attributes of security architecture are:[26]
the relationship of dierent components and how
they depend on each other.
the determination of controls based on risk assessment, good practice, nances, and legal matters.
the standardization of controls.
The principle of least privilege, where each part of 8.4.6 Hardware protection mechanisms
the system has only the privileges that are needed
for its function. That way even if an attacker gains See also: Computer security compromised by hardware
access to that part, they have only limited access to failure
the whole system.
While hardware may be a source of insecurity, such
Automated theorem proving to prove the correctas with microchip vulnerabilities maliciously introduced
ness of crucial software subsystems.
during the manufacturing process,[27][28] hardware-based
Code reviews and unit testing, approaches to make or assisted computer security also oers an alternamodules more secure where formal correctness tive to software-only computer security. Using devices
and methods such as dongles, trusted platform modules,
proofs are not possible.
intrusion-aware cases, drive locks, disabling USB ports,
Defense in depth, where the design is such that more and mobile-enabled access may be considered more sethan one subsystem needs to be violated to compro- cure due to the physical access (or sophisticated backdoor
mise the integrity of the system and the information access) required in order to be compromised. Each of
these is covered in more detail below.
it holds.
Default secure settings, and design to fail secure
rather than fail insecure (see fail-safe for the
equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious,
knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
Audit trails tracking system activity, so that when
a security breach occurs, the mechanism and extent
of the breach can be determined. Storing audit trails
remotely, where they can only be appended to, can
keep intruders from covering their tracks.
Full disclosure of all vulnerabilities, to ensure that
the "window of vulnerability" is kept as short as possible when bugs are discovered.
USB dongles are typically used in software licensing schemes to unlock software capabilities,[29] but
they can also be seen as a way to prevent unauthorized access to a computer or other devices software. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key. The principle is that an encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides a stronger measure of security, since it is harder to hack and replicate the dongle than to simply copy the native software to another machine and use it. Another security application for dongles is to use them for accessing web-based content such as cloud software or
Virtual Private Networks (VPNs).[30] In addition, a
44

USB dongle can be congured to lock or unlock a
computer.[31]
Trusted platform modules (TPMs) secure devices

by integrating cryptographic capabilities onto access devices, through the use of microprocessors, or
so-called computers-on-a-chip. TPMs used in conjunction with server-side software oer a way to detect and authenticate hardware devices, preventing
unauthorized network and data access.[32]
Computer case intrusion detection refers to a pushbutton switch which is triggered when a computer
case is opened. The rmware or BIOS is programmed to show an alert to the operator when the
computer is booted up the next time.
Drive locks are essentially software tools to encrypt
hard drives, making them inaccessible to thieves.[33]
Tools exist specically for encrypting external drives
as well.[34]
Disabling USB ports is a security option for preventing unauthorized and malicious access to an
otherwise secure computer. Infected USB dongles connected to a network from a computer inside the rewall are considered by Network World
as the most common hardware threat facing computer networks.[35]
Mobile-enabled access devices are growing in popularity due to the ubiquitous nature of cell phones.
Built-in capabilities such as Bluetooth, the newer
Bluetooth low energy (LE), Near eld communication (NFC) on non-iOS devices and biometric validation such as thumb print readers, as well as QR
code reader software designed for mobile devices,
oer new, secure ways for mobile phones to connect to access control systems. These control systems provide computer security and can also be used
for controlling access to secure buildings.[36]
8.4.7
Secure operating systems
Main article: Security-focused operating system

One use of the term computer security refers to technology that is used to implement secure operating systems. Much of this technology is based on science developed in the 1980s and used to produce what may be some
of the most impenetrable operating systems ever. Though
still valid, the technology is in limited use today, primarily
because it imposes some changes to system management
and also because it is not widely understood. Such ultrastrong secure operating systems are based on operating
system kernel technology that can guarantee that certain
security policies are absolutely enforced in an operating

environment. An example of such a Computer security
policy is the Bell-LaPadula model. The strategy is based
on a coupling of special microprocessor hardware features, often involving the memory management unit, to
a special correctly implemented operating system kernel.
This forms the foundation for a secure operating system
which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility
of penetration by hostile elements. This capability is enabled because the conguration not only imposes a security policy, but in theory completely protects itself from
corruption. Ordinary operating systems, on the other
hand, lack the features that assure this maximal level of
security. The design methodology to produce such secure
systems is precise, deterministic and logical.
Systems designed with such methodology represent the
state of the art of computer security although products
using such security are not widely known. In sharp contrast to most kinds of software, they meet specications
with veriable certainty comparable to specications for
size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international nancial institutions. These are very powerful security tools and very few secure operating systems
have been certied at the highest level (Orange Book A1) to operate over the range of Top Secret to unclassied (including Honeywell SCOMP, USAF SACDIN,
NSA Blacker and Boeing MLS LAN). The assurance of
security depends not only on the soundness of the design
strategy, but also on the assurance of correctness of the
implementation, and therefore there are degrees of security strength dened for COMPUSEC. The Common
Criteria quanties security strength of products in terms
of two components, security functionality and assurance
level (such as EAL levels), and these are specied in a
Protection Prole for requirements and a Security Target
for product descriptions. None of these ultra-high assurance secure general purpose operating systems have been
produced for decades or certied under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are
implemented robustly enough to protect DoD and DoE
classied information. Medium assurance suggests it can
protect less valuable information, such as income tax information. Secure operating systems designed to meet
medium robustness levels of security functionality and
assurance have seen wider use within both government
and commercial markets. Medium robust systems may
provide the same security functions as high assurance secure operating systems but do so at a lower assurance level
(such as Common Criteria levels EAL4 or EAL5). Lower
levels mean we can be less certain that the security functions are implemented awlessly, and therefore less dependable. These systems are found in use on web servers,
8.5. NOTABLE COMPUTER SECURITY ATTACKS AND BREACHES
45
guards, database servers, and management hosts and are 8.4.9 Capabilities and access control lists
used not only to protect the data stored on these systems
but also to provide a high level of protection for network
Main articles: Access control list and Capability (comconnections and routing services.
puters)
8.4.8
Secure coding
Main article: Secure coding

If the operating environment is not based on a secure
operating system capable of maintaining a domain for
its own execution, and capable of protecting application
code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of
security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security'
category because they rely on features not supported by
secure operating systems (like portability, and others). In
low security operating environments, applications must
be relied on to participate in their own protection. There
are 'best eort' secure coding practices that can be followed to make an application more resistant to malicious
subversion.
Within computer systems, two of many security models capable of enforcing privilege separation are access
control lists (ACLs) and capability-based security. Using
ACLs to conne programs has been proven to be insecure in many situations, such as if the host computer can
be tricked into indirectly allowing restricted le access, an
issue known as the confused deputy problem. It has also
been shown that the promise of ACLs of giving access
to an object to only one person can never be guaranteed
in practice. Both of these problems are resolved by capabilities. This does not mean practical aws exist in all
ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they
do not introduce aws.
Capabilities have been mostly restricted to research
operating systems, while commercial OSs still use ACLs.
Capabilities can, however, also be implemented at the
language level, leading to a style of programming that is
essentially a renement of standard object-oriented design. An open source project in the area is the E language.
The most secure computers are those not connected to

the Internet and shielded from any interference. In the
real world, the most secure systems are operating systems
In commercial environments, the majority of software
where security is not an add-on.
subversion vulnerabilities result from a few known kinds
of coding defects. Common software defects include
buer overows, format string vulnerabilities, integer
overow, and code/command injection. These defects
can be used to cause the target system to execute putative data. However, the data contain executable instruc- 8.4.10 Hacking back
tions, allowing the attacker to gain control of the processor.
There has been a signicant debate regarding the legality
Some common languages such as C and C++ are vulner- of hacking back against digital attackers (who attempt to
able to all of these defects (see Seacord, Secure Coding or successfully breach an individuals, entitys, or nations
in C and C++").[37] Other languages, such as Java, are computer). The arguments for such counter-attacks are
more resistant to some of these defects, but are still prone based on notions of equity, active defense, vigilantism,
to code/command injection and other software defects and the Computer Fraud and Abuse Act (CFAA). The
arguments against the practice are primarily based on the
which facilitate subversion.
legal denitions of intrusion and unauthorized access,
Another bad coding practice occurs when an object is as dened by the CFAA. As of October 2012, the debate
deleted during normal operation yet the program neglects is ongoing.[39]
to update any of the associated memory pointers, potentially causing system instability when that location is referenced again. This is called dangling pointer, and the
rst known exploit for this particular problem was presented in July 2007. Before this publication the problem
was known but considered to be academic and not prac- 8.5 Notable computer security attically exploitable.[38]
tacks and breaches
Unfortunately, there is no theoretical model of secure

coding practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally Some illustrative examples of dierent types of computer
read/write) generally tends to have some form of defect. security breaches are given below.
46
8.5.1
Robert Morris and the rst computer 8.5.5 Global surveillance disclosures
worm
Main article: Morris worm
Main article: Global surveillance disclosures (2013

present)
In 1988, only 60,000 computers were connected to the

Internet, and most were mainframes, minicomputers and
professional workstations. On November 2, 1988, many
started to slow down, because they were running a malicious code that demanded processor time and that spread
itself to other computers - the rst internet "computer
worm".[40] The software was traced back to 23 year old
Cornell University graduate student Robert Tappan Morris, Jr. who said 'he wanted to count how many machines
were connected to the Internet'.[40]
In early 2013, thousands of thousands of classied

documents[49] were disclosed by NSA contractor Edward
Snowden. Called the most signicant leak in U.S.
history[50] it also revealed for the rst time the massive breaches of computer security by the NSA, including deliberately inserting a backdoor in a NIST standard
for encryption[51] and tapping the links between Google's
data centres.[52]
8.5.2
In 2013 and 2014, a Russian/Ukrainian hacking ring

known as Rescator broke into Target Corporation
computers in 2013, stealing roughly 40 million credit
cards,[53] and then Home Depot computers in 2014, stealing between 53 and 56 million credit card numbers.[54]
Warnings were delivered at both corporations, but ignored; physical security breaches using self checkout machines are believed to have played a large role. The malware utilized is absolutely unsophisticated and uninteresting, says Jim Walter, director of threat intelligence operations at security technology company McAfee - meaning that the heists could have easily been stopped by existing antivirus software had administrators responded to
the warnings. The size of the thefts has resulted in major
attention from state and Federal United States authorities
and the investigation is ongoing.
Rome Laboratory
In 1994, over a hundred intrusions were made by unidentied crackers into the Rome Laboratory, the US Air
Forces main command and research facility. Using
trojan horses, hackers were able to obtain unrestricted
access to Romes networking systems and remove traces
of their activities. The intruders were able to obtain
classied les, such as air tasking order systems data
and furthermore able to penetrate connected networks of
National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force
Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center
user.[41]
8.5.3
TJX loses 45.7m customer credit 8.6

card details
In early 2007, American apparel and home goods company TJX announced that it was the victim of an
unauthorized computer systems intrusion[42] and that
the hackers had accessed a system that stored data on
credit card, debit card, check, and merchandise return
transactions.[43]
8.5.4
8.5.6 Target And Home Depot Breaches by

Rescator
Stuxnet attack
The computer worm known as Stuxnet reportedly ruined

almost one-fth of Irans nuclear centrifuges[44] by disrupting industrial programmable logic controllers (PLCs)
in a targeted attack generally believed to have been
launched by Israel and the United States[45][46][47][48] although neither has publicly acknowledged this.
Legal issues and global regulation
Conict of laws in cyberspace[55] has become a major cause of concern for computer security community.
Some of the main challenges and complaints about the
antivirus industry are the lack of global web regulations,
a global base of common rules to judge, and eventually
punish, cyber crimes and cyber criminals. There is no
global cyber law[56] and cyber security treaty[57] that can
be invoked for enforcing global cyber security issues.
International legal issues of cyber attacks[58] are really
tricky and complicated in nature.[59] For instance, even
if an antivirus rm locates the cyber criminal behind
the creation of a particular virus or piece of malware
or again one form of cyber attack, often the local authorities cannot take action due to lack of laws under
which to prosecute.[60][61] This is mainly caused by the
fact that many countries have their own regulations regarding cyber crimes. Authorship attribution for cyber
8.8. ACTIONS AND TEAMS IN THE US
47
crimes and cyber attacks has become a major problem 8.7.1 Publicprivate cooperation
for international law enforcement agencies.[62]
"[Computer viruses] switch from one country to another, The cybersecurity act of 2010 establishes the creation of
from one jurisdiction to another moving around the an advisory panel, each member of this panel will be apworld, using the fact that we don't have the capability to pointed by the President of the United-States. They must
the pubglobally police operations like this. So the Internet is as represent the private sector, the academic sector,
[68]
lic
sector
and
the
non-prot
organisations.
The
purif someone [had] given free plane tickets to all the onpose
of
the
panel
is
to
advise
the
government
as
well
as
[60]
line criminals of the world.
(Mikko Hyppnen) Use
help
improve
strategies.
of dynamic DNS, fast ux and bullet proof servers have
added own complexities to this situation.[63]
Businesses are eager to expand to less developed countries due to the low cost of labor, says White et al.
(2012). However, these countries are the ones with the
least amount of Internet safety measures, and the Internet Service Providers are not so focused on implementing
those safety measures (2010). Instead, they are putting
their main focus on expanding their business, which exposes them to an increase in criminal activity.[64]
In response to the growing problem of cyber crime, the
European Commission established the European Cybercrime Centre (EC3).[65] The EC3 eectively opened on
1 January 2013 and will be the focal point in the EUs
ght against cyber crime, contributing to faster reaction
to online crimes. It will support member states and the
EUs institutions in building an operational and analytical
capacity for investigations, as well as cooperation with
international partners.[66]
8.7 Government
8.8 Actions and teams in the US

8.8.1 Cybersecurity Act of 2010
The Cybersecurity Act of 2010 - S. 773 was introduced rst in the Senate on April 1, 2009 by Senator Jay
Rockefeller (D-WV), Senator Evan Bayh (D-IN), Senator Barbara Mikulski (D-MD), Senator Bill Nelson (DFL), and Senator Olympia Snowe (R-ME). The revised
version was approved on March 24, 2009.[68]
The main objective of the bill is to increase collaboration
between the public and the private sector on the issue of
cybersecurity. But also
to ensure the continued free ow of commerce
within the United States and with its global
trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to
provide for the development of a cadre of
information technology specialists to improve
and maintain eective cybersecurity defenses
against disruption, and for other purposes.[68]
The role of the government is to make regulations to force

companies and organizations to protect their system, infrastructure and information from any cyber attacks, but
also to protect its own national infrastructure such as the The act also wants to instate new higher standards, pronational power-grid.
cesses, technologies and protocols to ensure the security
The question of whether the government should intervene of the critical infrastructure.
or not in the regulation of the cyberspace is a very polemical one. Indeed, for as long as it has existed and by
denition, the cyberspace is a virtual space free of any 8.8.2 International Cybercrime Reporting
and Cooperation Act
government intervention. Where everyone agree that an
improvement on cybersecurity is more than vital, is the
government the best actor to solve this issue? Many gov- On March 25, 2010, Representative Yvette Clarke (Dernment ocials and experts think that the government NY) introduced the International Cybercrime Reportshould step in and that there is a crucial need for regula- ing and Cooperation Act - H.R.4962[69] in the House
tion, mainly due to the failure of the private sector to solve of Representatives; the bill, co-sponsored by seven other
eciently the cybersecurity problem. R. Clarke said dur- representatives (among whom only one Republican), was
ing a panel discussion at the RSA Security Conference referred to three House committees.[70] The bill seeks
in San Francisco, he believes that the industry only re- to make sure that the administration keeps Congress insponds when you threaten regulation. If industry doesn't formed on information infrastructure, cybercrime, and
respond (to the threat), you have to follow through.[67] end-user protection worldwide. It also directs the PresiOn the other hand, executives from the private sector dent to give priority for assistance to improve legal, judiagree that improvements are necessary but think that the cial, and enforcement capabilities with respect to cybergovernment intervention would aect their ability to in- crime to countries with low information and communinovate eciently.
cations technology levels of development or utilization in
48
their critical infrastructure, telecommunications systems,

and nancial industries[70] as well as to develop an action
plan and an annual compliance assessment for countries
of cyber concern.[70]
onguardonline.gov : The mission of this website is to

provide practical tips from the federal government
and the technology industry to help the end user be
on guard against internet fraud, secure their computers, and protect their private personal information.
8.8.3
csrc.nist.gov : The Computer Security Division (Computer Security Resource Center) of the
National Institute of Standards and Technology. Its
mission is to provide assistance, guidelines, specications, minimum information security requirements...
Protecting Cyberspace as a National

Asset Act of 2010
On June 19, 2010, United States Senator Joe Lieberman

(I-CT) introduced a bill called Protecting Cyberspace as
a National Asset Act of 2010 - S.3480[71] which he cowrote with Senator Susan Collins (R-ME) and Senator
Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill
switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of
the bill issued a statement claiming that instead, the bill
"[narrowed] existing broad Presidential authority to take
over telecommunications networks.[72]
8.8.4
8.8.7 Military agencies

Homeland Security
The Department of Homeland Security has a dedicated

division responsible for the response system, risk management program and requirements for cyber security in
the United States called the National Cyber Security Divi[75][76]
The division is home to US-CERT operations
White House proposes cybersecurity sion.
and the National Cyber Alert System. The goals of those
legislation
team is to :
On May 12, 2011, the White House sent Congress a proposed cybersecurity law designed to force companies to
do more to fend o cyberattacks, a threat that has been
reinforced by recent reports about vulnerabilities in systems used in power and water utilities.[73]
help government and end-users to transition to new

cyber security capabilities
R&D[76]
Executive order 13636 Improving Critical Infrastructure In October 2009, the Department of Homeland Security
Cybersecurity was signed February 12, 2013.
opened the National Cybersecurity and Communications
Integration Center. The center brings together government organizations responsible for protecting computer
8.8.5 White House Cybersecurity Summit networks and networked infrastructure.[77]
President Obama called for a cybersecurity summit, held
FBI
at Stanford University in February 2015.[74]
8.8.6
Government initiatives
The government put together several dierent websites to

inform, share and analyze information. Those websites
are targeted to dierent audiences":
the government itself: states, cities, counties
the public sector
the private sector
the end-user
Here are a few examples :
msisac.org : the Multi-State Information Sharing
and Analysis Center. The mission of the MS-ISAC
is to improve the overall cyber security posture of
state, local, territorial and tribal governments.
The third priority of the Federal Bureau of Investigation(FBI) is to:

Protect the United States against cyber-based attacks and high-technology crimes[78]
According to the 2010 Internet Crime Report, 303,809
complaints were received via the IC3 website. The
Internet Crime Complaint Center, also known as IC3, is a
multi-agency task force made up by the FBI, the National
White Collar Crime Center (NW3C), and the Bureau of
Justice Assistance (BJA).[79]
According to the same report,[80] here are the top 10 reported oense in the United States only :
1. Non-delivery Payment/Merchandise 14.4%
2. FBI-Related Scams 13.2%
3. Identity Theft 9.8%
8.9. INTERNATIONAL ACTIONS

4. Computer Crimes 9.1%
5. Miscellaneous Fraud 8.6%
6. Advance Fee Fraud 7.6%
7. Spam 6.9%
8. Auction Fraud 5.9%
9. Credit Card Fraud 5.3%
10. Overpayment Fraud 5.3%
In addition to its own duties, the FBI participates in nonprot organization such as InfraGard. InfraGard is a private non-prot organization serving as a public-private
partnership between U.S. businesses and the FBI. The organization describes itself as an information sharing and
analysis eort serving the interests and combining the
knowledge base of a wide range of members.[81] InfraGard states they are an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the
United States.[82]
49
DoD civilians and contractors, who oversee the commands operationally focused global strategic mission.
The United States Cyber Command, also known as USCYBERCOM, is a sub-unied command subordinate to
USSTRATCOM. Its mission are to plan, coordinate, integrate, synchronize and conduct activities to: direct the
operations and defense of specied Department of Defense information networks and; prepare to, and when
directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure
US/Allied freedom of action in cyberspace and deny the
same to our adversaries.[84]
8.8.8 FCC
The U.S. Federal Communications Commission's role in
cyber security is to strengthen the protection of critical
communications infrastructure, to assist in maintaining
the reliability of networks during disasters, to aid in swift
recovery after, and to ensure that rst responders have
access to eective communications services.[85]
8.8.9 Computer
Team
Emergency
Readiness
Department of Justice
Computer Emergency Response Team is a name given to

expert groups that handle computer security incidents. In
In the criminal division of the United States Department the US, two distinct organization exist, although they do
of Justice operates a section called the Computer Crime work closely together.
and Intellectual Property Section. The CCIPS is in charge
of investigating computer crime and intellectual prop US-CERT: the United States Computer Emergency
erty crime and is specialized in the search and seizure of
Response Team is part of the National Cyber Sedigital evidence in computers and networks.
curity Division of the United States Department of
As stated on their website:
Homeland Security.[86]
The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Departments national strategies in combating computer and intellectual
property crimes worldwide. The Computer
Crime Initiative is a comprehensive program
designed to combat electronic penetrations,
data thefts, and cyberattacks on critical information systems. CCIPS prevents, investigates, and prosecutes computer crimes by
working with other government agencies, the
private sector, academic institutions, and foreign counterparts.[83]
USCYBERCOM
The United States Strategic Command (USSTRATCOM) is one of the nine Unied Combatant Commands
of the United States Department of Defense (DoD). The
Command, including components, employs more than
2,700 people, representing all four services, including
CERT/CC: The Computer Emergency Response

Team Coordination Center is a major coordination center created by the Defense Advanced Research Projects Agency (DARPA) and is run by the
Software Engineering Institute (SEI).
8.9 International actions

A lot of dierent teams and organisations exists, mixing
private and public members. Here are some examples:
The Forum of Incident Response and Security Teams (FIRST) is the global association of
CSIRTs.[87] The US-CERT, AT&T, Apple, Cisco,
McAfee, Microsoft are all members of this international team.[88]
The Council of Europe helps protect societies
worldwide from the threat of cybercrime through
the Convention on Cybercrime and its Protocol
50
on Xenophobia and Racism, the Cybercrime Con- 8.9.2 South Korea

vention Committee (T-CY) and the Project on
Cybercrime.[89]
Following cyberattacks in the rst half of 2013, whereby
government, news-media, television station, and bank
websites were compromised, the national government
The purpose of the Messaging Anti-Abuse Work- committed to the training of 5,000 new cybersecurity exing Group (MAAWG) is to bring the messaging in- perts by 2017. The South Korean government blamed its
dustry together to work collaboratively and to suc- northern counterpart on these attacks, as well as incidents
cessfully address the various forms of messaging that occurred in 2009, 2011, and 2012, but Pyongyang
abuse, such as spam, viruses, denial-of-service at- denies the accusations.[91]
tacks and other messaging exploitations. To accomSeoul, March 7, 2011 - South Korean police have conplish this, MAAWG develops initiatives in the three
tacted 35 countries to ask for cooperation in tracing the
areas necessary to resolve the messaging abuse proborigin of a massive cyber attack on the Web sites of key
lem: industry collaboration, technology, and pubgovernment and nancial institutions, amid a nationwide
lic policy.[90] France Telecom, Facebook, AT&T,
cyber security alert issued against further threats. The
Apple, Cisco, Sprint are some of the members of
Web sites of about 30 key South Korean government
the MAAWG.[90]
agencies and nancial institutions came under a so-called
distributed denial-of-service (DDoS) attack for two days
from Friday, with about 50,000 zombie computers in ENISA : The European Network and Information fected with a virus seeking simultaneous access to seSecurity Agency (ENISA) is an agency of the Eu- lected sites and swamping them with trac. As soon as
ropean Union. It was created in 2004 by EU the copies of overseas servers are obtained, the cyber inRegulation No 460/2004 and is fully operational vestigation unit will analyse the data to track down the
since September 1, 2005. It has its seat in Heraklion, origin of the attacks made from countries, including the
Crete (Greece).
United States, Russia, Italy and Israel, the NPA noted.[92]
In late September 2013, a computer-security competition
jointly sponsored by the defense ministry and the National Intelligence Service was announced. The winners
will be announced on September 29, 2013 and will share
a total prize pool of 80 million won (US$74,000).[91]
The objective of ENISA is to improve network and

information security in the European Union. The agency
has to contribute to the development of a culture of network and information security for the benet of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Mar- 8.9.3 India
ket.
India has no specic law for dealing with cyber security related issues.[93] Some provisions for cyber security
have been incorporated into rules framed under the In8.9.1 Germany
formation Technology Act 2000 but they are grossly insucient. Further, the National Cyber Security Policy
2013
has remained ineective and non-implementable
Berlin starts National Cyber Defense Initiative
until now.[94] The cyber security trends and developments
On June 16, 2011, the German Minister for Home Af- in India 2013 have listed the shortcomings of Indian cyber
and Indian cyber security inifairs, ocially opened the new German NCAZ (Na- security policy in general
[95]
Indian
cyber security policy has
tiatives
in
particular.
tional Center for Cyber Defense) Nationales Cyberalso
failed
to
protect
civil
liberties
of Indians including
Abwehrzentrum, which is located in Bonn. The NCAZ
[96]
Civil
liberties
protection
in cyberspace
privacy
rights.
closely cooperates with BSI (Federal Oce for Inforhas
been
blatantly
ignored
by
Indian
government
and emation Security) Bundesamt fr Sicherheit in der Insurveillance
projects
have
been
kept
intact
by
the
Narenformationstechnik, BKA (Federal Police Organisation)
[97]
As a result Indian cyber secuBundeskriminalamt (Deutschland), BND (Federal Intel- dra Modi government.
rity
eorts
are
inadequate
and
not up to the mark. There
ligence Service) Bundesnachrichtendienst, MAD (Miliis
also
no
legal
obligation
for
cyber
security breach distary Intelligence Service) Amt fr den Militrischen Ab[98]
closures
in
India
as
well.
schirmdienst and other national organisations in Germany
taking care of national security aspects. According to
the Minister the primary task of the new organisation
founded on February 23, 2011, is to detect and prevent
attacks against the national infrastructure and mentioned
incidents like Stuxnet.
However, the Indian Companies Act 2013 has introduced

cyber law[99] and cyber security obligations[100] on the
part of Indian directors. Cyber security obligations for
e-commerce business in India have also been recognised
recently.[101]
8.11. CYBERSECURITY AND MODERN WARFARE
8.9.4
Canada
On October 3, 2010, Public Safety Canada unveiled

Canadas Cyber Security Strategy, following a Speech
from the Throne commitment to boost the security of
Canadian cyberspace.[102][103] The aim of the strategy is
to strengthen Canadas cyber systems and critical infrastructure sectors, support economic growth and protect Canadians as they connect to each other and to the
world.[104] Three main pillars dene the strategy: securing government systems, partnering to secure vital cyber systems outside the federal government, and helping
Canadians to be secure online.[104] The strategy involves
multiple departments and agencies across the Government of Canada.[105] The Cyber Incident Management
Framework for Canada outlines these responsibilities,
and provides a plan for coordinated response between
government and other partners in the event of a cyber
incident.[106] The Action Plan 2010-2015 for Canadas
Cyber Security Strategy outlines the ongoing implementation of the strategy.[107]
51
protect network security. February 27, 2014, the Chinese
network security and information technology leadership
team is established. The leadership team will focus on national security and long-term development, co-ordination
of major issues related to network security and information technology economic, political, cultural, social, and
military and other elds of research to develop network
security and information technology strategy, planning
and major macroeconomic policy promote national network security and information technology law, and constantly enhance security capabilities.
8.10.1 Europe
CSIRTs in Europe collaborate in the TERENA task
force TF-CSIRT. TERENA's Trusted Introducer service
provides an accreditation and certication scheme for
CSIRTs in Europe. A full list of known CSIRTs in Europe is available from the Trusted Introducer website.
Public Safety Canadas Canadian Cyber Incident Re- 8.10.2 Other countries
sponse Centre (CCIRC) is responsible for mitigating and
responding to threats to Canadas critical infrastructure
CERT Brazil, member of FIRST (Forum for Inciand cyber systems. The CCIRC provides support to
dent Response and Security Teams)
mitigate cyber threats, technical support to respond and
recover from targeted cyber attacks, and provides on CARNet CERT, Croatia, member of FIRST
line tools for members of Canadas critical infrastruc AE CERT, United Arab Emirates
ture sectors.[108] The CCIRC posts regular cyber security
[109]
bulletins on the Public Safety Canada website.
The
SingCERT, Singapore
CCIRC also operates an online reporting tool where individuals and organizations can report a cyber incident.[110]
CERT-LEXSI, France, Canada, Singapore
Canadas Cyber Security Strategy is part of a larger, integrated approach to critical infrastructure protection, and
functions as a counterpart document to the National Strat8.11 Cybersecurity and modern
egy and Action Plan for Critical Infrastructure.[105]
On September 27, 2010, Public Safety Canada partnered with STOP.THINK.CONNECT, a coalition of
non-prot, private sector, and government organizations
dedicated to informing the general public on how to protect themselves online.[111] On February 4, 2014, the
Government of Canada launched the Cyber Security Cooperation Program.[112] The program is a $1.5 million
ve-year initiative aimed at improving Canadas cyber
systems through grants and contributions to projects in
support of this objective.[113] Public Safety Canada aims
to begin an evaluation of Canadas Cyber Security Strategy in early 2015.[105] Public Safety Canada administers
and routinely updates the GetCyberSafe portal for Canadian citizens, and carries out Cyber Security Awareness
Month during October.[114]
8.10 National teams

Here are the main computer emergency response teams
around the world. Every country have their own team to
warfare
Main article: Cyberwarfare

Cybersecurity is becoming increasingly important as
more information and technology is being made available on cyberspace. There is growing concern among
governments that cyberspace will become the next theatre of warfare. As Mark Clayton from the Christian Science Monitor described in article titled, The New Cyber
Arms Race.:
In the future, wars will not just be fought
by soldiers with guns or with planes that drop
bombs. They will also be fought with the click
of a mouse a half a world away that unleashes
carefully weaponized computer programs that
disrupt or destroy critical industries like utilities, transportation, communications, and energy. Such attacks could also disable military
networks that control the movement of troops,
52

the path of jet ghters, the command and control of warships.[115]
Security Administrator
Installs and manages organization-wide security systems. May also take on some of the tasks of a security analyst in smaller organizations.
This has lead to new terms such as, cyberwarfare and

cyberterrorism. More and more critical infrastructure
is being controlled via computer programs that, while in- Chief Information Security Ocer
creasing eciency, exposes new vulnerabilities. The test
will be to see if governments and corporations that con- A high-level management position responsible for the
entire information security division/sta. The positrol critical systems such as energy, communications and
tion may include hands-on technical work.
other critical information will be able to prevent attacks
before they occur. As Jay Cross, the chief scientist of the Security Consultant/Specialist/Intelligence
Internet Time Group remarked, Connectedness begets
Broad titles that encompass any one or all of the other
vulnerability.[116]
roles/titles, tasked with protecting computers, networks, software, data, and/or information systems
against viruses, worms, spyware, malware, intrusion
8.12 The cyber security job market
detection, unauthorized access, denial-of-service attacks, and an ever increasing list of attacks by hackCyber Security is a fast-growing[117] eld of IT concerned
ers acting as individuals or as part of organized
with reducing organizations risk of hack or data breach.
crime or foreign governments.
Commercial, government and non-governmental all employ cybersecurity professional, but the use of the term
interested
cybersecurity is government job descriptions is more Student programs are also available to people
[120][121]
in
beginning
a
career
in
cybersecurity.
Meanprevalent than in non-government job descriptions, in
while,
a
exible
and
eective
option
for
information
part due to government cybersecurity initiatives (as opposed to corporations IT security initiatives) and the security professionals of all experience levels to
is online security training, including
establishment of government institutions like the US Cy- keep studying
[122][123][124]
webcasts.
ber Command and the UK Defence Cyber Operations
Group.[118]
Typical cybersecurity job titles and descriptions
include:[119]
8.13 Terminology
The following terms used with regards to engineering seSecurity Analyst Analyzes and assesses vulnerabilities cure systems are explained below.
in the infrastructure (software, hardware, networks),
investigates available tools and countermeasures to
Access authorization restricts access to a computer
remedy the detected vulnerabilities, and recomto group of users through the use of authentication
mends solutions and best practices. Analyzes and
systems. These systems can protect either the
assesses damage to the data/infrastructure as a rewhole computer such as through an interactive
sult of security incidents, examines available recovlogin screen or individual services, such as an
ery tools and processes, and recommends solutions.
FTP server. There are many methods for identiTests for compliance with security policies and profying and authenticating users, such as passwords,
cedures. May assist in the creation, implementation,
identication cards, and, more recently, smart cards
and/or management of security solutions.
and biometric systems.
Security Engineer
Anti-virus software consists of computer programs
that attempt to identify, thwart and eliminate
Performs security monitoring, security and data/logs
computer viruses and other malicious software
analysis, and forensic analysis, to detect security
(malware).
incidents, and mounts incident response. Investigates and utilizes new technologies and processes
Applications with known security aws should not
to enhance security capabilities and implement imbe run. Either leave it turned o until it can be
provements. May also review code or perform other
patched or otherwise xed, or delete it and replace it
security engineering methodologies.
with some other application. Publicly known aws
are the main entry used by worms to automatically
Security Architect
break into a system and then spread to other sysDesigns a security system or major components of a setems connected to it. The security website Secunia
provides a search tool for unpatched known aws in
curity system, and may head a security design team
popular products.
building a new security system.
8.13. TERMINOLOGY
Authentication techniques can be used to ensure that
communication end-points are who they say they
are.
Automated theorem proving and other verication
tools can enable critical algorithms and code used in
secure systems to be mathematically proven to meet
their specications.
Backups are a way of securing information; they are
another copy of all the important computer les kept
in another location. These les are kept on hard
disks, CD-Rs, CD-RWs, tapes and more recently on
the cloud. Suggested locations for backups are a reproof, waterproof, and heat proof safe, or in a separate, osite location than that in which the original
les are contained. Some individuals and companies
also keep their backups in safe deposit boxes inside
bank vaults. There is also a fourth option, which
involves using one of the le hosting services that
backs up les over the Internet for both business and
individuals, known as the cloud.
53
Cryptographic techniques can be used to defend
data in transit between systems, reducing the probability that data exchanged between systems can be
intercepted or modied.
Cyberwarfare is an Internet-based conict that involves politically motivated attacks on information
and information systems. Such attacks can, for example, disable ocial websites and networks, disrupt or disable essential services, steal or alter classied data, and criple nancial systems.
Data integrity is the accuracy and consistency of
stored data, indicated by an absence of any alteration
in data between two updates of a data record.[126]
Cryptographic techniques involve transforming information,
Backups are also important for reasons other

scrambling it so it becomes unreadable during transmission. The
than security. Natural disasters, such as earth- intended recipient can unscramble the message; ideally, eavesquakes, hurricanes, or tornadoes, may strike droppers cannot.
the building where the computer is located.
The building can be on re, or an explosion
may occur. There needs to be a recent backup
Encryption is used to protect the message from the
at an alternate secure location, in case of such
eyes of others. Cryptographically secure ciphers are
kind of disaster. Further, it is recommended
designed to make any practical attempt of breaking
that the alternate location be placed where the
infeasible. Symmetric-key ciphers are suitable for
same disaster would not aect both locations.
bulk encryption using shared keys, and public-key
Examples of alternate disaster recovery sites
encryption using digital certicates can provide a
being compromised by the same disaster that
practical solution for the problem of securely comaected the primary site include having had a
municating when no key is shared in advance.
primary site in World Trade Center I and the
Endpoint security software helps networks to prerecovery site in 7 World Trade Center, both of
vent exltration (data theft) and virus infection at
which were destroyed in the 9/11 attack, and
network entry points made vulnerable by the prevahaving ones primary site and recovery site in
lence of potentially infected portable computing dethe same coastal region, which leads to both
vices, such as laptops and mobile devices, and exbeing vulnerable to hurricane damage (for external storage devices, such as USB drives.[127]
ample, primary site in New Orleans and recovery site in Jeerson Parish, both of which
Firewalls are an important method for control and
were hit by Hurricane Katrina in 2005). The
security on the Internet and other networks. A netbackup media should be moved between the
work rewall can be a communications processor,
geographic sites in a secure manner, in order
typically a router, or a dedicated server, along with
to prevent them from being stolen.
rewall software. A rewall serves as a gatekeeper
system that protects a companys intranets and other
Capability and access control list techniques can be
computer networks from intrusion by providing a lused to ensure privilege separation and mandatory
ter and safe transfer point for access to and from the
access control. This section discusses their use.
Internet and other networks. It screens all network
trac for proper passwords or other security codes
Chain of trust techniques can be used to attempt to
and only allows authorized transmission in and out
ensure that all software loaded has been certied as
of the network. Firewalls can deter, but not comauthentic by the systems designers.
pletely prevent, unauthorized access (hacking) into
Condentiality is the nondisclosure of information
computer networks; they can also provide some proexcept to another authorized person.[125]
tection from online intrusion.
54
Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by
crackers. They can be used to catch crackers or x
vulnerabilities.
L. Jean Camp
Intrusion-detection systems can scan a network for

people that are on the network but who should not
be there or are doing things that they should not be
doing, for example trying a lot of passwords to gain
access to the network.
Cynthia Dwork
A microkernel is the near-minimum amount of software that can provide the mechanisms to implement
an operating system. It is used solely to provide
very low-level, very precisely dened machine code
upon which an operating system can be developed.
A simple example is the early '90s GEMSOS (Gemini Computers), which provided extremely low-level
machine code, such as segment management, atop
which an operating system could be built. The theory (in the case of segments) was thatrather
than have the operating system itself worry about
mandatory access separation by means of militarystyle labelingit is safer if a low-level, independently scrutinized module can be charged solely
with the management of individually labeled segments, be they memory segments or le system
segments or executable text segments. If software below the visibility of the operating system is
(as in this case) charged with labeling, there is no
theoretically viable means for a clever hacker to subvert the labeling scheme, since the operating system
per se does not provide mechanisms for interfering
with labeling: the operating system is, essentially,
a client (an application, arguably) atop the microkernel and, as such, subject to its restrictions.
Ian Goldberg
Pinging The ping application can be used by potential crackers to nd if an IP address is reachable. If
a cracker nds a computer, they can try a port scan
to detect and attack services on that computer.
Social engineering awareness keeps employees
aware of the dangers of social engineering and/or
having a policy in place to prevent social engineering can reduce successful breaches of the network
and servers.
8.14 Scholars
Lance Cottrell
Lorrie Cranor
Deborah Estrin
Joan Feigenbaum
Sha Goldwasser
Lawrence A. Gordon
Peter Gutmann
Paul Kocher
Monica S. Lam
Brian LaMacchia
Kevin Mitnick
Bruce Schneier
Dawn Song
Gene Spaord
Joseph Steinberg
Moti Yung
Rakshit Tandon
Matt Blaze
8.15 See also

Attack tree
CAPTCHA
CERT
CertiVox
Cloud computing security
Comparison of antivirus software
Computer insecurity
Ross J. Anderson
Computer security model
Annie Anton
Content security
Adam Back
Countermeasure (computer)
Daniel J. Bernstein
Cyber security standards
Stefan Brands
Dancing pigs

Data loss prevention products
Data security
Dierentiated security
Disk encryption
Exploit (computer security)
Fault tolerance
Human-computer interaction (security)
Identity Based Security
Identity management
Identity theft
Information Leak Prevention
55
8.16 Further reading

Chwan-Hwa (John) Wu and J. David Irwin, Introduction to Computer Networks and Cybersecurity (Boca Raton: CRC Press, 2013), ISBN 9781466572133.
Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness (Second Edition) (Switzerland: Springer International Publishing, 2015), ISBN 978-3-319-17243-9.
P. W. Singer and Allan Friedman, Cybersecurity
and Cyberwar: What Everyone Needs to Know (Oxford: Oxford University Press, 2014), ISBN 9780199918119.
Peter Kim, The Hacker Playbook: Practical Guide
To Penetration Testing (Seattle: CreateSpace Independent Publishing Platform, 2014), ISBN 9781494932633.
Information Security Awareness

Internet privacy
ISO/IEC 15408
IT risk
List of Computer Security Certications
Mobile security
Network security
Network Security Toolkit
Next-Generation Firewall
Open security
OWASP
Penetration test
Physical information security
Presumed security
Privacy software
Proactive Cyber Defence
8.17 References
[1] Reliance spells end of road for ICT amateurs, May 07,
2013, The Australian
[2] http://www.evolllution.com/opinions/
cybersecurity-understanding-online-threat/
[3] Arcos Sergio. Social Engineering (PDF).
[4] Moore, R. (2005) Cybercrime: Investigating HighTechnology Computer Crime, Cleveland, Mississippi:
Anderson Publishing.
[5] J. C. Willemssen, FAA Computer Security. GAO/TAIMD-00-330. Presented at Committee on Science,
House of Representatives, 2000.
[6] Pagliery, Jose. Hackers attacked the U.S. energy grid 79
times this year. CNN Money. Cable News Network. Retrieved 16 April 2015.
[7] P. G. Neumann, Computer Security in Aviation, presented at International Conference on Aviation Safety and
Security in the 21st Century, White House Commission
on Safety and Security, 1997.
[8] J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 6570.
[9] http://www.securityweek.com/
air-traffic-control-systems-vulnerabilities-could-make-unfriendly-skies-blac
Sandbox (computer security)
[10] http://www.npr.org/blogs/
alltechconsidered/2014/08/04/337794061/
hacker-says-he-can-break-into-airplane-systems-using-in-flight-wi-fi
Separation of protection and security
[11] http://www.reuters.com/article/2014/08/04/
us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804
Software Dened Perimeter
[12] http://www.npr.org/blogs/
alltechconsidered/2014/08/06/338334508/
is-your-watch-or-thermostat-a-spy-cyber-security-firms-are-on-it
Risk cybernetics
Cyber Insurance
56
[13] http://www.vox.com/2015/1/18/7629603/
car-hacking-dangers
[35] Top 10 vulnerabilities inside the network. Network

World. 2010-11-08. Retrieved 2014-03-20.
[14] http://www.autosec.org/pubs/cars-usenixsec2011.pdf
[36] Forget IDs, use your phone as credentials. Fox Business

Network. 2013-11-04. Retrieved 2014-03-20.
[15] http://www.markey.senate.gov/imo/media/doc/
2015-02-06_MarkeyReport-Tracking_Hacking_
CarSecurity%202.pdf
[16] Cashell, B., Jackson, W. D., Jickling, M., & Webel, B.
(2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance
Division. Washington DC: The Library of Congress.
[17] Gordon, Lawrence; Loeb, Martin (November 2002).
The Economics of Information Security Investment.
ACM Transactions on Information and System Security 5
(4): 438-457. doi:10.1145/581271.581274.
[18] Krebs, Brian. Massive Prots Fueling Rogue Antivirus
Market. Washington Post. Retrieved 13 June 2014.
[19] RFC 2828 Internet Security Glossary
[20] CNSS Instruction No. 4009 dated 26 April 2010
[21] InfosecToday Glossary
[22] Symantec. (2010). State of Enterprise Security 2010.
[37] Secure Coding in C and C++, Second Edition. Cert.org.

[38] New hacking technique exploits common programming
error. SearchSecurity.com, July 2007
[39] Justin P. Webb (16 October 2012). Hacking Back - are
you authorized? A discussion of whether its an invitation to federal prison or a justied reaction/strategy?".
Cybercrime Review. Cybercrime Review. Retrieved 24
September 2013.
[40] Jonathan Zittrain, 'The Future of The Internet', Penguin
Books, 2008
[41] Information Security. United States Department of Defense, 1986
[42] THE TJX COMPANIES, INC. VICTIMIZED BY
COMPUTER SYSTEMS INTRUSION; PROVIDES INFORMATION TO HELP PROTECT CUSTOMERS
(Press release). The TJX Companies, Inc. 2007-01-17.
[23] Richardson, R. (2010). 2009 CSI Computer Crime & Security Survey. Computer Security Institute. Computer
Security Institute.
[43] Largest Customer Info Breach Grows.

Cities, 29 March 2007.
[24] Firms lose more to electronic than physical theft.

Reuters.
[44] The Stuxnet Attack On Irans Nuclear Plant Was 'Far

More Dangerous Than Previously Thought. Business Insider. 20 November 2013.
[25] Denitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2006
[45] Reals, Tucker (24 September 2010). Stuxnet Worm a

U.S. Cyber-Attack on Iran Nukes?". CBS News.
[26] Jannsen, Cory. Security Architecture. Techopedia.

Janalta Interactive Inc. Retrieved 9 October 2014.
[46] Kim Zetter (17 February 2011). Cyberwar Issues Likely

to Be Addressed Only After a Catastrophe. Wired. Retrieved 18 February 2011.
[27] The Hacker in Your Hardware: The Next Security Threat

August 4, 2010 Scientic American
[28] Waksman, Adam; Sethumadhavan, Simha (2010),
Tamper Evident Microprocessors (PDF), Proceedings
of the IEEE Symposium on Security and Privacy (Oakland,
California)
[29] Sentinel HASP HL. E-Spin. Retrieved 2014-03-20.
MyFox Twin
[47] Chris Carroll (18 October 2011). Cone of silence surrounds U.S. cyberwarfare. Stars and Stripes. Retrieved
30 October 2011.
[48] John Bumgarner (27 April 2010). Computers as
Weapons of War (PDF). IO Journal. Retrieved 30 October 2011.
[30] Token-based authentication. SafeNet.com. Retrieved

2014-03-20.
[49] Seipel, Hubert. Transcript: ARD interview with Edward

Snowden. La Foundation Courage. Retrieved 11 June
2014.
[31] Lock and protect your Windows PC. TheWindowsClub.com. Retrieved 2014-03-20.
[50] by Pentagon Papers leaker Daniel Ellsberg
[32] James Greene (2012). Intel Trusted Execution Technology: White Paper (PDF). Intel Corporation. Retrieved
2013-12-18.
[33] SafeNet ProtectDrive 8.4. SCMagazine.com. 2008-1004. Retrieved 2014-03-20.
[34] Secure Hard Drives: Lock Down Your Data. PCMag.com. 2009-05-11.
[51] Can You Trust NIST?".

[52] New Snowden Leak: NSA Tapped Google, Yahoo Data
Centers, Oct 31, 2013, Lorenzo Franceschi-Bicchierai,
mashable.com
[53] Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
[54] Home Depot says 53 million emails stolen
8.17. REFERENCES
[55] Conict Of Laws In Cyberspace, Internet And Computer

Era. Conict Of Laws In Cyberspace, Internet And Computer Era. 9 October 2013. Retrieved 6 September 2014.
[56] International Cyber Law Treaty Is Required.
Perry4Law Organisations Blog An Exclusive And
Global Techno Legal Knowledge Base. 10 October 2012.
Retrieved 6 September 2014.
[57] International Cyber Security Treaty Is Required (PDF).
Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 9 January 2014. Retrieved
6 September 2014.
[58] International Legal Issues Of Cyber Attacks, Cyber Terrorism, Cyber Espionage, Cyber Warfare And Cyber
Crimes. International And Indian Legal Issues Of Cyber
Security. 11 March 2014. Retrieved 6 September 2014.
[59] International Legal Issues Of Cyber Attacks And Indian
Perspective. Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 22 March
2014. Retrieved 6 September 2014.
[60] Mikko Hypponen: Fighting viruses, defending the net.
TED.
57
[71]
[72] Senators Say Cybersecurity Bill Has No Kill Switch. Informationweek.com. June 24, 2010. Retrieved June 25,
2010.
[73] Declan McCullagh, CNET. "White House proposes cybersecurity legislation. May 12, 2011. Retrieved May
12, 2011.
[74] http://www.usatoday.com/story/tech/2015/02/13/
obama-cybersecurity-summit-stanford/23328123/
[75] National Cyber Security Division. U.S. Department of
Homeland Security. Retrieved June 14, 2008.
[76] FAQ: Cyber Security R&D Center. U.S. Department
of Homeland Security S&T Directorate. Retrieved June
14, 2008.
[77] AFP-JiJi, U.S. boots up cybersecurity center, October
31, 2009.
[78] Federal Bureau of Investigation - Priorities. Federal Bureau of Investigation.
[79] Internet Crime Complaint Center
[61] Mikko Hypponen - Behind Enemy Lines. Hack In The

Box Security Conference.
[80] 2010 Annual Report - Internet Crime Complaint Center

(PDF). IC3.
[62] Cross Border Cyber Attacks, Authorship Attribution

And Cyber Crimes Convictions. Centre Of Excellence
For Cyber Security Research And Development In India
(CECSRDI). 29 March 2013. Retrieved 6 September
2014.
[81] Robert S. Mueller, III -- InfraGard Interview at the 2005

InfraGard Conference. Infragard (Ocial Site) -- Media
Room. Retrieved 9 December 2009.
[63] Dynamic DNS, Fast Flux, Bullet Proof Servers And Botnet: A Paradise For Cyber Criminals. Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 27 April 2013. Retrieved 6 September
2014.
[64] White, G., & Long, J. (2010). Global information security factors. International Journal of Information Security and Privacy (IJISP), 4(2), 49-60. doi:10.4018/jisp.
2010040104
[65] European Cybercrime Centre set for launch. VirusBulletin.
[82] Infragard, Ocial Site.

September 2010.
[84] U.S. Department of Defense, Cyber Command Fact

Sheet, May 21, 2010 http://www.stratcom.mil/factsheets/
Cyber_Command/
[85] FCC Cyber Security. FCC.
[86] Verton, Dan (January 28, 2004). DHS launches national
cyber alert system. Computerworld (IDG). Retrieved
2008-06-15.
[87] FIRST website.
[88] First members.
[67] Kirby, Carrie (June 24, 2011). Former White House aide
backs some Net regulation / Clarke says government, industry deserve 'F' in cybersecurity. The San Francisco
Chronicle.
[89] European council.
[69] Text of H.R.4962 as Introduced in House: International Cybercrime Reporting and Cooperation Act - U.S.
Congress. OpenCongress. Retrieved 2013-09-25.
[70] H.R.4962 - International Cybercrime Reporting and Cooperation Act, OpenCongress.org. Retrieved on June 26,
2010.
Retrieved 10
[83] CCIPS.
[66] European Cybercrime Centre (EC3)". Europol.
[68] Cybersecurity Act of 2010 - http://www.opencongress.

org/bill/111-s773/text
Infragard.
[90] MAAWG.
[91] Kwanwoo Jun (23 September 2013). Seoul Puts a Price
on Cyberdefense. Wall Street Journal. Dow Jones &
Company, Inc. Retrieved 24 September 2013.
[92] South Korea seeks global support in cyber attack probe.
BBC Monitoring Asia Pacic. 7 March 2011.
[93] Cyber Security Laws In India Needed. Centre Of Excellence For Cyber Security Research And Development In
India (CECSRDI). 9 March 2014. Retrieved 6 September
2014.
58
[94] National Cyber Security Policy Of India 2013 (NCSP [110] Report a Cyber Security Incident. Public Safety
2013)". Centre Of Excellence For Cyber Security ReCanada. Government of Canada. Retrieved 3 November
search And Development In India (CECSRDI). 26 Decem2014.
ber 2013. Retrieved 6 September 2014.
[111] Government of Canada Launches Cyber Security Awareness Month With New Public Awareness Partnership.
[95] Cyber Security Trends And Developments In India
Market Wired (Government of Canada). 27 September
2013 (PDF). Perry4Laws Techno Legal Base (PTLB). 30
2012. Retrieved 3 November 2014.
December 2013. Retrieved 6 September 2014.
[96] National Cyber Security Policy Of India Has Failed To [112] Cyber Security Cooperation Program. Public Safety
Canada. Retrieved 1 November 2014.
Protect Privacy Rights In India. Centre Of Excellence For
Cyber Security Research And Development In India (CEC[113] Cyber Security Cooperation Program. Public Safety
SRDI). 4 July 2013. Retrieved 6 September 2014.
Canada.
[97] Civil Liberties Protection In Cyberspace. Human Rights [114] GetCyberSafe. Get Cyber Safe. Government of Canada.
Protection In Cybersapce. 20 June 2009. Retrieved 6
Retrieved 3 November 2014.
September 2014.
[115] Clayton, Mark. The new cyber arms race. The Christian
[98] Indian Government Is Planning A Legislation Mandating
Science Monitor. Retrieved 16 April 2015.
Strict Cyber Security Disclosure Norms In India. Centre
Of Excellence For Cyber Security Research And Develop- [116] Clayton, Mark. The new cyber arms race. The Christian
Science Monitor. Retrieved 16 April 2015.
ment In India (CECSRDI). 27 March 2013. Retrieved 6
September 2014.
[117] The Growth of Cybersecurity Jobs. Mar 2014. Retrieved 24 April 2014.
[99] Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013. Cyber Laws In
[118] de Silva, Richard (11 Oct 2011). Government vs. ComIndia And Technology Laws And Regulations In India. 7
merce: The Cyber Security Industry and You (Part One)".
April 2014. Retrieved 6 September 2014.
Defence IQ. Retrieved 24 Apr 2014.
[100] Cyber Security Obligations Of Directors Of Indian Com[119] Department of Computer Science. Retrieved April 30,
panies Under Indian Companies Act, 2013. Centre Of
2013.
Excellence For Cyber Security Research And Development
In India (CECSRDI). 6 April 2014. Retrieved 6 Septem- [120] "(Information for) Students. NICCS (US National Iniber 2014.
tiative for Cybercareers and Studies). Retrieved 24 April
2014.
[101] Cyber Security Issues Of E-Commerce Business In India. E-Retailing Laws And Regulations In India. 13 Au- [121] Current Job Opportunities at DHS. U.S. Department of
gust 2014. Retrieved 6 September 2014.
Homeland Security. Retrieved 2013-05-05.
[102] (Press Release) Government of Canada Launches [122] Cybersecurity Training & Exercises. U.S. Department
of Homeland Security. Retrieved 2015-01-09.
Canadas Cyber Security Strategy. Market Wired. 3 October 2010. Retrieved 1 November 2014.
[123] Cyber Security Awareness Free Training and Webcasts.
MS-ISAC (Multi-State Information Sharing & Analysis
[103] Canadas Cyber Security Strategy.
Center. Retrieved 9 January 2015.
[104] Canadas Cyber Security Strategy.
Public Safety
Canada. Government of Canada. Retrieved 1 November [124] Security Training Courses. LearnQuest. Retrieved
2015-01-09.
2014.
[125] Condentiality. Retrieved 2011-10-31.
[105] Action Plan 2010-2015 for Canadas Cyber Security
Strategy. Public Safety Canada. Government of Canada. [126] Data Integrity. Retrieved 2011-10-31.
[127] Endpoint Security. Retrieved 2014-03-15.
[106] Cyber Incident Management Framework For Canada.
Public Safety Canada. Government of Canada. Retrieved
3 November 2014.
8.18 External links
[107] Action Plan 2010-2015 for Canadas Cyber Security

Strategy. Public Safety Canada. Government of Canada.
[108] Canadian Cyber Incident Response Centre.
Safety Canada. Retrieved 1 November 2014.
Public
[109] Cyber Security Bulletins. Public Safety Canada. Retrieved 1 November 2014.
Computer security at DMOZ
Chapter 9
Computer worm
This article is about malware. For the data storage device, see Write Once Read Many. For other uses, see
worm (disambiguation).
A computer worm is a standalone malware computer
Hex dump of the Blaster worm, showing a message left for

Microsoft CEO Bill Gates by the worm programmer
Many worms that have been created are designed only

to spread, and do not attempt to change the systems they
pass through. However, as the Morris worm and Mydoom
showed, even these payload free worms can cause major disruption by increasing network trac and other unintended eects. A "payload" is code in the worm designed to do more than spread the wormit might delete
les on a host system (e.g., the ExploreZip worm), encrypt les in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms
is to install a backdoor in the infected computer to allow
the creation of a "zombie" computer under control of the
worm author. Networks of such machines are often referred to as botnets and are very commonly used by spam
senders for sending junk email or to cloak their websites address.[3] Spammers are therefore thought to be
a source of funding for the creation of such worms,[4][5]
and the worm writers have been caught selling lists of IP
addresses of infected machines.[6] Others try to blackmail
companies with threatened DoS attacks.[7]
Users can minimize the threat posed by worms by
keeping their computers operating system and other
software up-to-date, avoiding opening unrecognized or
unexpected emails, and running rewall and antivirus
software.[8]
Backdoors can be exploited by other malware, including
worms. Examples include Doomjuice, which can spread
using the backdoor opened by Mydoom, and at least one
instance of malware taking advantage of the rootkit and
backdoor installed by the Sony/BMG DRM software utilized by millions of music CDs prior to late 2005.[9]
Spread of Concker worm
9.1 Worms with good intent
program that replicates itself in order to spread to other

computers.[1] Often, it uses a computer network to spread
itself, relying on security failures on the target computer
to access it. Unlike a computer virus, it does not need to
attach itself to an existing program.[2] Worms almost always cause at least some harm to the network, even if only
by consuming bandwidth, whereas viruses almost always
corrupt or modify les on a targeted computer.
Beginning with the very rst research into worms at

Xerox PARC, there have been attempts to create useful
worms. Those worms allowed testing by John Shoch and
Jon Hupp of the Ethernet principles on their network of
Xerox Alto computers. The Nachi family of worms tried
to download and install patches from Microsofts website
to x vulnerabilities in the host systemby exploiting
those same vulnerabilities.[10] In practice, although this
59
60
may have made these systems more secure, it generated
considerable network trac, rebooted the machine in the
course of patching it, and did its work without the consent of the computers owner or user. Regardless of their
payload or their writers intentions, most security experts
regard all worms as malware.
Several worms, like XSS worms, have been written to research how worms spread. For example, the eects of
changes in social activity or user behavior. One study
proposed what seems to be the rst computer worm
that operates on the second layer of the OSI model
(Data link Layer), it utilizes topology information such
as Content-addressable memory (CAM) tables and Spanning Tree information stored in switches to propagate and
probe for vulnerable nodes until the enterprise network is
covered.[11]
CHAPTER 9. COMPUTER WORM

Packet-lters
TCP Wrapper/libwrap enabled network service
daemons
Nullrouting
9.4 History
9.2 Protecting against dangerous

computer worms
Worms spread by exploiting vulnerabilities in operating
systems. Vendors with security problems supply regular
security updates[12] (see "Patch Tuesday"), and if these
are installed to a machine then the majority of worms are
unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a zero-day
attack is possible.
Users need to be wary of opening unexpected email, and
should not run attached les or programs, or visit web
sites that are linked to such emails. However, as with the
ILOVEYOU worm, and with the increased growth and
eciency of phishing attacks, it remains possible to trick
the end-user into running malicious code.
Morris Worm source code disk at the Computer History Museum
Anti-virus and anti-spyware software are helpful, but
must be kept up-to-date with new pattern les at least ev- The actual term worm was rst used in John Brunner's
ery few days. The use of a rewall is also recommended. 1975 novel, The Shockwave Rider. In that novel, Nichlas Hainger designs and sets o a data-gathering worm
In the AprilJune, 2008, issue of IEEE Transactions on in an act of revenge against the powerful men who run
Dependable and Secure Computing, computer scientists a national electronic information web that induces mass
describe a potential new way to combat internet worms. conformity. You have the biggest-ever worm loose in the
The researchers discovered how to contain the kind of net, and it automatically sabotages any attempt to moniworm that scans the Internet randomly, looking for vul- tor it... Theres never been a worm with that tough a head
nerable hosts to infect. They found that the key is for or that long a tail!"[16]
software to monitor the number of scans that machines
on a network sends out. When a machine starts sending On November 2, 1988, Robert Tappan Morris, a Cornell
out too many scans, it is a sign that it has been infected, University computer science graduate student, unleashed
allowing administrators to take it o line and check it for what became known as the Morris worm, disrupting a
guessed
malware.[13][14] In addition, machine learning techniques large number of computers then on the Internet,[17]
Durat
the
time
to
be
one
tenth
of
all
those
connected
can be used to detect new worms, by analyzing the being
the
Morris
appeal
process,
the
U.S.
Court
of
Appeals
[15]
havior of the suspected computer.
estimated the cost of removing the virus from each installation was in the range of $20053,000, and prompting the formation of the CERT Coordination Center[18]
9.3 Mitigation techniques
and Phage mailing list.[19] Morris himself became the
rst person tried and convicted under the 1986 Computer
ACLs in routers and switches
Fraud and Abuse Act.[20]
9.7. EXTERNAL LINKS
61
9.5 See also
[16] Brunner, John (1975). The Shockwave Rider. New York:

Ballantine Books. ISBN 0-06-010559-3.
Computer and network surveillance
[17] The Submarine.
Computer virus
[18] Security of the Internet. CERT/CC.
Helpful worm
[19] Phage mailing list. securitydigest.org.
Spam
[20] Dressler, J. (2007). United States v. Morris. Cases

and Materials on Criminal Law. St. Paul, MN: Thomson/West. ISBN 978-0-314-17719-3.
Trojan horse (computing)

XSS Worm
9.7 External links
9.6 References
[1] Barwise, Mike. What is an internet worm?". BBC. Retrieved 9 September 2010.
[2] Dierence between a computer virus and a computer
worm. USCB SicienceLine.
[3] Ray, Tiernan (February 18, 2004). Business & Technology: E-mail viruses blamed as spam rises sharply. The
Seattle Times.
[4] McWilliams, Brian (October 9, 2003). Cloaking Device
Made for Spammers. Wired.
[5] Unavailable.
[6] Uncovered: Trojans as Spam Robots. hiese online.
2004-02-21. Archived from the original on 2009-05-28.
[7] Hacker threats to bookies probed. BBC News. February
23, 2004.
[8] Computer Worm Information and Removal Steps. Veracode. Retrieved 2015-04-04.
[9] Sony Ships Sneaky DRM Software.
2005-11-01. Retrieved 2012-06-10.
Pcworld.com.
[10] Virus alert about the Nachi worm. Microsoft.

[11] Al-Salloum, Z. S.; Wolthusen, S. D. (2010). A
link-layer-based self-replicating vulnerability discovery
agent. The IEEE symposium on Computers and Communications. p. 704. doi:10.1109/ISCC.2010.5546723. ISBN
978-1-4244-7754-8.
[12] USN list. Ubuntu. Retrieved 2012-06-10.
[13] Sellke, S. H.; Shro, N. B.; Bagchi, S. (2008). Modeling
and Automated Containment of Worms. IEEE Transactions on Dependable and Secure Computing 5 (2): 7186.
doi:10.1109/tdsc.2007.70230.
[14] A New Way to Protect Computer Networks from Internet Worms. Newswise. Retrieved July 5, 2011.
[15] Moskovitch R., Elovici Y., Rokach L. (2008), Detection
of unknown computer worms based on behavioral classication of the host, Computational Statistics and Data Analysis, 52(9):45444566, DOI 10.1016/j.csda.2008.01.028
Malware Guide Guide for understanding, removing and preventing worm infections on Vernalex.com.
The 'Worm' Programs Early Experience with
a Distributed Computation, John Shoch and Jon
Hupp, Communications of the ACM, Volume 25 Issue 3 (March 1982), pages 172180.
The Case for Using Layered Defenses to Stop
Worms, Unclassied report from the U.S. National
Security Agency (NSA), 18 June 2004.
Worm Evolution, paper by Jago Maniscalchi on Digital Threat, 31 May 2009.
Chapter 10
Crimeware
Vulnerabilities in Web applications. The Bankash.G
Trojan, for example, exploited an Internet Explorer
vulnerability to steal passwords and monitor user input on webmail and online commerce sites.[3]
Crimeware is a class of malware designed specically to

automate cybercrime.[1]
Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer users nancial and retail accounts for the purpose
of taking funds from those accounts or completing unauthorized transactions that enrich the cyberthief. Alternatively, crimeware may steal condential or sensitive
corporate information. Crimeware represents a growing problem in network security as many malicious code
threats seek to pilfer condential information.
Targeted attacks sent via SMTP. These socialengineered threats often arrive disguised as a valid
e-mail messages and include specic company information and sender addresses. The malicious emails use social engineering to manipulate users to
open the attachment and execute the payload.[4]
Remote exploits that exploit vulnerabilities on
servers and clients
10.1 Examples
10.3 Concerns
Criminals use a variety of techniques to steal condential

data through crimeware, including through the following
Crimeware can have signicant economic impact due to
methods:
loss of sensitive and proprietary information and associated nancial losses. One survey estimates that in 2005
Surreptitiously install keystroke loggers to collect
organizations lost in excess of $30 million due to the theft
sensitive datalogin and password information for
of proprietary information.[5] The theft of nancial or
online bank accounts, for exampleand report
condential information from corporate networks often
them back to the thief.[2]
places the organizations in violation of government and
Redirect a users web browser to a counterfeit web- industry-imposed regulatory requirements that attempt to
site controlled by the thief even when the user types ensure that nancial, personal and condential.
the websites proper domain name in the address bar.
Steal passwords cached on a users system.[3]
10.3.1 United States
Hijack a user session at a nancial institution and

US laws and regulations include:
drain the account without the users knowledge.
Enable remote access into applications, allowing
criminals to break into networks for malicious purposes.
Encrypt all data on a computer and require the user
to pay a ransom to decrypt it (ransomware.)
Sarbanes-Oxley Act
Health Insurance Portability and Accountability Act
(HIPAA)
Gramm-Leach-Bliley Act
Family Educational Rights and Privacy Act
10.2 Delivery vectors

Crimeware threats can be installed on victims computers
through multiple delivery vectors, including:
62
California Senate Bill 1386

Payment Card Industry Data Security Standard
10.6. EXTERNAL LINKS
10.4 See also

Malware
Metasploit Project
Targeted attacks
Phishing
Spyware
10.5 References
[1] Crimeware: Understanding New Attacks and Defenses.
informit.
[2] "Cyberthieves Silently Copy Your Password" [The New
York Times]
[3] Symantec Internet Security Report, Vol. IX, March 2006,
p. 71
[4] "Protecting Corporate Assets from E-mail Crimeware"
Avinti, Inc., p.1,
[5] CSI/FBI Computer Crime and Security Survey 2005, p.15
10.6 External links

Symantec Internet Security Threat Report
Computer Security Institute
Real-Time Hackers Foil Two-Factor Security
(Technology Review September 18, 2009)
Cyber Crooks Target Public & Private Schools
(Washington Post September 14, 2009)
Crimeware gets worse - How to avoid being robbed
by your PC (Computerworld September 26, 2009)
63
Chapter 11
Cryptovirology
Cryptovirology is a eld that studies how to use
cryptography to design powerful malicious software. The
eld was born with the observation that public-key cryptography can be used to break the symmetry between
what a malware analyst sees regarding malware and what
the malware creator sees. The former sees a public key
in the malware whereas the latter sees the public key as
well as the corresponding private key since the malware
designer created the key pair for the attack. The public
key allows the malware to perform trapdoor one-way operations on the victims computer that only the malware
creator can undo.
The rst attack that was identied in the eld is called
cryptoviral extortion.[1] In this attack a virus, worm,
or trojan hybrid encrypts the victims les and the victim must pay the malware author to receive the needed
session key (which is encrypted under the malware creators public key that is contained in the malware). The
victim needs the session key if the les are needed and
there are no backups of them.
The eld also encompasses covert attacks in which the attacker secretly steals private information such as private
keys. An example of the latter type of attack are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the
attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that nds
it can use it. Kleptography, a subeld of cryptovirology,
is the study of asymmetric back doors in key generation
algorithms, digital signature algorithms, key exchanges,
and other cryptographic algorithms. The NIST Dual EC
DRBG random bit generator has an alleged asymmetric
backdoor in it. The EC-DRBG algorithm utilizes the
discrete-log kleptogram from Kleptography. There is a
misconception that cryptovirology is mostly about extortion attacks (overt attacks). In fact, the vast majority of
cryptovirology attacks are covert in nature.
to include the analysis of cryptographic algorithms used

by malware writers, attacks on these algorithms using automated methods (such as X-raying[3] ) and analysis of
viruses and packers encryptors. Also included is the
study of cryptography-based techniques (such as delayed
code[4] ) developed by malware writers to hamper malware analysis.
A questionable encryption scheme, which was introduced by Young and Yung, is an attack tool in cryptovirology. Informally speaking, a questionable encryption
scheme is a public key cryptosystem (3-tuple of algorithms) with two supplementary algorithms, forming a 5tuple of algorithms. It includes a deliberately bogus yet
carefully designed key pair generation algorithm that produces a fake public key. The corresponding private key
(witness of non-encryption) cannot be used to decipher
data encrypted using the fake public key. By supplying
the key pair to an ecient verication predicate (the 5th
algorithm in the 5-tuple) it is proven whether the public
key is real or fake. When the public key is fake, it follows that no one can decipher data enciphered using
the fake public key. A questionable encryption scheme
has the property that real public keys are computationally
indistinguishable from fake public keys when the private
key is not available. The private key forms a poly-sized
witness of decipherability or indecipherability, whichever
may be the case.
An application of a questionable encryption scheme is a
trojan that gathers plaintext from the host, encrypts it
using the trojans own public key (which may be real or
fake), and then exltrates the resulting ciphertext. In
this attack it is thoroughly intractable to prove that data
theft has occurred. This holds even when all core dumps
of the trojan and all the information that it broadcasts is
entered into evidence. An analyst that jumps to the conclusion that the trojan encrypts data risks being proven
wrong by the malware author (e.g., anonymously).
When the public key is fake, the attacker gets no plaintext from the trojan. So whats the use? A spoong attack is possible in which some trojans are released that
11.1 General information
use real public keys and steal data and some trojans are
released that use fake public keys and do not steal data.
Cryptovirology was born in academia.[1][2] However, Many months after the trojans are discovered and anapractitioners have recently expanded the scope of the eld lyzed, the attacker anonymously posts the witnesses of
64
11.4. OTHER USES OF CRYPTOGRAPHY ENABLED MALWARE
65
non-encryption for the fake public keys. This proves that 11.4 Other uses of cryptography
those trojans never in fact exltrated data. This casts
enabled malware
doubt on the true nature of future strains of malware that
contain such public keys, since the keys could be real
or fake. This attack implies a fundamental limitation on Apart from cryptoviral extortion, there are other potential uses[2] of cryptoviruses. They are used in deniable
proving data theft.
password snatching, used with cryptocounters, used with
There are many other attacks in the eld of cryptovirology private information retrieval and used in secure comthat are not mentioned here.
munication between dierent instances of a distributed
cryptovirus.
11.2 Examples of viruses with 11.5 References

cryptography and ransom [1] A. Young, M. Yung. Cryptovirology: Extortion-Based
Security Threats and Countermeasures. IEEE Symposium
capabilities
on Security & Privacy, May 68, 1996. pp. 129141.
While viruses in the wild have used cryptography in the
past, the only purpose of such usage of cryptography
was to avoid detection by antivirus software. For example, the tremor virus[5] used polymorphism as a defensive
technique in an attempt to avoid detection by anti-virus
software. Though cryptography does assist in such cases
to enhance the longevity of a virus, the capabilities of
cryptography are not used in the payload. The One-half
virus[6] was amongst the rst viruses known to have encrypted aected les. However, the One_half virus was
not ransomware, that is it did not demand any ransom for
decrypting the les that it has encrypted. It also did not
use public key cryptography. An example of a virus that
informs the owner of the infected machine to pay a ransom is the virus nicknamed Tro_Ransom.A.[7] This virus
asks the owner of the infected machine to send $10.99 to
a given account through Western Union.
Virus.Win32.Gpcode.ag is a classic cryptovirus.[8] This
virus partially uses a version of 660-bit RSA and encrypts les with many dierent extensions. It instructs
the owner of the machine to email a given mail ID if the
owner desires the decryptor. If contacted by email, the
user will be asked to pay a certain amount as ransom in
return for the decryptor.
IEEEExplore: Cryptovirology: extortion-based security

threats andcountermeasures
[2] A. Young, M. Yung (2004). Malicious Cryptography: Exposing Cryptovirology. Wiley. ISBN 0-7645-4975-8.
[3] F. Perriot, P. Ferrie (2004). Principles and Practise of
X-Raying (PDF). Virus Bulletin Conference.
[4] Z0mbie (2000). ""DELAYED CODE technology (version 1.1)". white paper. Netlux: Delayed code technology
[5] F-Secure virus descriptions: Tremor
[6] Symantec security response: One_Half
[7] Sophos security analyses: Troj_Ransom.A
[8] Viruslist: Virus.Win32.Gpcode.ag
[9] A. Young. Cryptoviral Extortion Using Microsofts
Crypto API. International Journal of Information Security, Volume 5, Issue 2, April 2006. pp. 6776.
SpringerLink: Cryptoviral extortion using Microsofts
Crypto API
11.6 External links

Cryptovirology Labs - site maintained by Adam
Young and Moti Yung
11.3 Creation of cryptoviruses

To successfully write a cryptovirus, a thorough knowledge of the various cryptographic primitives such as
random number generators, proper recommended cipher text chaining modes etc. are necessary. Wrong
choices can lead to poor cryptographic strength. So, usage of preexisting routines would be ideal. Microsoft's
Cryptographic API (CAPI), is a possible tool for the
same. It has been demonstrated that using just 8 dierent
calls to this API, a cryptovirus can satisfy all its encryption needs.[9]
Cryptography and cryptovirology articles at VX

Heavens
Cryzip Trojan Encrypts Files, Demands Ransom
Can a virus lead an enterprise to court?
A student report entitled Superworms and Cryptovirology
Next Virus Generation: an Overview (cryptoviruses) by Angelo P. E. Rosiello
Chapter 12
DEF CON
This article is about the computer security convention. several tracks of speakers about computer- and crackingFor other uses, see Defcon (disambiguation).
related subjects, as well as social events and contests in
DEF CON (also written as DEFCON or Defcon) is everything from creating the longest Wi-Fi connection
and cracking computer systems to who can most eectively cool a beer in the Nevada heat. Other contests
include lockpicking, robotics-related contests (discontinued), art, slogan, coee wars (not currently running),
scavenger hunt and Capture the Flag. Capture the Flag
(CTF) is perhaps the best known of these contests. It is a
hacking competition where teams of crackers attempt to
attack and defend computers and networks using certain
software and network structures. CTF has been emulated
at other cracking conferences as well as in academic and
military contexts.
A team participating in a CTF competition at DEFCON 17
Conference founder Je Moss contends that the quality of

submitted talks has diminished since DEF CONs inception because security researchers have found companies
and government agencies to pay for the research, leaving
the researchers less willing to unveil their zero-day vulnerability research for free at DEF CON.[1] Additionally, the conference has gone from one track to ve and
accepting speaker proposals for ve times the research
lowers the density of elite speeches.
Since DEF CON 11, fundraisers have been conducted for
the Electronic Frontier Foundation. The rst fundraiser
was a dunk tank and was an ocial event. The EFF now
has an event named The Summit hosted by the Vegas
2.0 crew that is an open event and fundraiser. DefCon 18
(2010) hosted a new fundraiser called MohawkCon. In
2010, over 10,000 people attended DEF CON 18.
Federal law enforcement agents from the FBI, DoD,
United States Postal Inspection Service, and other agencies regularly attend DEF CON.[2][3]
A DEFCON 13 human badge
DEF CON was also portrayed in the The X-Files episode

"Three of a Kind" featuring an appearance by The Lone
one of the worlds largest annual hacker conventions, held
Gunmen. DEF CON was portrayed as a United States
every year in Las Vegas, Nevada. The rst DEF CON
government-sponsored convention instead of a civilian
took place in June 1993.
convention.
Many of the attendees at DEF CON include computer
security professionals, journalists, lawyers, federal government employees, security researchers, and hackers
with a general interest in software, computer architecture, phone phreaking, hardware modication, and anything else that can be cracked. The event consists of
66
12.2. NOTEWORTHY INCIDENTS
67
12.1 History
12.2.4 2007
DEF CON was founded in 1992 by Je Moss as a farewell

party for his friend and fellow cracker. The party was
planned for Las Vegas a few days before his friend was to
leave the United States, because his father had accepted
employment out of the country. However, his friends
father left early, taking his friend along, so Je was left
alone with the entire party planned. Je decided to invite
all his cracker friends to go to Las Vegas with him and
have the party with them instead. Cracker friends from
far and wide got together and laid the foundation for DEF
CON, with roughly 100 persons in attendance. The term
DEF CON comes from the movie WarGames, referencing the U.S. Armed Forces defense readiness condition
(DEFCON). In the movie, Las Vegas was selected as a
nuclear target, and since the event was being hosted in
Las Vegas, it occurred to Je Moss to name the convention DEFCON. However, to a lesser extent, CON also
stands for convention and DEF is taken from the letters
on the number 3 on a telephone keypad, a reference to
phone phreakers. DEF CON was planned to be a onetime event, a party for his friend, but he kept getting
emails from people encouraging him to host again the
next year. After a while, he was convinced to host the
event again, and the attendance nearly doubled the second year.[4]
In August 2007, Michelle Madigan, a reporter for

Dateline NBC, attempted to secretly record hackers admitting to crimes at the convention. After being outed
by DEF CON founder Je Moss during an assembly,
she was heckled and chased out of the convention by attendees for her use of covert audio and video recording
equipment. DEF CON sta tried to get Madigan to obtain a press pass before the outing happened.[7] A DEF
CON source at NBC had tipped o organizers to Madigans plans.[2]
12.2 Noteworthy incidents
The court issued a temporary restraining order prohibiting the students from disclosing the material for a period of ten days, despite the fact the material had already
been disseminated to DefCon attendees at the start of the
show.
12.2.5 2008
Main article: Massachusetts Bay Transportation Authority v. Anderson
MIT students Zack Anderson, R.J. Ryan and Alessandro Chiesa were to present a session entitled The
Anatomy of a Subway Hack: Breaking Crypto RFIDS
and Magstripes of Ticketing Systems. The presentation description included the phrase Want free subway
rides for life?" and promised to focus on the Boston T
subway.[8] However, the Massachusetts Bay Transit Authority (MBTA) sued the students and MIT in United
A semi-ctionalized account of DefCon II, Cyber Christ States District Court in Massachusetts on August 8,
Meets Lady Luck written by Winn Schwartau demon- claiming that the students violated the Computer Fraud
strates some of the early DefCon culture.[5]
and Abuse Act (CFAA) by delivering information to
conference attendees that could be used to defraud the
MBTA of transit fares.[9][10]
12.2.1
1999
On July 10, 1999, the Cult of the Dead Cow hacker collective released Back Orice 2000 at DEF CON 7, in
what was, at the time, the largest presentation in DEF
CON history.
12.2.2
2001
In 2008s contest Race to Zero, contestants submitted a

version of given malware which was required to be undetectable by all of the antivirus engines in each round. The
contest concept attracted much negative attention.[11][12]
12.2.6 2009
WIRED[13] reported that an ATM kiosk was positioned in

On July 16, 2001, Russian programmer Dmitry Sklyarov
the conference center of the Riviera Hotel Casino capturwas arrested the day after DEF CON for writing software
ing data from an unknown number of hackers attending
to decrypt Adobes e-book format.
the DefCon hacker conference .
12.2.3
2005
12.2.7 2011
On July 31, 2005, Cisco used legal threats to suppress Security company HBGary Federal used legal threats to
Mike Lynn from presenting at DEF CON about aws he prevent former CEO Aaron Barr from attending a panel
discussion at the conference.[14]
had found in the Cisco IOS used on routers.[6]
68
12.2.8
CHAPTER 12. DEF CON
2012
The director of the National Security Agency, Keith

B. Alexander, gave the keynote speech.[15] During the
question and answers session, the rst question for
Alexander,[15] elded by Je Moss,[16] was Does the
NSA really keep a le on everyone, and if so, how can
I see mine?" Alexander replied Our job is foreign intelligence and that Those who would want to weave
the story that we have millions or hundreds of millions
of dossiers on people, is absolutely falseFrom my perspective, this is absolute nonsense.[15]
On March 12, 2013, during a United States Senate Select
Committee on Intelligence hearing, Senator Ron Wyden
quoted the 2012 DEF CON keynote speech and asked
Director of National Intelligence James Clapper if the
U.S. conducted domestic surveillance; Clapper made
statements saying that there was no intentional domestic
surveillance.[15] In June 2013 NSA surveillance programs
which collected data on US citizens, such as PRISM,
had been exposed. Andy Greenberg of Forbes said that
NSA ocials, including Alexander, in the years 2012
and 2013 publicly deniedoften with carefully hedged
wordsparticipating in the kind of snooping on Americans that has since become nearly undeniable.[15]
DEF CON 7 was held at the Alexis Park Resort July 911, 1999.
2000s:
DEF CON 10 was held at the Alexis Park Resort August 24, 2002.
DEF CON 11 was held at the Alexis Park Resort August 13, 2003.
DEF CON 12 was held at the Alexis Park Resort July 30 - August 1, 2004.
DEF CON 14 was held at the Riviera Hotel &
Casino August 46, 2006.
Casino July 30 - August 2, 2009.
2010s:
12.2.9
2013
On July 11, 2013, Je Moss posted a statement,[17] located on the DEF CON blog, titled Feds, We Need Some
Time Apart. It stated that I think it would be best for everyone involved if the feds call a time-out and not attend
DEF CON this year.[18] This was the rst time in the organizations history that it had asked federal authorities
not to attend.[17]
Actor Will Smith visited the convention to study the DEF
CON culture for an upcoming movie role.[19]
12.3 List of venues and dates

1990s:
DEF CON 1 was held at the Sands Hotel &
Casino June 911, 1993.
DEF CON 2 was held at the Sahara Hotel and
Casino July 2224, 1994.

DEF CON 19 was held at the Rio Hotel &
Casino August 7-10, 2014.
12.3.1 Upcoming venues and dates

DEF CON 23 will be at both the Paris Hotel and
Ballys Hotel August 6-9, 2015.
12.4 See also

Black Hat Briengs
DEF CON 3 was held at the Tropicana Resort

& Casino August 46, 1995.
Chaos Communication Congress (C3)
DEF CON 4 was held at the Monte Carlo Resort and Casino July 2628, 1996.
Hackers on Planet Earth (HOPE)
Hack-Tic. 4-yearly European version
DEF CON 5 was held at the Aladdin Hotel &

Summercon. The rst American hacker conference,

organized by members of Phrack
DEF CON 6 was held at the Plaza Hotel &

ToorCon. A yearly hacker conference held in San

Diego, California since 1999
12.5 References
[1] HNS. The Vulnerability Economy. Help Net Security.
[2] Zetter, Kim (3 August 2007). Dateline Mole Allegedly
at DefCon with Hidden Camera -- Updated: Mole Caught
on Tape. Wired Blog Network. Retrieved 2007-08-15.
According to DefCon sta, Madigan had told someone
she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigans plans. Federal law enforcement agents from FBI,
DoD, United States Postal Inspection Service and other
agencies regularly attend DefCon to gather intelligence on
the latest techniques of hackers.
[3] DEFCON 15 FAQs. Retrieved 9 Feb 2011. Lots of
people come to DEFCON and are doing their job; security
professionals, federal agents, and the press.
[4] Je Moss (July 30, 2007). The Story of DEFCON. Retrieved 9 Feb 2011.
[5] Winn Schwartau. Cyber Christ Meets Lady Luck
(PDF). Retrieved 9 Feb 2011.
[6] Lamos, Rob (31 July 2005). Exploit writers team up to
target Cisco routers. Security Focus. Retrieved 2004-0731.
[7] Cassel, David (4 August 2007). Transcript: Michelle
Madigans run from Defcon. Tech.Blorge.com. Retrieved 2007-08-15.
[8] Lundin, Leigh (2008-08-17). Dangerous Ideas. MBTA
v DefCon 16. Criminal Brief. Retrieved 2010-10-07.
[9] Jeschke, Rebecca (2008-08-09). MIT Students Gagged
by Federal Court Judge. Press Room. Las Vegas: EFF.
[10] Massachusetts Bay Transit Authority v. Zack Anderson,
RJ Ryan, Alessandro Chiesa, and the Massachusetts Institute of Technology (United States District Court District
of Massachusetts). Text
[11] Race to Zero. Contest concept.
[12] McMillan, Robert (April 2008). Security Vendors Slam
Defcon Virus Contest. IDG News Service.
[13] Malicious ATM Catches Hackers | Threat Level | WIRED
[14] Legal Threat Pushes Former HBGary Federal CEO Out
Of DEFCON. Business Security. Retrieved 8/10/2011.
Check date values in: |accessdate= (help)
[15] Greenberg, Andy. "Watch Top U.S. Intelligence Ocials
Repeatedly Deny NSA Spying On Americans Over The
Last Year (Videos). Forbes. June 6, 2013. Retrieved on
June 11, 2013. Eight months later, Senator Ron Wyden
quoted[...]"
[16] Wagenseil, Paul. "Hackers Don't Believe NSA Chiefs
Denial of Domestic Spying. (Archive) NBC News. August 1, 2012. Retrieved on June 13, 2013.
[17] Whitney, Lance. "Defcon to feds: 'We need some time
apart'. CNET. July 11, 2013. Retrieved on July 12, 2013.
69
[18] Blue, Violet. "Feds 'not welcome' at DEF CON hacker

conference. ZDNet. July 11, 2013. Retrieved on July 11,
2013.
[19] Will Smith Makes Unexpected Appearance At Defcon
Hacker Conference. Retrieved 2013-08-09.

"DefCons Moss: Undercover Reporter Damages
'Neutral Zone'. Information Week. August 6, 2007.
Mills, Elinor. "NSA director nally greets Defcon
hackers. CNET. July 27, 2012.
12.7 External links

Ocial website
Contests
CoeeWars: 2007 Ocial contest
Venues
The Alexis Park Resort & Hotel
The Riviera Hotel & Casino
Multimedia
A rst ever look inside the DEF CON NOC (2008)
The Story of DEF CON - video interview with Je
Moss, a.k.a. Dark Tangent, the founder of DEF
CON
Transcript, audio, video of Jess Moss describing
DEF CONs inception
DEFCON: The Documentary
Chapter 13

An exploit (from the English verb to exploit, meaning 13.1.1 Types
using something to ones own advantage) is a piece of
software, a chunk of data, or a sequence of commands Exploits are commonly categorized and named by these
that takes advantage of a bug, glitch or vulnerability in or- criteria:
der to cause unintended or unanticipated behavior to occur on computer software, hardware, or something elec The type of vulnerability they exploit (See
tronic (usually computerized). Such behavior frequently
vulnerabilities for a list)
includes things like gaining control of a computer sys Whether they need to be run on the same machine as
tem, allowing privilege escalation, or a denial-of-service
the program that has the vulnerability (local) or can
attack.
be run on one machine to attack a program running
on another machine (remote).
The result of running the exploit (EoP, DoS,
Spoong, etc.)
13.1 Classication
There are several methods of classifying exploits. The
most common is by how the exploit contacts the vulnerable software. A remote exploit works over a network and exploits the security vulnerability without any
prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually
increases the privileges of the person running the exploit
past those granted by the system administrator. Exploits
against client applications also exist, usually consisting
of modied servers that send an exploit if accessed with
a client application. Exploits against client applications
may also require some interaction with the user and thus
may be used in combination with the social engineering
method. Another classication is by the action against
the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples.
Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to
use several exploits, rst to gain low-level access, then
to escalate privileges repeatedly until one reaches root.
Normally a single exploit can only take advantage of a
specic software vulnerability. Often, when an exploit is
published, the vulnerability is xed through a patch and
the exploit becomes obsolete until newer versions of the
software become available. This is the reason why some
black hat hackers do not publish their exploits but keep
them private to themselves or other hackers. Such exploits are referred to as zero day exploits and to obtain
access to such exploits is the primary desire of unskilled
attackers, often nicknamed script kiddies.[1]
13.1.2 Pivoting
Pivoting refers to a method used by penetration testers
that uses the compromised system to attack other systems on the same network to avoid restrictions such as
rewall congurations, which may prohibit direct access
to all machines. For example, if an attacker compromises
a web server on a corporate network, the attacker can then
use the compromised web server to attack other systems
on the network. These types of attacks are often called
multi-layered attacks. Pivoting is also known as island
hopping.
Pivoting can further be distinguished into proxy pivoting
and VPN pivoting:
70
Proxy pivoting generally describes the practice of

channeling trac through a compromised target using a proxy payload on the machine and launching
attacks from the computer.[2] This type of pivoting
is restricted to certain TCP and UDP ports that are
supported by the proxy.
VPN pivoting enables the attacker to create an encrypted layer to tunnel into the compromised machine to route any network trac through that target
machine, for example, to run a vulnerability scan on
the internal network through the compromised machine, eectively giving the attacker full network access as if they were behind the rewall.
13.3. REFERENCES
Typically, the proxy or VPN applications enabling pivoting are executed on the target computer as the payload
(software) of an exploit.
13.2 See also

Computer security
Computer virus
Crimeware
Hacking: The Art of Exploitation (second edition)
IT risk
Metasploit
Shellcode
w3af
13.3 References
[1] Whitman,Michael (2012). Chapter 2: The Need for Security. Principles of Information Security, Fourth Edition. Boston, Mass: Course Technology. p. 53.
[2] Metasploit Framework Pivoting, Digital Bond: Metasploit
Basics Part 3: Pivoting and Interfaces
Kahsari Alhadi, Milad. Metasploit Penetration

Testers Guide - Persian, ISBN 978-600-7026-62-5
71
Chapter 14
Firewall (computing)
An illustration of where a rewall would be located in a network.
Packet flow in Netfilter and General Networking

INPUT PATH
basic set of filtering

opportunities at the
network level
bridge level
FORWARD PATH
Application Layer
xfrm
clone packet
(e.g. ipsec)
Protocol Layer
decode
Network Layer
OUTPUT PATH
local
process
xfrm/socket
lookup
filter
input
mangle
by Jan Engelhardt
(based in part on Joshua Snyder's graph)
Last updated 2014-Feb-28; Linux 2.6.36+
* security table left

out for brevity
* nat table only consulted
for NEW connections
no clone to
AF_PACKET
routing
decision
input
raw
prerouting
conntrack
raw
prerouting
conntrack
clone packet
taps (e.g.
AF_PACKET)
(start)
mangle
prerouting
nat
prerouting
Link Layer
ingress
(qdisc)
bridge
check
broute
brouting
nat
prerouting
mangle
prerouting
nat
prerouting
mangle
routing
decision
forward
mangle
filter
input
bridging
decision
forward
filter
forward
mangle
forward
filter
forward
nat
output
nat
postrouting
mangle
postrouting
nat
postrouting
conntrack
filter
output
mangle
postrouting
filter
forward
filter
forward
raw
output
xfrm
encode
mangle
postrouting
nat
postrouting
nat
postrouting
mangle
output
reroute
check
xfrm
lookup
nat
output
filter
output
nat
postrouting
clone packet
Other NF parts
Other Networking
egress
(qdisc)
AF_PACKET
Gufw is a graphical front-end for Uncomplicated Firewall,

which itself is a wrapper for netlter
interface
output
Flow of network packets through Netlter, a Linux kernel module
14.1 History
In computing, a rewall is a network security system that

controls the incoming and outgoing network trac based
on an applied rule set. A rewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure
and trusted.[1]
The term rewall originally referred to a wall intended

to conne a re or potential re within a building. Later
uses refer to similar structures, such as the metal sheet
separating the engine compartment of a vehicle or aircraft
from the passenger compartment.
Firewall technology emerged in the late 1980s when

the Internet was a fairly new technology in terms of its
Stand-alone rewalls exist both as rewall software ap- global use and connectivity. The predecessors to repliances to run on general purpose or standard industry walls for network security were the routers used in the
hardware, and as hardware-based rewall computer ap- late 1980s:[4]
pliances.
Cliord Stoll's discovery of German spies tampering
Personal computer operating systems may include
with his system[4]
software-based rewalls to protect against threats from
the public Internet. Routers that pass data between
Bill Cheswick's Evening with Berferd 1992 in
networks contain rewall components and, conversely,
which he set up a simple electronic jail to observe
many rewalls can perform basic routing functions.[2][3]
an attacker[4]
Hardware-based rewall appliances may also oer other
In 1988, an employee at the NASA Ames Research
functionality to the internal network they protect, such as
Center in California sent a memo by email to his
acting as a DHCP or VPN server for that network.
72
14.1. HISTORY
73
colleagues[5] that read, We are currently under at- the rewall exists to block telnet access, then the rewall
tack from an Internet VIRUS! It has hit Berkeley, will block the TCP protocol for port number 23.[10]
UC San Diego, Lawrence Livermore, Stanford, and
NASA Ames.
14.1.2 Second generation: stateful l-
The Morris Worm spread itself through multiple

ters
vulnerabilities in the machines of the time. Although it was not malicious in intent, the Morris
Main article: Stateful rewall
Worm was the rst large scale attack on Internet security; the online community was neither expecting
From 19891990 three colleagues from AT&T Bell Laban attack nor prepared to deal with one.[6]
oratories, Dave Presetto, Janardan Sharma, and Kshitij Nigam, developed the second generation of rewalls,
calling them Circuit-level gateways.[11]
14.1.1 First generation: packet lters
The rst paper published on rewall technology was in
1988, when engineers from Digital Equipment Corporation (DEC) developed lter systems known as packet
lter rewalls. This fairly basic system was the rst
generation of what is now a highly involved and technical internet security feature. At AT&T Bell Labs, Bill
Cheswick and Steve Bellovin were continuing their research in packet ltering and developed a working model
for their own company based on their original rst generation architecture.[7]
Packet lters act by inspecting the packets which are
transferred between computers on the Internet. If a
packet matches the packet lters set of ltering rules,
the packet lter will drop (silently discard) the packet
or reject it (discard it, and send error responses to the
source).
This type of packet ltering pays no attention to whether a
packet is part of an existing stream of trac (i.e. it stores
no information on connection state). Instead, it lters
each packet based only on information contained in the
packet itself (most commonly using a combination of the
packets source and destination address, its protocol, and,
for TCP and UDP trac, the port number).
Second-generation rewalls perform the work of their

rst-generation predecessors but operate up to layer 4
(transport layer) of the OSI model. This is achieved
by retaining packets until enough information is available to make a judgement about its state.[12] Known as
stateful packet inspection, it records all connections passing through it and determines whether a packet is the start
of a new connection, a part of an existing connection, or
not part of any connection. Though static rules are still
used, these rules can now contain connection state as one
of their test criteria.
Certain denial-of-service attacks bombard the rewall
with thousands of fake connection packets in an attempt
to overwhelm it by lling its connection state memory.[13]
14.1.3 Third generation: application layer

Main article: Application level rewall
Marcus Ranum, Wei Xu, and Peter Churchyard developed an Application Firewall known as Firewall Toolkit
(FWTK). In June 1994, Wei Xu extended the FWTK
with the Kernel enhancement of IP lter and socket transparent. This was known as the rst transparent Application rewall, released as a commercial product of Gauntlet rewall at Trusted Information Systems. Gauntlet rewall was rated one of the number 1 rewalls during 1995
1998.
TCP and UDP protocols constitute most communication

over the Internet, and because TCP and UDP trac by
convention uses well known ports for particular types
of trac, a stateless packet lter can distinguish between, and thus control, those types of trac (such as
web browsing, remote printing, email transmission, le The key benet of application layer ltering is that it
transfer), unless the machines on each side of the packet can understand certain applications and protocols (such
lter are both using the same non-standard ports.[8]
as File Transfer Protocol (FTP), Domain Name System
Packet ltering rewalls work mainly on the rst three (DNS), or Hypertext Transfer Protocol (HTTP)). This
layers of the OSI reference model, which means most of is useful as it is able to detect if an unwanted protocol
the work is done between the network and physical lay- is attempting to bypass the rewall on an allowed port,
ers, with a little bit of peeking into the transport layer to or detect if a protocol is being abused in any harmful
gure out source and destination port numbers.[9] When way. As of 2012, the so-called next-generation rewall
a packet originates from the sender and lters through (NGFW) is nothing more than the widen or deepen
a rewall, the device checks for matches to any of the inspection at application-stack. For example, the existing
packet ltering rules that are congured in the rewall and deep packet inspection functionality of modern rewalls
drops or rejects the packet accordingly. When the packet can be extended to include i) Intrusion prevention syspasses through the rewall, it lters the packet on a pro- tems (IPS); ii) User identity integration (by binding user
tocol/port number basis (GSS). For example, if a rule in IDs to IP or MAC addresses for reputation); and/or iii)
74
CHAPTER 14. FIREWALL (COMPUTING)
Web Application Firewall (WAF). WAF attacks may be for simple lters that require less time to lter than to
implemented in the tool WAF Fingerprinting utilizing look up a session. They may also be necessary for ltertiming side channels (WAFFle).[14]
ing stateless network protocols that have no concept of a
session. However, they cannot make more complex decisions based on what stage communications between hosts
have reached.
14.2 Types
Newer rewalls can lter trac based on many packet
attributes like source IP address, source port, destination
IP address or port, destination service like WWW or FTP.
They can lter based on protocols, TTL values, netblock
of originator, of the source, and many other attributes.
Commonly used packet lters on various versions of
Unix are IPFilter (various), ipfw (FreeBSD/Mac OS X),
NPF (NetBSD), PF (OpenBSD, and some other BSDs),
iptables/ipchains (Linux).
14.2.2 Application-layer
Main article: Application layer rewall
A common graphical depiction of a rewall in computing
Application-layer rewalls work on the application level

of the TCP/IP stack (i.e., all browser trac, or all telnet
or ftp trac), and may intercept all packets traveling to
or from an application. They block other packets (usually
dropping them without acknowledgment to the sender).
On inspecting all packets for improper content, rewalls

There are dierent types of rewalls depending on where can restrict or prevent outright the spread of networked
the communication is taking place, where the communi- computer worms and trojans. The additional inspection
cation is intercepted and the state that is being traced.[15] criteria can add extra latency to the forwarding of packets
to their destination.
14.2.1
Network layer or packet lters
Network layer rewalls, also called packet lters, operate

at a relatively low level of the TCP/IP protocol stack, not
allowing packets to pass through the rewall unless they
match the established rule set. The rewall administrator
may dene the rules; or default rules may apply. The term
packet lter originated in the context of BSD operating
systems.
Network layer rewalls generally fall into two subcategories, stateful and stateless. Stateful rewalls maintain context about active sessions, and use that state information to speed packet processing. Any existing network connection can be described by several properties,
including source and destination IP address, UDP or TCP
ports, and the current stage of the connections lifetime
(including session initiation, handshaking, data transfer,
or completion connection). If a packet does not match an
existing connection, it will be evaluated according to the
ruleset for new connections. If a packet matches an existing connection based on comparison with the rewalls
state table, it will be allowed to pass without further processing.
Application rewalls function by determining whether a

process should accept any given connection. Application rewalls accomplish their function by hooking into
socket calls to lter the connections between the application layer and the lower layers of the OSI model. Application rewalls that hook into socket calls are also referred
to as socket lters. Application rewalls work much like a
packet lter but application lters apply ltering rules (allow/block) on a per process basis instead of ltering connections on a per port basis. Generally, prompts are used
to dene rules for processes that have not yet received
a connection. It is rare to nd application rewalls not
combined or used in conjunction with a packet lter.[16]
Also, application rewalls further lter connections by

examining the process ID of data packets against a ruleset for the local process involved in the data transmission.
The extent of the ltering that occurs is dened by the
provided ruleset. Given the variety of software that exists, application rewalls only have more complex rulesets for the standard services, such as sharing services.
These per process rulesets have limited ecacy in ltering every possible association that may occur with other
processes. Also, these per process rulesets cannot defend against modication of the process via exploitation,
Stateless rewalls require less memory, and can be faster such as memory corruption exploits. Because of these
14.4. REFERENCES
limitations, application rewalls are beginning to be supplanted by a new generation of application rewalls that
rely on mandatory access control (MAC), also referred to
as sandboxing, to protect vulnerable services.[17]
14.2.3
Proxies
Main article: Proxy server

A proxy server (running either on dedicated hardware
or as software on a general-purpose machine) may act
as a rewall by responding to input packets (connection
requests, for example) in the manner of an application,
while blocking other packets. A proxy server is a gateway from one network to another for a specic network
application, in the sense that it functions as a proxy on
behalf of the network user.[1]
Proxies make tampering with an internal system from the
external network more dicult and misuse of one internal system would not necessarily cause a security breach
exploitable from outside the rewall (as long as the application proxy remains intact and properly congured).
Conversely, intruders may hijack a publicly reachable system and use it as a proxy for their own purposes; the
proxy then masquerades as that system to other internal
machines. While use of internal address spaces enhances
security, crackers may still employ methods such as IP
spoong to attempt to pass packets to a target network.
75
Comparison of rewalls
Computer security
Distributed rewall
Egress ltering
End-to-end connectivity
Firewall pinhole
Firewalls and Internet Security
Golden Shield Project
Guard (information security)
IP fragmentation attacks
List of Unix-like router or rewall distributions
Next-Generation Firewall
Mangled packet
Personal rewall
Screened-subnet rewall
Unidirectional network
Unied threat management
Virtual rewall
Vulnerability scanner
14.2.4
Network address translation
Main article: Network address translation

Firewalls often have network address translation (NAT)
functionality, and the hosts protected behind a rewall
commonly have addresses in the private address range,
as dened in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the
limited number of IPv4 routable addresses that could be
used or assigned to companies or individuals as well as
reduce both the amount and therefore cost of obtaining
enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network
reconnaissance.[18]
14.3 See also

Access control list
Windows Firewall
Bastion host
14.4 References
[1] Oppliger, Rolf (May 1997). Internet Security: FIREWALLS and BEYOND. Communications of the ACM
40 (5): 94. doi:10.1145/253769.253802.
[2] What is Firewall?". Retrieved 2015-02-12.
[3] Denition of Firewall, Check Point Resources
[4] Ingham, Kenneth; Forrest, Stephanie (2002). A History and Survey of Network Firewalls (PDF). Retrieved
2011-11-25.
[5] Firewalls by Dr.Talal Alkharobi
[6] RFC 1135 The Helminthiasis of the Internet
[7] Ingham, Kenneth; Forrest, Stephanie (2002). A History
and Survey of Network Firewalls (PDF). p. 4. Retrieved
2011-11-25.
[8] TCP vs. UDP By Erik Rodriguez
[9] William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin (2003). "Google Books Link". Firewalls and Internet
Security: repelling the wily hacker
[10] Aug 29, 2003 Virus may elude computer defenses by
Charles Duhigg, Washington Post
76
[11] Proceedings of National Conference on Recent Developments in Computing and Its Applications, August 1213,
2009. I.K. International Pvt. Ltd. 2009-01-01. Retrieved
2014-04-22.
[12] Conway, Richard (204). Code Hacking: A Developers
Guide to Network Security. Hingham, Massachusetts:
Charles River Media. p. 281. ISBN 1-58450-314-9.
[13] Chang, Rocky (October 2002). Defending Against
Flooding-Based Distributed Denial-of-Service Attacks:
A Tutorial. IEEE Communications Magazine 40 (10):
4243. doi:10.1109/mcom.2002.1039856.
[14] WAFFle: Fingerprinting Filter Rules of Web Application Firewalls. 2012.
[15] Firewalls. MemeBridge. Retrieved 13 June 2014.
[16] Software Firewalls: Made of Straw? Part 1 of 2.
Symantec Connect Community. 2010-06-29. Retrieved
2014-03-28.
[17] Auto Sandboxing. Comodo Inc. Retrieved 2014-08-28.
[18] Advanced Security: Firewall. Microsoft. Retrieved
2014-08-28.
14.5 External links

Internet Firewalls: Frequently Asked Questions,
compiled by Matt Curtin, Marcus Ranum and Paul
Robertson.
Firewalls Arent Just About Security - Cyberoam
Whitepaper focusing on Cloud Applications Forcing Firewalls to Enable Productivity.
Evolution of the Firewall Industry - Discusses different architectures and their dierences, how packets are processed, and provides a timeline of the evolution.
A History and Survey of Network Firewalls - provides an overview of rewalls at the various ISO levels, with references to the original papers where rst
rewall work was reported.
Software Firewalls: Made of Straw? Part 1 and
Software Firewalls: Made of Straw? Part 2 - a technical view on software rewall design and potential
weaknesses
A Firewall with Arduino(s), through emulating the
(authentic, not virtual) serial/parallel ports, etc.
CHAPTER 14. FIREWALL (COMPUTING)
Chapter 15
Grey hat
The term "grey hat" or "gray hat" in Internet slang refers
to a computer hacker or computer security expert whose
ethical standards fall somewhere between purely altruistic
and purely malicious. The term began to be used in the
late 1990s, derived from the concepts of "white hat" and
"black hat" hackers.[1] When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not divulge its existence until it has been xed,
whereas the black hat will illegally exploit it and/or tell
others how to do so. The grey hat will neither illegally
exploit it, nor tell others how to do so. [2]
L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to
protect the vast number of users of its operating system.
[9]
Finally, Mike Nash, Director of Microsofts server
group, stated that grey hat hackers are much like technical
people in the independent software industry in that they
are valuable in giving us feedback to make our products
better. [10]
A further dierence among these types of hacker lies in

their methods of discovering vulnerabilities. The white
hat generally breaks into systems and networks at the request of their employer or with explicit permission for the
purpose of determining how secure it is against hackers,
whereas the black hat will break into any system or network in order to uncover sensitive information and for
personal gain. The grey hat generally has the skills and
intent of the white hat but will break into any system or
network without permission. [3][4]
The phrase was used to describe hackers who support the

ethical reporting of vulnerabilities directly to the software
vendor in contrast to the full disclosure practices that were
prevalent in the white hat community that vulnerabilities
not be disclosed outside of their group. [2]
The phrase grey hat was used by the hacker group L0pht
in a 1999 interview with The New York Times[11] to describe their hacking activities.
In 2002, however, the Anti-Sec community published use

of the term to refer to people who work in the security industry by day, but engage in black hat activities by
night.[12] The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst
When a grey hat hacker discovers a vulnerability, instead white hats it was a term that lent a sense of popular notoof telling the vendor how the exploit works, he or she may riety.
oer to repair it for a small fee. When one successfully
gains illegal access to a system or network, he or she may Following the rise and eventual decline of the full dissuggest to the system administrator that one of his or her closure vs. anti-sec golden eraand the subsequent
friends be hired to x the problem; however, this practice growth of an ethical hacking philosophythe term grey
has been declining due to the increasing willingness of hat began to take on all sorts of diverse meanings. The
prosecution in the U.S. of Dmitry Sklyarov for activibusinesses to prosecute. [5]
ties which were legal in his home country changed the
In the search engine optimization (SEO) community, grey attitudes of many security researchers. As the Internet
hat hackers are those who manipulate web sites search became used for more critical functions, and concerns
engine rankings using improper or unethical means but about terrorism grew, the term white hat started referthat are not considered search engine spam. [6]
ring to corporate security experts who did not support full
disclosure.[13]
In 2008, the EFF dened grey hats as ethical security researchers who inadvertently or arguably violate the law
in an eort to research and improve security. They advoThe phrase grey hat was rst publicly used in the com- cate for computer oense laws that are clearer and more
[14]
puter security context when DEF CON announced the narrowly drawn.
rst scheduled Black Hat Briengs in 1996, although it
may have been used by smaller groups prior to this time.
[7] [8]
Moreover, at this conference a presentation was
given in which Midge, a key member of the hacking group
15.1 History
77
78
15.2 Examples
In April 2000, hackers known as "{}" and Hardbeat
gained unauthorized access to Apache.org.[15] They chose
to alert Apache crew of the problems rather than try to
damage the Apache.org servers.[16]
In June 2010, a group of computer experts known
as Goatse Security exposed a aw in AT&T security
which allowed the e-mail addresses of iPad users to be
revealed.[17] The group revealed the security aw to the
media soon after notifying AT&T. Since then, the FBI
opened an investigation into the incident and raided the
house of weev, the groups most prominent member.[18]
CHAPTER 15. GREY HAT

Linn & Stephen Sims (2015). Gray Hat Hacking
: The Ethical Hackers Handbook (4th ed.). New
York: McGraw-Hill Education. ISBN 978-0-07183238-0.
A E (2014). Grey Hat SEO 2014: The Most Eective
and Safest Techniques of 10 Web Developers. Secrets
to Rank High including the Fastest Penalty Recoveries. Research & Co. ASIN B00H25O8RM.
15.5 References
In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were logging where the user
visits. Apple released a statement saying that the iPad
and iPhone were only logging the towers that the phone
could access. [19] There have been numerous articles on
the matter and it has been viewed as a minor security issue. This instance would be classied as grey hat because although the experts could have used this for malicious intent, the issue was reported. [20]
[1] De, Chu (2002). White Hat? Black Hat? Grey Hat?".
ddth.com. Jelsoft Enterprises. Retrieved 2015-02-19.
In August 2013 Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of
Mark Zuckerberg, Facebooks CEO, in order to force action to correct a bug he discovered which allowed him
to post to any users page without their consent. He had
tried repeatedly to inform Facebook of this bug only to
be told by Facebook that the issue was not a bug. After
this incident, Facebook corrected this vulnerability which
could have been a powerful weapon in the hands of professional spammers. Shreateh was not compensated by
Facebooks White Hat program because he violated their
policies making this a grey hat incident. [21]
[4] Cli, A. Intrusion Systems Detection Terminology, Part

one: A-H. Symantec Connect. Symantec. Retrieved
2015-02-16.
15.3 See also

Anonymous (group)
Computer crime
Cyber warfare
Hacktivism
IT risk
Metasploit
Mischief
Penetration test
15.4 Related literature

Daniel Regalado; Shon Harris; Allen Harper; Chris
Eagle; Jonathan Ness; Branko Spasojevic; Ryan
[2] Regalado (et al.) (2015). Grey Hat Hacking: The Ethical
Hackers Handbook (4th ed.). New York: McGraw-Hill
Education. p. 18.
[3] Fuller, Johnray; Ha, John; Fox, Tammy (2003). Red Hat
Enterprise Linux 3 Security Guide. Product Documentation. Red Hat. Section (2.1.1). Retrieved 2015-02-16.
[5] Moore, Robert (2011). Cybercrime: investigating hightechnology computer crime (2nd ed.). Burlington, MA:
Anderson Publishing. p. 25.
[6] A E (2014). Grey Hat SEO 2014: The Most Eective and
Safest Techniques of 10 Web Developers. Secrets to Rank
High including the Fastest Penalty Recoveries. Research &
Co. ASIN B00H25O8RM.
[7] De, Chu (2002). White Hat? Black Hat? Grey Hat?".
ddth.com. Jelsoft Enterprises. Retrieved 2015-02-19.
[8] Def Con Communications Presents The Black Hat Briefings. blackhat.com. blackhat.com. 1996.
[9] Lange, Larry (15 July 1997). Microsoft Opens Dialogue
With NT Hackers. blackhat.com. blackhat.com. Retrieved 2015-03-31.
[10] Lange, Larry (22 September 1997). The Rise of the Underground Engineer. blackhat.com. blackhat.com. Retrieved 2015-03-31.
[11] HacK, CouNterHaCk. New York Times Magazine. 3
October 1999. Retrieved 6 January 2011.
[12] Digitalsec.net #Phrack High Council. 20 August 2002.
The greyhat-IS-whitehat List
[13] The thin gray line. CNET News. 23 September 2002.
Retrieved 6 January 2011.
[14] EFF.org Electronic Frontier Foundation (EFF). 20 August
2008. A 'Grey Hat' Guide
[15] Michelle Finley (2013-03-28).
Wired.com. Retrieved 2013-11-01.
Wired.com.
15.5. REFERENCES
[16] Textles.com. Retrieved 2013-11-01.

[17] FBI Opens Probe of iPad Breach Wall Street Journal,
Spencer Ante and Ben Worthen. 11 June 2010.
[18] Tate, Ryan (9 June 2010). Apples Worst Security
Breach: 114,000 iPad Owners Exposed. Gawker.com
(Gawker Media). Retrieved 13 June 2010.
[19] Harrison, Natalie; Kerris, Natalie (27 April 2011).
Apple Q&A on Location Data. Apple Press Info. Apple,
Inc.
[20] Is Apple Tracking You?". hackle.org. Archived from
the original on 28 April 2011.
[21] Gross, Doug (20 August 2013). Zuckerbergs Facebook
page hacked to prove security aw. cnn.com. CNN. Retrieved 2015-04-04.
79
Chapter 16
Hacker
16.3 People
Hacker may refer to:
16.3.1 Real
16.1 Technology
Francis Hacker (died 1660), fought for Parliament

during the English Civil War and was one of the
Regicides of Charles I
Hacker (term), is a term used in computing that can

describe several types of persons
Arthur Hacker (18581919), British artist
Hacker (computer security) someone who

seeks and exploits weaknesses in a computer
system or computer network
George Hacker (bishop) (born 1928), Suragan

Bishop of Penrith
Benjamin Thurman Hacker (19352003), U.S.
Naval ocer
Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment
Sally Hacker (19361988), feminist sociologist
Hacker (programmer subculture), who combines excellence, playfulness, cleverness and

exploration in performed activities
Alan Hacker (19382012), English clarinetist

Peter Hacker (born 1939), British philosopher
Marilyn Hacker (born 1942), American poet, critic,
and reviewer
16.2 Entertainment
Hackers: Heroes of the Computer Revolution, 1984
book by Stephen Levy
Arthur and Ron Hacker (20th century), brothers

who formed Dynatron Radio Ltd and Hacker Radio
Ltd
Hackers: Wizards of the Electronic Age, 1985

video documentary inspired by the book
The Hacker (Michel Amato, born 1972), French

electrocrash and tech producer
Katrina Hacker (born 1990), American gure skater
Hacker (video game), 1985 puzzle/strategy computer game by Activision

Hacker (card game), 1992 Steve Jackson Games release
16.3.2 Fictional
Hackers (anthology), a 1996 anthology of short stories edited by Jack Dann and Gardner Dozois
Hackers (lm), 1995 MGM lm starring Jonny Lee
Miller and Angelina Jolie
The Hacker, villain of the TV series Cyberchase

Jim Hacker, title character in Yes Minister and Yes
Prime Minister
Sta Sergeant Hacker, a character on the US TV series Gomer Pyle, U.S.M.C.
Hacker, a childrens novel by Malorie Blackman
Hacker, cyborg sidekick character in TV series The

Centurions
The Hacker, a song by British industrial group

Clock DVA
Hacker T. Dog, puppet character on Scoop and

CBBC links.
80
16.5. SEE ALSO
16.4 Other
Hacker Brewery, and its beer, since 1972 merged
into Hacker-Pschorr Brewery
Hacker-Craft, boats made by the Hacker Boat Company
Hacker Radio Ltd, a British manufacturer of consumer electronics products
16.5 See also

All pages with titles containing Hacker
Hack (disambiguation)
Hacking (disambiguation)
Hacks (disambiguation)
Haka (disambiguation)
Hakka (disambiguation)
81
Chapter 17

In the computer security context, a hacker is someone
who seeks and exploits weaknesses in a computer system
or computer network. Hackers may be motivated by a
multitude of reasons, such as prot, protest, challenge.
enjoyment,[1] or to evaluate those weaknesses to assist in
removing them. The subculture that has evolved around
hackers is often referred to as the computer underground
and is now a known community.[2] While other uses of
the word hacker exist that are related to computer security, such as referring to someone with an advanced understanding of computers and computer networks,[3] they
are rarely used in mainstream context. They are subject to
the longstanding hacker denition controversy about the
terms true meaning. In this controversy, the term hacker
is reclaimed by computer programmers who argue that
someone who breaks into computers, whether computer
criminal (black hats) or computer security expert (white
hats),[4] is more appropriately called a cracker instead.[5]
Some white hat hackers claim that they also deserve the
title hacker, and that only black hats should be called
crackers.
group with whom they do not agree.

Eric S. Raymond, author of The New Hackers Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see
themselves as hackers and even try to include the views
of Raymond in what they see as a wider hacker culture,
a view that Raymond has harshly rejected. Instead of a
hacker/cracker dichotomy, they emphasize a spectrum of
dierent categories, such as white hat, grey hat, black hat
and script kiddie. In contrast to Raymond, they usually
reserve the term cracker for more malicious activity.
According to Ralph D. Cliord, a cracker or cracking
is to gain unauthorized access to a computer in order
to commit another crime such as destroying information
contained in that system.[6] These subgroups may also be
dened by the legal status of their activities.[7]
17.2.1 White hat

Main article: White hat
17.1 History
Further information: Timeline of computer security
hacker history
Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement that published the Technological Assistance Program (TAP) newsletter. TAP was a phone phreaking
newsletter that taught techniques for unauthorized exploration of the telephone network. Many people from the
phreaking community are also active in the hacking community even today, and vice versa.
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while
working for a security company which makes security
software. The term white hat in Internet slang refers
to an ethical hacker. This classication also includes individuals who perform penetration tests and vulnerability
assessments within a contractual agreement. The ECCouncil,[8] also known as the International Council of
Electronic Commerce Consultants, is one of those organizations that have developed certications, courseware,
classes, and online training covering the diverse arena of
ethical hacking.[7]
17.2.2 Black hat
A black hat hacker is a hacker who violates computer

security for little reason beyond maliciousness or for personal gain (Moore, 2005).[9] Black hat hackers form the
Several subgroups of the computer underground with dif- stereotypical, illegal hacking groups often portrayed in
ferent attitudes use dierent terms to demarcate them- popular culture, and are the epitome of all that the pubselves from each other, or try to exclude some specic lic fears in a computer criminal.[10] Black hat hackers
17.2 Classications
82
17.3. ATTACKS
break into secure networks to destroy, modify, or steal
data; or to make the network unusable for those who are
authorized to use the network. Black hat hackers are also
referred to as the crackers within the security industry
and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or the manufacturer for patches to
be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained
control over a system, they may apply patches or xes to
the system only to keep their reigning control. Richard
Stallman invented the denition to express the maliciousness of a criminal hacker versus a white hat hacker who
performs hacking duties to identify places to repair.[11]
17.2.3
Grey hat
83
17.2.7 Blue hat

A blue hat hacker is someone outside computer security
consulting rms who is used to bug-test a system prior
to its launch, looking for exploits so they can be closed.
Microsoft also uses the term BlueHat to represent a series
of security brieng events.[14][15][16]
17.2.8 Hacktivist
A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.
Hacktivism can be divided into two main groups:
Cyberterrorism Activities involving website defacement or denial-of-service attacks; and,
Main article: Grey hat

A grey hat hacker lies between a black hat and a white hat
hacker. A grey hat hacker may surf the Internet and hack
into a computer system for the sole purpose of notifying
the administrator that their system has a security defect,
for example. They may then oer to correct the defect
for a fee.[10] Grey hat hackers sometimes nd the defect
of a system and publish the facts to the world instead of
a group of people. Even though grey hat hackers may
not necessarily perform hacking for their personal gain,
unauthorized access to a system can be considered illegal
and unethical.
17.2.4
Elite hacker
A social status among hackers, elite is used to describe the

most skilled. Newly discovered exploits circulate among
these hackers. Elite groups such as Masters of Deception
conferred a kind of credibility on their members.[12]
17.2.5
Script kiddie
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using
automated tools written by others (usually by other black
hat hackers), hence the term script (i.e. a prearranged
plan or set of activities) kiddie (i.e. kid, childan individual lacking knowledge and experience, immature),[13]
usually with little understanding of the underlying concept.
17.2.6
Neophyte
Freedom of information Making information that

is not public, or is public in non-machine-readable
formats, accessible to the public.
17.2.9 Nation state

Intelligence agencies and cyberwarfare operatives of nation states.[17]
17.2.10 Organized crime

Groups of hackers that carry out organized criminal activities for prot.[17]
17.3 Attacks
Main article: Computer security
A typical approach in an attack on Internet-connected
system is:
1. Network enumeration: Discovering information
about the intended target.
2. Vulnerability analysis: Identifying potential ways of
attack.
3. Exploitation: Attempting to compromise the system
by employing the vulnerabilities found through the
vulnerability analysis.[18]
A neophyte ("newbie", or noob) is someone who is new In order to do so, there are several recurring tools of the
to hacking or phreaking and has almost no knowledge or trade and techniques used by computer criminals and seexperience of the workings of technology and hacking.[10] curity experts.
84
17.3.1
CHAPTER 17. HACKER (COMPUTER SECURITY)
Security exploits
Main article: Exploit (computer security)
thereby treated as a trusted system by a user or another program usually to fool programs, systems
or users into revealing condential information, such
as user names and passwords.
A security exploit is a prepared application that takes advantage of a known weakness.[19] Common examples of Rootkit A rootkit is a program that uses low-level, hardto-detect methods to subvert control of an operating
security exploits are SQL injection, cross-site scripting
system from its legitimate operators. Rootkits usuand cross-site request forgery which abuse security holes
ally obscure their installation and attempt to prevent
that may result from substandard programming practice.
their removal through a subversion of standard sysOther exploits would be able to be used through File
tem security. They may include replacements for
Transfer Protocol (FTP), Hypertext Transfer Protocol
system binaries, making it virtually impossible for
(HTTP), PHP, SSH, Telnet and some Web pages. These
them to be detected by checking process tables.
are very common in Web site and Web domain hacking.
17.3.2
Techniques
Vulnerability scanner A vulnerability scanner is a tool

used to quickly check computers on a network for
known weaknesses. Hackers also commonly use
port scanners. These check to see which ports on
a specied computer are open or available to access the computer, and sometimes will detect what
program or service is listening on that port, and its
version number. (Firewalls defend computers from
intruders by limiting access to ports and machines,
but they can still be circumvented.)
Finding vulnerabilities Hackers may also attempt to
nd vulnerabilities manually. A common approach
is to search for possible vulnerabilities in the code
of the computer system then test them, sometimes
reverse engineering the software if the code is not
provided.
Brute-force attack Password guessing. This method is
very fast when used to check all short passwords, but
for longer passwords other methods such as the dictionary attack are used, because of the time a bruteforce search takes.
Password cracking Password cracking is the process of
recovering passwords from data that has been stored
in or transmitted by a computer system. Common
approaches include repeatedly trying guesses for the
password, trying the most common passwords by
hand, and repeatedly trying passwords from a dictionary, or a text le with many passwords.
Social engineering In the second stage of the targeting

process, hackers often use Social engineering tactics to get enough information to access the network.
They may contact the system administrator and pose
as a user who cannot get access to his or her system. This technique is portrayed in the 1995 lm
Hackers, when protagonist Dade Zero Cool Murphy calls a somewhat clueless employee in charge
of security at a television network. Posing as an
accountant working for the same company, Dade
tricks the employee into giving him the phone number of a modem so he can gain access to the companys computer system.
Hackers who use this technique must have cool
personalities, and be familiar with their targets
security practices, in order to trick the system
administrator into giving them information. In
some cases, a help-desk employee with limited
security experience will answer the phone and
be relatively easy to trick. Another approach
is for the hacker to pose as an angry supervisor, and when his/her authority is questioned,
threaten to re the help-desk worker. Social
engineering is very eective, because users are
the most vulnerable part of an organization.
No security devices or programs can keep an
organization safe if an employee reveals a password to an unauthorized person.
Social engineering can be broken down into
four sub-groups:
Packet analyzer A packet analyzer (packet snier) is

an application that captures data packets, which can
be used to capture passwords and other data in transit over the network.
Intimidation As in the angry supervisor technique above, the hacker convinces the person who answers the phone
that their job is in danger unless they help
them. At this point, many people accept
that the hacker is a supervisor and give
them the information they seek.
Spoong attack (phishing) A spoong attack involves

one program, system or website that successfully
masquerades as another by falsifying data and is
Helpfulness The opposite of intimidation, helpfulness exploits many peoples

natural instinct to help others solve problems. Rather than acting angry, the
17.4. NOTABLE INTRUDERS AND CRIMINAL HACKERS

hacker acts distressed and concerned.
The help desk is the most vulnerable to
this type of social engineering, as (a.) its
general purpose is to help people; and
(b.) it usually has the authority to change
or reset passwords, which is exactly what
the hacker wants.
Name-dropping The hacker uses names
of authorized users to convince the person who answers the phone that the
hacker is a legitimate user him or herself. Some of these names, such as those
of webpage owners or company ocers,
can easily be obtained online. Hackers
have also been known to obtain names
by examining discarded documents (socalled dumpster diving).
Technical Using technology is also a way
to get information. A hacker can send a
fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he
or she is involved in law enforcement and
needs certain data for an investigation, or
for record-keeping purposes.
Trojan horses A Trojan horse is a program that seems
to be doing one thing but is actually doing another.
It can be used to set up a back door in a computer
system, enabling the intruder to gain access later.
(The name refers to the horse from the Trojan War,
with the conceptually similar function of deceiving
defenders into bringing an intruder into a protected
area.)
Computer virus A virus is a self-replicating program
that spreads by inserting copies of itself into other
executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads
by inserting itself into living cells. While some
viruses are harmless or mere hoaxes, most are considered malicious.
Computer worm Like a virus, a worm is also a selfreplicating program. It diers from a virus in that
(a.) it propagates through computer networks without user intervention; and (b.) does not need to
attach itself to an existing program. Nonetheless,
many people use the terms virus and worm interchangeably to describe any self-propagating program.
Keystroke logging A keylogger is a tool designed to
record (log) every keystroke on an aected machine for later retrieval, usually to allow the user of
this tool to gain access to condential information
typed on the aected machine. Some keyloggers
85
use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used
for legitimate purposes, even to enhance computer
security. For example, a business may maintain a
keylogger on a computer used at a point of sale to
detect evidence of employee fraud.
Tools and Procedures
A thorough examination of hacker tools and
procedures may be found in Cengage Learnings E|CSA certication workbook.[20]
17.4 Notable intruders and criminal hackers

Main article: List of computer criminals
17.5 Notable security hackers

Main article: List of hackers
Jacob Appelbaum is an advocate, security researcher, and developer for the Tor project. He
speaks internationally for usage of Tor by human
rights groups and others concerned about Internet
anonymity and censorship.
Rakshit Tandon is an prominent cyber security researcher from India with primary focus on combating online abuse of women and children.
Eric Corley (also known as Emmanuel Goldstein)
is the longstanding publisher of 2600: The Hacker
Quarterly. He is also the founder of the Hackers on
Planet Earth (HOPE) conferences. He has been part
of the hacker community since the late 1970s.
Ed Cummings (also known as Bernie S) is a longstanding writer for 2600: The Hacker Quarterly. In
1995, he was arrested and charged with possession
of technology that could be used for fraudulent purposes, and set legal precedents after being denied
both a bail hearing and a speedy trial.
Dan Kaminsky is a DNS expert who exposed multiple aws in the protocol and investigated Sonys
rootkit security issues in 2005. He has spoken in
front of the United States Senate on technology issues.
Andrew Auernheimer, sentenced to 3 years in
prison, is a grey hat hacker whose security group
Goatse Security exposed a aw in AT&Ts iPad security.
86
Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many
network security books and web sites. He is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
Gary McKinnon is a Scottish hacker facing
extradition to the United States to face criminal
charges. Many people in the UK have called on the
authorities to be lenient with McKinnon, who suffers from Asperger syndrome.[21]
Kevin Mitnick is a computer security consultant and
author, formerly the most wanted computer criminal
in United States history.[22]
DEF CON, HoHoCon (Christmas), ShmooCon (February), BlackHat, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE. Local Hackfest groups
organize and compete to develop their skills to send a
team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker
groups became popular in the early 1980s, providing access to hacking information and resources and a place
to learn from other members. Computer bulletin board
systems (BBSs), such as the Utopias, provided platforms
for information-sharing via dial-up modem. Hackers
could also gain credibility by being aliated with elite
groups.[24]
17.7 Consequences for malicious

hacking
Rafael Nez, a.k.a. RaFa, was a notorious hacker

who was sought by the Federal Bureau of Investigation in 2001. He has since become a respected computer security consultant and an advocate of chil- 17.7.1
drens online safety.
Meredith L. Patterson is a well-known technologist
and biohacker who has presented research with Dan
Kaminsky and Len Sassaman at many international
security and hacker conferences.
Len Sassaman was a Belgian computer programmer
and technologist who was also a privacy advocate.
India
17.7.2 Netherlands
Article 138ab of Wetboek van Strafrecht prohibits
computervredebreuk, which is dened as intruding
an automated work or a part thereof with intention
and against the law. Intrusion is dened as access by
means of:
Solar Designer is the pseudonym of the founder of

the Openwall Project.
Defeating security measures
Micha Zalewski (lcamtuf) is a prominent security

researcher.
By false signals or a false cryptographic key
17.6 Customs
The computer underground[1] has produced its own specialized slang, such as 1337speak. Its members often
advocate freedom of information, strongly opposing the
principles of copyright, as well as the rights of free speech
and privacy. Writing software and performing other activities to support these views is referred to as hacktivism.
Some consider illegal cracking ethically justied for these
goals; a common form is website defacement. The computer underground is frequently compared to the Wild
West.[23] It is common for hackers to use aliases to conceal their identities.
17.6.1
Hacker groups and conventions
Main articles: Hacker conference and Hacker group

The computer underground is supported by regular realworld gatherings called hacker conventions or hacker
cons. These events include SummerCon (Summer),
By technical means
By the use of stolen usernames and passwords.
Maximum imprisonment is one year or a ne of the fourth
category.[25]
17.7.3 United States

18 U.S.C. 1030, more commonly known as the
Computer Fraud and Abuse Act, prohibits unauthorized
access or damage of protected computers. Protected
computers are dened in 18 U.S.C. 1030(e)(2) as:
A computer exclusively for the use of a nancial
institution or the United States Government, or, in
the case of a computer not exclusively for such use,
used by or for a nancial institution or the United
States Government and the conduct constituting the
oense aects that use by or for the nancial institution or the Government.
A computer which is used in or aecting interstate
or foreign commerce or communication, including
a computer located outside the United States that is
used in a manner that aects interstate or foreign
commerce or communication of the United States;
17.8. HACKING AND THE MEDIA
87
The maximum imprisonment or ne for violations of the Films

Computer Fraud and Abuse Act depends on the severity of
Antitrust
the violation and the oenders history of violations under
the Act.
Cypher
Eagle Eye
17.8 Hacking and the media

17.8.1
Hacker magazines
Main category: Hacker magazines

The most notable hacker-oriented print publications are
Phrack, Hakin9 and 2600: The Hacker Quarterly. While
the information contained in hacker magazines and ezines
was often outdated by the time they were published, they
enhanced their contributors reputations by documenting
their successes.[24]
17.8.2
Hackers in ction
See also: List of ctional hackers

Hackers often show an interest in ctional cyberpunk
and cyberculture literature and movies. The adoption of
ctional pseudonyms,[26] symbols, values and metaphors
from these works is very common.[27]
Enemy of the State

Firewall
Girl With The Dragon Tattoo
Hackers
Live Free or Die Hard
The Matrix series
The Net
The Net 2.0
Pirates of Silicon Valley
Skyfall
Sneakers
Swordsh
Take Down
Tron
Tron: Legacy
Untraceable
Books
The cyberpunk novels of William Gibson
especially the Sprawl trilogyare very popular
with hackers.[28]
Helba from the .hack manga and anime series
WarGames
Weird Science
The Fifth Estate
Who Am I No System Is Safe (lm)
Merlin of Amber, the protagonist of the second se17.8.3 Non-ction books

ries in The Chronicles of Amber by Roger Zelazny, is
a young immortal hacker-mage prince who has the
The Art of Deception by Kevin Mitnick
ability to traverse shadow dimensions.
The Art of Intrusion by Kevin Mitnick
Lisbeth Salander in The Girl with the Dragon Tattoo
The Cuckoos Egg by Cliord Stoll
by Stieg Larsson
Alice from Heavens Memo Pad
Enders Game by Orson Scott Card
Evil Genius by Catherine Jinks
Hackers (anthology) by Jack Dann and Gardner Dozois
Little Brother by Cory Doctorow
Ghost in the Wires: My Adventures as the Worlds

Most Wanted Hacker by Kevin Mitnick
The Hacker Crackdown by Bruce Sterling
The Hackers Handbook by Hugo Cornwall (Peter
Sommer)
Hacking: The Art of Exploitation Second Edition by
Jon Erickson
Neuromancer by William Gibson
Out of the Inner Circle by Bill Landreth and Howard

Rheingold
Snow Crash by Neal Stephenson
Underground by Suelette Dreyfus
88
17.9 See also

Computer crime
Cracking of wireless networks
Cyber spying
Cyber Storm Exercise
Hack value
Hacker (programmer subculture)
Hacker Manifesto
Hacker (term)
IT risk
Mathematical beauty
Metasploit Project
Penetration test
Technology assessment
Vulnerability (computing)
17.10 References
[1] Sterling, Bruce (1993). Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN
1-4043-0641-2.
[2] Blomquist, Brian (May 29, 1999). FBIs Web Site
Socked as Hackers Target Feds. New York Post.
[3] The Hackers Dictionary. Retrieved 23 May 2013.
[4] Political notes from 2012: SeptemberDecember. stallman.org
[5] Raymond, Eric S. Jargon File: Cracker. Coined ca.
1985 by hackers in defense against journalistic misuse of
hacker
[6] Cliord, D. (2011). Cybercrime: The Investigation,
Prosecution and Defense of a Computer-Related Crime.
Durham, North Carolina: Carolina Academic Press.
ISBN 1594608539.
[7] Wilhelm, Douglas (2010). 2. Professional Penetration
Testing. Syngress Press. p. 503. ISBN 978-1-59749-4250.
[8] EC-Council. eccouncil.org
[11] O'Brien, Marakas, James, George (2011). Management

Information Systems. New York, NY: McGraw-Hill/ Irwin. pp. 536537. ISBN 978-0-07-752217-9.
[12] Thomas, Douglas (2002). Hacker Culture. University of
Minnesota Press. ISBN 978-0-8166-3346-3.
[13] Andress, Mandy; Cox, Phil; Tittel, Ed (2001). CIW Security Professional. New York, NY: Wiley. p. 638. ISBN
0-7645-4822-0.
[14] Blue hat hacker Denition. PC Magazine Encyclopedia.
Retrieved May 31, 2010. A security professional invited
by Microsoft to nd vulnerabilities in Windows.
[15] Fried, Ina (June 15, 2005). Blue Hat summit meant to
reveal ways of the other side. Microsoft meets the hackers.
CNET News. Retrieved May 31, 2010.
[16] Marko, John (October 17, 2005). At Microsoft, Interlopers Sound O on Security. The New York Times.
Retrieved May 31, 2010.
[17] Chabrow, Eric (February 25, 2012). 7 Levels of Hackers: Applying An Ancient Chinese Lesson: Know Your
Enemies. GovInfo Security. Retrieved February 27,
2012.
[18] Gupta, Ajay; Klavinsky, Thomas and Laliberte, Scott
(March 15, 2002) Security Through Penetration Testing:
Internet Penetration. informit.com
[19] Rodriguez, Chris; Martinez, Richard. The Growing
Hacking Threat to Websites: An Ongoing Commitment
to Web Application Security (PDF). Frost & Sullivan.
Retrieved 13 August 2013.
[20] Press, EC-Council (2011). Penetration Testing: Procedures & Methodologies. Clifton, NY: CENGAGE Learning. ISBN 1435483677.
[21] Gary McKinnon extradition ruling due by 16 October.
BBC News. September 6, 2012. Retrieved September 25,
2012.
[22] Kevin Mitnick sentenced to nearly four years in prison;
computer hacker ordered to pay restitution ... (Press release). United States Attorneys Oce, Central District
of California. August 9, 1999. Retrieved April 10, 2010.
[23] Jordan, Tim and Taylor, Paul A. (2004). Hacktivism and
Cyberwars. Routledge. pp. 133134. ISBN 978-0-41526003-9. Wild West imagery has permeated discussions
of cybercultures.
Minnesota Press. p. 90. ISBN 978-0-8166-3346-3.
[25] Artikel 138ab. Wetboek van Strafrecht, December 27,
2012
[9] Moore, Robert (2005). Cybercrime: Investigating High

Technology Computer Crime. Matthew Bender & Company. p. 258. ISBN 1-59345-303-5.Robert Moore
[26] Swabey, Pete (27 February 2013). Data leaked by

Anonymous appears to reveal Bank of Americas hacker
proling operation. Information Age. Retrieved 21
February 2014.
[10] Moore, Robert (2006). Cybercrime: Investigating HighTechnology Computer Crime (1st ed.). Cincinnati, Ohio:
Anderson Publishing. ISBN 978-1-59345-303-9.
[27] Hackers and Viruses: Questions and Answers. Scienzagiovane. University of Bologna. 12 November 2012.
Retrieved 21 February 2014.
[28] Staples, Brent (May 11, 2003). A Prince of Cyberpunk Fiction Moves Into the Mainstream. The New York
Times. Mr. Gibsons novels and short stories are worshiped by hackers

Apro, Bill; Hammond, Graeme (2005). Hackers:
The Hunt for Australias Most Infamous Computer
Cracker. Rowville, Vic: Five Mile Press. ISBN 174124-722-5.
Beaver, Kevin (2010). Hacking for Dummies.
Hoboken, NJ: Wiley Pub. ISBN 978-0-7645-57842.
Conway, Richard; Cordingley, Julian (2004). Code
Hacking: A Developers Guide to Network Security.
Hingham, Mass: Charles River Media. ISBN 9781-58450-314-9.
Freeman, David H.; Mann, Charles C. (1997). At
Large: The Strange Case of the Worlds Biggest Internet Invasion. New York: Simon & Schuster. ISBN
0-684-82464-7.
Granville, Johanna (Winter 2003). Dot.Con: The
Dangers of Cyber Crime and a Call for Proactive Solutions. Australian Journal of Politics
and History 49 (1): 102109. doi:10.1111/14678497.00284. Retrieved 20 February 2014.
Gregg, Michael (2006). Certed Ethical Hacker. Indianapolis, Ind: Que Certication. ISBN 978-07897-3531-7.
Hafner, Katie; Marko, John (1991). Cyberpunk:
Outlaws and Hackers on the Computer Frontier. New
York: Simon & Schuster. ISBN 0-671-68322-5.
Harper, Allen; Harris, Shon; Ness, Jonathan (2011).
Gray Hat Hacking: The Ethical Hackers Handbook
(3rd ed.). New York: McGraw-Hill. ISBN 978-007-174255-9.
McClure, Stuart; Scambray, Joel; Kurtz, George
(1999). Hacking Exposed: Network Security Secrets
and Solutions. Berkeley, Calif: Mcgraw-Hill. ISBN
0-07-212127-0.
Russell, Ryan (2004). Stealing the Network: How to
Own a Continent. Rockland, Mass: Syngress Media.
ISBN 978-1-931836-05-0.
Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. London: Routledge. ISBN 978-0-41518072-6.
89
17.12 External links

CNN Tech PCWorld Sta (November 2001).
Timeline: A 40-year history of hacking from 1960
to 2001
Can Hackers Be Heroes? Video produced by O
Book (web series)
Chapter 18
Hacker (term)
Hacker is a term that is used to mean a variety of dierent
things in computing. Depending on the context, the term
can refer to a person in any one of several distinct (but
not completely disjoint) communities and subcultures:[1]
and the computer security hackers accept all uses of the

word, people from the programmer subculture consider
the computer intrusion related usage incorrect, and emphasize the dierence between the two by calling security
breakers crackers (analogous to a safecracker).
<span id="Hacker hats"">People committed to circumvention of computer security. This primarily

concerns unauthorized remote computer break-ins 18.1 Hacker denition controversy
via communication networks such as the Internet
(Black hats), but also includes those who debug or
Currently, "hacker" is used in two main conicting ways
x security problems (White hats), and the morally
ambiguous Grey hats. See Hacker (computer secu1. as someone who is able to subvert computer security;
rity).
if doing so for malicious purposes, the person can
A community of enthusiast computer programalso be called a cracker.
mers and systems designers, originated in the 1960s
2. an adherent of the technology and programming
around the Massachusetts Institute of Technology's
subculture.
(MITs) Tech Model Railroad Club (TMRC) and
[2]
MIT Articial Intelligence Laboratory. This community is notable for launching the free software The controversy is usually based on the assumption that
movement. The World Wide Web and Internet are the term originally meant someone messing about with
hacker artifacts.[3] The Request for Comments RFC something in a positive sense, that is, using playful clev1392 amplies this meaning as "[a] person who de- erness to achieve a goal. But then, it is supposed, the
lights in having an intimate understanding of the in- meaning of the term shifted over the decades since it rst
ternal workings of a system, computers and com- came into use in a computer context and came to refer to
puter networks in particular. See Hacker (program- computer criminals.
mer subculture).
As usage has spread more widely, the primary misunder The hobbyist home computing community, focus- standing of newer users conicts with the original primary
ing on hardware in the late 1970s (e.g. the emphasis. In popular usage and in the media, computer
Homebrew Computer Club)[4] and on software intruders or criminals is the exclusive meaning today,
(video games,[5] software cracking, the demoscene) with associated pejorative connotations. (For example,
in the 1980s/1990s. The community included Steve An Internet 'hacker' broke through state government seWozniak, Bill Gates and Paul Allen and created the curity systems in March.) In the computing community,
personal computing industry.[6] See Hacker (hobby- the primary meaning is a complimentary description for
a particularly brilliant programmer or technical expert.
ist).
(For example, "Linus Torvalds, the creator of Linux, is
Today, mainstream usage of hacker mostly refers to considered by some to be a hacker.) A large segment of
computer criminals, due to the mass media usage of the the technical community insist the latter is the correct
word since the 1980s. This includes what hacker slang usage of the word (see the Jargon File denition below).
calls "script kiddies, people breaking into computers using programs written by others, with very little knowledge
about the way they work. This usage has become so predominant that the general public is unaware that dierent
meanings exist. While the self-designation of hobbyists
as hackers is acknowledged by all three kinds of hackers,
The mainstream media's current usage of the term may

be traced back to the early 1980s. When the term was
introduced to wider society by the mainstream media in
1983, even those in the computer community referred to
computer intrusion as hacking, although not as the exclusive use of that word. In reaction to the increasing
90
18.2. COMPUTER SECURITY HACKERS

media use of the term exclusively with the criminal connotation, the computer community began to dierentiate
their terminology. Alternative terms such as "cracker"
were coined in an eort to distinguish between those adhering to the historical use of the term "hack" within the
programmer community and those performing computer
break-ins. Further terms such as "black hat", "white hat"
and "gray hat" developed when laws against breaking into
computers came into eect, to distinguish criminal activities and those activities which were legal.
91
machine in a love-hate relationship... They're kids who
tended to be brilliant but not very interested in conventional goals[...] Its a term of derision and also the ultimate compliment.[9]
Fred Shapiro thinks that the common theory that 'hacker'

originally was a benign term and the malicious connotations of the word were a later perversion is untrue. He
found out that the malicious connotations were present at
MIT in 1963 already (quoting The Tech, an MIT student
newspaper) and then referred to unauthorized users of the
However, since network news use of the term pertained telephone network,[10][11] that is, the phreaker movement
primarily to the criminal activities despite this attempt that developed into the computer security hacker subculby the technical community to preserve and distinguish ture of today.
the original meaning, the mainstream media and general
public continue to describe computer criminals with all
levels of technical sophistication as hackers and do not 18.2 Computer security hackers
generally make use of the word in any of its non-criminal
connotations. Members of the media sometimes seem
unaware of the distinction, grouping legitimate hackers Main article: Hacker (computer security)
such as Linus Torvalds and Steve Wozniak along with In computer security, a hacker is someone who focuses
criminal crackers.[7]
As a result of this dierence, the denition is the subject of heated controversy. The wider dominance of the
pejorative connotation is resented by many who object
to the term being taken from their cultural jargon and
used negatively,[8] including those who have historically
preferred to self-identify as hackers. Many advocate using the more recent and nuanced alternate terms when
describing criminals and others who negatively take advantage of security aws in software and hardware. Others prefer to follow common popular usage, arguing that
the positive form is confusing and unlikely to become
widespread in the general public. A minority still use the
term in both original senses despite the controversy, leaving context to clarify (or leave ambiguous) which meaning Bruce Sterling, author of The Hacker Crackdown
is intended.
However, the positive denition of hacker was widely
used as the predominant form for many years before the
negative denition was popularized. Hacker can therefore be seen as a shibboleth, identifying those who use the
technically oriented sense (as opposed to the exclusively
intrusion-oriented sense) as members of the computing
community.
on security mechanisms of computer and network systems. While including those who endeavor to strengthen
such mechanisms, it is more often used by the mass media
and popular culture to refer to those who seek access despite these security measures. That is, the media portrays
the 'hacker' as a villain. Nevertheless, parts of the subculture see their aim in correcting security problems and
use the word in a positive sense. White hat is the name
given to ethical computer hackers, who utilize hacking in
a helpful way. White hats are becoming a necessary part
of the information security eld.[12] They operate under a
code, which acknowledges that breaking into other peoples computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is
still an interesting activity that can be done ethically and
legally. Accordingly, the term bears strong connotations
that are favorable or pejorative, depending on the context.
A possible middle ground position has been suggested,

based on the observation that hacking describes a collection of skills which are used by hackers of both descriptions for diering reasons. The analogy is made
to locksmithing, specically picking locks, whichaside
from its being a skill with a fairly high tropism to 'classic' hackingis a skill which can be used for good or
evil. The primary weakness of this analogy is the inclusion of script kiddies in the popular usage of hacker,
despite the lack of an underlying skill and knowledge
base. Sometimes, hacker also is simply used synony- The subculture around such hackers is termed network
mous to geek: A true hacker is not a group person. hacker subculture, hacker scene or computer underHes a person who loves to stay up all night, he and the ground. It initially developed in the context of phreaking
during the 1960s and the microcomputer BBS scene of
92
the 1980s. It is implicated with 2600: The Hacker Quarterly and the alt.2600 newsgroup.
In 1980, an article in the August issue of Psychology
Today (with commentary by Philip Zimbardo) used the
term hacker in its title: The Hacker Papers. It was
an excerpt from a Stanford Bulletin Board discussion
on the addictive nature of computer use. In the 1982
lm Tron, Kevin Flynn (Je Bridges) describes his intentions to break into ENCOMs computer system, saying I've been doing a little hacking here. CLU is the
software he uses for this. By 1983, hacking in the sense
of breaking computer security had already been in use
as computer jargon,[13] but there was no public awareness about such activities.[14] However, the release of the
lm WarGames that year, featuring a computer intrusion
into NORAD, raised the public belief that computer security hackers (especially teenagers) could be a threat to
national security. This concern became real when, in the
same year, a gang of teenage hackers in Milwaukee, Wisconsin, known as The 414s, broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, SloanKettering Cancer Center and Security Pacic Bank.[15]
The case quickly grew media attention,[15][16] and 17year-old Neal Patrick emerged as the spokesman for the
gang, including a cover story in Newsweek entitled Beware: Hackers at play, with Patricks photograph on the
cover.[17] The Newsweek article appears to be the rst use
of the word hacker by the mainstream media in the pejorative sense.
Pressured by media coverage, congressman Dan Glickman called for an investigation and began work on new
laws against computer hacking.[18][19] Neal Patrick testied before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and
six bills concerning computer crime were introduced in
the House that year.[19] As a result of these laws against
computer criminality, white hat, grey hat and black hat
hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral
conicts are expressed in The Mentor's "The Hacker
Manifesto", published 1986 in Phrack.
Use of the term hacker meaning computer criminal was
also advanced by the title Stalking the Wily Hacker,
an article by Cliord Stoll in the May 1988 issue of the
Communications of the ACM. Later that year, the release
by Robert Tappan Morris, Jr. of the so-called Morris
worm provoked the popular media to spread this usage.
The popularity of Stolls book The Cuckoos Egg, published one year later, further entrenched the term in the
publics consciousness.
CHAPTER 18. HACKER (TERM)
18.3 Programmer subculture of

hackers
Main article: Hacker (programmer subculture)
In the programmer subculture of hackers, a hacker is a
person who follows a spirit of playful cleverness and loves
programming. It is found in an originally academic movement unrelated to computer security and most visibly associated with free software and open source. It also has a
hacker ethic, based on the idea that writing software and
sharing the result on a voluntary basis is a good idea, and
that information should be free, but that its not up to the
hacker to make it free by breaking into private computer
systems. This hacker ethic was publicized and perhaps
originated in Steven Levy's Hackers: Heroes of the Computer Revolution (1984). It contains a codication of its
principles.
The programmer subculture of hackers disassociates
from the mass medias pejorative use of the word 'hacker'
referring to computer security, and usually prefer the
term 'cracker' for that meaning. Complaints about supposed mainstream misuse started as early as 1983, when
media used hacker to refer to the computer criminals
involved in the 414s case.[20]
In the programmer subculture of hackers, a computer
hacker is a person who enjoys designing software and
building programs with a sense for aesthetics and playful
cleverness. The term hack in this sense can be traced back
to describe the elaborate college pranks that...students
would regularly devise (Levy, 1984 p. 10). To be considered a 'hack' was an honor among like-minded peers as
to qualify as a hack, the feat must be imbued with innovation, style and technical virtuosity (Levy, 1984 p. 10)
The MIT Tech Model Railroad Club Dictionary dened
hack in 1959 (not yet in a computer context) as 1) an article or project without constructive end; 2) a project undertaken on bad self-advice; 3) an entropy booster; 4) to
produce, or attempt to produce, a hack(3)", and hacker
was dened as one who hacks, or makes them. Much
of TMRCs jargon was later imported into early computing culture, because the club started using a DEC PDP-1
and applied its local model railroad slang in this computing context. Initially incomprehensible to outsiders, the
slang also became popular in MITs computing environments beyond the club. Other examples of jargon imported from the club are 'losing' {"when a piece of equipment is not working)[21] and 'munged' (when a piece of
equipment is ruined).[21]
According to Eric S. Raymond,[22] the Open Source
and Free Software hacker subculture developed in the
1960s among 'academic hackers[23] working on early
minicomputers in computer science environments in the
United States.
Hackers were inuenced by and absorbed many ideas of
18.3. PROGRAMMER SUBCULTURE OF HACKERS
93
from the everyday English sense to cut or shape by or as
if by crude or ruthless strokes [Merriam-Webster] and is
even used among users of the positive sense of hacker
who produces cool or neat hacks. In other words to
hack at an original creation, as if with an axe, is to forcet it into being usable for a task not intended by the original creator, and a hacker would be someone who does
this habitually. (The original creator and the hacker may
be the same person.) This usage is common in both programming, engineering and building. In programming,
hacking in this sense appears to be tolerated and seen as
a necessary compromise in many situations. Some argue
that it should not be, due to this negative meaning; others argue that some kludges can, for all their ugliness and
imperfection, still have hack value.
A Hacker Emblem proposed by Eric S. Raymond.
key technological developments and the people associated

with them. Most notable is the technical culture of the
pioneers of the Arpanet, starting in 1969. The PDP-10
machine AI at MIT, which was running the ITS operating
system and which was connected to the Arpanet, provided
an early hacker meeting point. After 1980 the subculture
coalesced with the culture of Unix. Since the mid-1990s,
it has been largely coincident with what is now called the
free software and open source movement.
Many programmers have been labeled great
hackers,[24] but the specics of who that label applies
to is a matter of opinion. Certainly major contributors
to computer science such as Edsger Dijkstra and Donald
Knuth, as well as the inventors of popular software such
as Linus Torvalds (Linux), and Dennis Ritchie and Ken
Thompson (the C programming language) are likely to
be included in any such list; see also List of programmers. People primarily known for their contributions
to the consciousness of the programmer subculture of
hackers include Richard Stallman, the founder of the
free software movement and the GNU project, president
of the Free Software Foundation and author of the
famous Emacs text editor as well as the GNU Compiler
Collection (GCC), and Eric S. Raymond, one of the
founders of the Open Source Initiative and writer of the
famous text The Cathedral and the Bazaar and many
other essays, maintainer of the Jargon File (which was
previously maintained by Guy L. Steele, Jr.).
Within the computer programmer subculture of hackers, the term hacker is also used for a programmer who
reaches a goal by employing a series of modications to
extend existing code or resources. In this sense, it can
have a negative connotation of using inelegant kludges to
accomplish programming tasks that are quick, but ugly,
inelegant, dicult to extend, hard to maintain and inefcient. This derogatory form of the noun "hack" derives
In non-software engineering, the culture is less tolerant of

unmaintainable solutions, even when intended to be temporary, and describing someone as a hacker might imply that they lack professionalism. In this sense, the term
has no real positive connotations, except for the idea that
the hacker is capable of doing modications that allow a
system to work in the short term, and so has some sort
of marketable skills. However, there is always the understanding that a more skillful or technical logician could
have produced successful modications that would not
be considered a hack-job. The denition is similar to
other, non-computer based uses of the term hack-job.
For instance, a professional modication of a production
sports car into a racing machine would not be considered
a hack-job, but a cobbled together backyard mechanics
result could be. Even though the outcome of a race of the
two machines could not be assumed, a quick inspection
would instantly reveal the dierence in the level of professionalism of the designers. The adjective associated
with hacker is hackish (see the Jargon le).
In a very universal sense, hacker also means someone who
makes things work beyond perceived limits in a clever
way in general, without necessarily referring to computers, especially at MIT.[3] That is, people who apply
the creative attitude of software hackers in elds other
than computing. This includes even activities that predate computer hacking, for example reality hackers or
urban spelunkers (exploring undocumented or unauthorized areas in buildings). One specic example is clever
pranks[25] traditionally perpetrated by MIT students, with
the perpetrator being called hacker. For example, when
MIT students surreptitiously put a fake police car atop
the dome on MITs Building 10,[26] that was a hack in
this sense, and the students involved were therefore hackers. Another type of hacker is now called a reality
hacker. More recent examples of usage for almost any
type of playful cleverness are wetware hackers (hack
your brain), media hackers and hack your reputation.
In a similar vein, a hack may refer to a math hack, that
is, a clever solution to a mathematical problem. The GNU
General Public License has been described as a copyright
hack because it cleverly uses the copyright laws for a pur-
94
pose the lawmakers did not foresee. All of these uses now producing the strange, dis-harmonic digital tones that bealso have spread beyond MIT as well.
came part of the techno music style. Companies take
dierent attitudes towards such practices, ranging from
open acceptance (such as Texas Instruments for its graphing calculators and Lego for its Lego Mindstorms robotics
18.4 Home computer hackers
gear) to outright hostility (such as Microsoft's attempts to
lock out Xbox hackers or the DRM routines on Blu-ray
Main article: Hacker (hobbyist)
Disc players designed to sabotage compromised players.)
In yet another context, a hacker is a computer hobbyist
who pushes the limits of software or hardware. The home
computer hacking subculture relates to the hobbyist home
computing of the late 1970s, beginning with the availability of MITS Altair. An inuential organization was the
Homebrew Computer Club. However, its roots go back
further to amateur radio enthusiasts. The amateur radio
slang referred to creatively tinkering to improve performance as hacking already in the 1950s.[27]
A large overlaps between hobbyist hackers and the programmer subculture hackers existed during the Homebrew Clubs days, but the interests and values of both
communities somewhat diverged. Today, the hobbyists focus on commercial computer and video games,
software cracking and exceptional computer programming (demo scene). Also of interest to some members
of this group is the modication of computer hardware
and other electronic devices, see modding.
A DIY musician probes the circuit board of a synthesizer for

bends using a jewelers screwdriver and alligator clips
Electronics hobbyists working on machines other than

computers also fall into this category. This includes people who do simple modications to graphing calculators,
video game consoles, electronic musical keyboards or
other device (see CueCat for a notorious example) to expose or add functionality to a device that was unintended
for use by end users by the company who created it.
A number of techno musicians have modied 1980s-era
Casio SK-1 sampling keyboards to create unusual sounds
by doing circuit bending: connecting wires to dierent
leads of the integrated circuit chips. The results of these
DIY experiments range from opening up previously inaccessible features that were part of the chip design to
In this context, a hack refers to a program that (sometimes illegally) modies another program, often a video
game, giving the user access to features otherwise inaccessible to them. As an example of this use, for Palm
OS users (until the 4th iteration of this operating system), a hack refers to an extension of the operating system which provides additional functionality. Term also
refers to those people who cheat on video games using
special software. This can also refer to the jailbreaking
of iPhones.
18.5 Overlaps and dierences

The main basic dierence between programmer subculture and computer security hackers is their mostly separate historical origin and development. However, the
Jargon File reports that considerable overlap existed for
the early phreaking at the beginning of the 1970s. An
article from MITs student paper The Tech used the term
hacker in this context already in 1963 in its pejorative
meaning for someone messing with the phone system.[10]
The overlap quickly started to break when people joined
in the activity who did it in a less responsible way.[28] This
was the case after the publication of an article exposing
the activities of Draper and Engressia.
According to Raymond, hackers from the programmer
subculture usually work openly and use their real name,
while computer security hackers prefer secretive groups
and identity-concealing aliases.[29] Also, their activities
in practice are largely distinct. The former focus on creating new and improving existing infrastructure (especially the software environment they work with), while
the latter primarily and strongly emphasize the general
act of circumvention of security measures, with the effective use of the knowledge (which can be to report and
help xing the security bugs, or exploitation for criminal
purpose) being only rather secondary. The most visible
dierence in these views was in the design of the MIT
hackers Incompatible Timesharing System, which deliberately did not have any security measures.
There are some subtle overlaps, however, since basic knowledge about computer security is also common
within the programmer subculture of hackers. For example, Ken Thompson noted during his 1983 Turing Award
lecture that it is possible to add code to the UNIX login command that would accept either the intended encrypted password or a particular known password, allow-
18.6. FILMOGRAPHY
ing a back door into the system with the latter password.
He named his invention the "Trojan horse". Furthermore,
Thompson argued, the C compiler itself could be modied to automatically generate the rogue code, to make detecting the modication even harder. Because the compiler is itself a program generated from a compiler, the
Trojan horse could also be automatically installed in a
new compiler program, without any detectable modication to the source of the new compiler. However, Thompson disassociated himself strictly from the computer security hackers: I would like to criticize the press in its
handling of the 'hackers,' the 414 gang, the Dalton gang,
etc. The acts performed by these kids are vandalism at
best and probably trespass and theft at worst. ... I have
watched kids testifying before Congress. It is clear that
they are completely unaware of the seriousness of their
acts.[30]
The programmer subculture of hackers sees secondary
circumvention of security mechanisms as legitimate if it
is done to get practical barriers out of the way for doing
actual work. In special forms, that can even be an expression of playful cleverness.[31] However, the systematic and primary engagement in such activities is not one
of the actual interests of the programmer subculture of
hackers and it does not have signicance in its actual
activities, either.[29] A further dierence is that, historically, members of the programmer subculture of hackers were working at academic institutions and used the
computing environment there. In contrast, the prototypical computer security hacker had access exclusively to a
home computer and a modem. However since the mid1990s, with home computers that could run Unix-like operating systems and with inexpensive internet home access being available for the rst time, many people from
outside of the academic world started to take part in the
programmer subculture of hacking.
Since the mid-1980s, there are some overlaps in ideas
and members with the computer security hacking community. The most prominent case is Robert T. Morris, who was a user of MIT-AI, yet wrote the Morris
worm. The Jargon File hence calls him a true hacker
who blundered.[32] Nevertheless, members of the programmer subculture have a tendency to look down on and
disassociate from these overlaps. They commonly refer
disparagingly to people in the computer security subculture as crackers, and refuse to accept any denition of
hacker that encompasses such activities. The computer
security hacking subculture on the other hand tends not
to distinguish between the two subcultures as harshly, instead acknowledging that they have much in common including many members, political and social goals, and a
love of learning about technology. They restrict the use
of the term cracker to their categories of script kiddies
and black hat hackers instead.
All three subcultures have relations to hardware modications. In the early days of network hacking, phreaks
were building blue boxes and various variants. The pro-
95
grammer subculture of hackers has stories about several hardware hacks in its folklore, such as a mysterious
'magic' switch attached to a PDP-10 computer in MITs
AI lab, that, when turned o, crashed the computer.[33]
The early hobbyist hackers built their home computers
themselves, from construction kits. However, all these
activities have died out during the 1980s, when the phone
network switched to digitally controlled switchboards,
causing network hacking to shift to dialing remote computers with modems, when pre-assembled inexpensive
home computers were available, and when academic institutions started to give individual mass-produced workstation computers to scientists instead of using a central
timesharing system. The only kind of widespread hardware modication nowadays is case modding.
An encounter of the programmer and the computer security hacker subculture occurred at the end of the 1980s,
when a group of computer security hackers, sympathizing with the Chaos Computer Club (who disclaimed any
knowledge in these activities), broke into computers of
American military organizations and academic institutions. They sold data from these machines to the Soviet
secret service, one of them in order to fund his drug addiction. The case could be solved when Cliord Stoll, a
scientist working as a system administrator, found ways
to log the attacks and to trace them back (with the help of
many others). 23, a German lm adaption with ctional
elements, shows the events from the attackers perspective. Stoll described the case in his book The Cuckoos
Egg and in the TV documentary The KGB, the Computer,
and Me from the other perspective. According to Eric
S. Raymond, it nicely illustrates the dierence between
'hacker' and 'cracker'. Stolls portrait of himself, his lady
Martha, and his friends at Berkeley and on the Internet
paints a marvelously vivid picture of how hackers and the
people around them like to live and how they think.[34]
18.6 Filmography
WarGames (1983)
Sneakers (1992)
The Net (1995)
Hackers (1995)
Pirates of Silicon Valley (1999)
Track Down (2000)
Swordsh (2001)
Antitrust (2001)
The Social Network (2010)
Blackhat (2015)
96
18.7 See also

Computer crime
Cyberwarfare
Hack value
Hackerspace
Hacktivism
IT risk
Penetration test
18.8 References
[1] Lwgren, Jonas (February 23, 2000). Hacker culture(s):
Origins. Retrieved 2008-10-18.
[2] Raymond, Eric (25 August 2000). The Early Hackers.
A Brief History of Hackerdom. Thyrsus Enterprises. Retrieved 6 December 2008.
[15] Elmer-DeWitt, Philip (August 29, 1983). The 414 Gang

Strikes Again. Time. p. 75.
[16] Detroit Free Press. September 27, 1983. Missing or empty
|title= (help)
[17] Beware: Hackers at play. Newsweek. September 5,
1983. pp. 4246, 48.
[18] Timeline: The U.S. Government and Cybersecurity.
Washington Post. 2003-05-16. Retrieved 2006-04-14.
[19] David Bailey, Attacks on Computers: Congressional
Hearings and Pending Legislation, sp, p. 180, 1984 IEEE
Symposium on Security and Privacy, 1984.
[20] j...@uvacs. UUCP (19 September 1983). for hack ( er ) s
who want to complain to CBS. Newsgroup: net.followup
net.misc, net.followup.
[21] Levy, Steven (2001) [1984]. Hackers: Heroes of the Computer Revolution. Penguin Books. p. 9. ISBN 0-14100051-1.
[22] Eric S.Raymond: A Brief History of Hackerdom (2000)
[23] Raymond, Eric Steven (19 September 2003). Reasons
to Believe. The Art of Unix Programming. AddisonWesley.
[24] Graham, Paul (2004). Great Hackers.
[3] Eric Steven Raymond (2001). What Is a Hacker?". How

To Become A Hacker. Thyrsus Enterprises. Retrieved
2008-10-18.
[25] MIT Gallery of Hacks.

2013-11-30.
[4] Levy, part 2
[26] IHTFP Hack Gallery: CP Car on the Great Dome.

Hacks.mit.edu. 1994-05-09. Retrieved 2013-11-30.
[5] Levy, part 3
[27] hacker. The Jargon Lexicon. Retrieved 2008-10-18.
[6] Sterling, Bruce. cyberview_91.report. hackers had

built the entire personal computer industry. Jobs was a
hacker, Wozniak too, even Bill Gates, the youngest billionaire in the history of America -- all hackers.
[28] phreaking. The Jargon Lexicon. Retrieved 2008-10-18.
[7] DuBois, Shelley. A whos who of hackers. Reporter.

Fortune Magazine. Retrieved 19 June 2011.
[8] TMRC site. Archived from the original on 2006-05-03.
[9] Alan Kay quoted in Stewart Brand, S P A C E W A R:
Fanatic Life and Symbolic Death Among the Computer
Bums:" In Rolling Stone (1972)
[10] Fred Shapiro: Antedating of Hacker. American Dialect
Society Mailing List (13. June 2003)
[11] The Origin of Hacker"".
[12] Caldwell, Tracey (22 July 2011). Ethical hackers:
putting on the white hat. Network Security 2011 (7): 10
13. doi:10.1016/s1353-4858(11)70075-7.
[13] See the 1981 version of the Jargon File, entry hacker,
last meaning.
[14] Computer hacking: Where did it begin and how did it
grow?". WindowSecurity.com. October 16, 2002.
Hacks.mit.edu.
Retrieved
[29] cracker. The Jargon Lexicon. Retrieved 2008-10-18.

[30] Thompson, Ken (August 1984). Reections on Trusting
Trust (PDF). Communications of the ACM 27 (8): 761.
doi:10.1145/358198.358210.
[31] Richard Stallman (2002). The Hacker Community and
Ethics: An Interview with Richard M. Stallman. GNU
Project. Retrieved 2008-10-18.
[32] Part III. Appendices. The Jargon Lexicon. Retrieved 200810-18.
[33] A Story About Magic'. The Jargon Lexicon. Retrieved
2008-10-18.
[34] Part III. Appendices. The Jargon Lexicon. Retrieved 200810-18.

Michael Hasse: Die Hacker: Strukturanalyse einer
jugendlichen Subkultur (1994)
18.9.1
Computer security
97
Revelation: The Ultimate Beginners Guide to

Hacking & Phreaking (1996)
Lakhani, Karim R.; Wolf, Robert G. (2005). Why

Hackers Do What They Do: Understanding Motivation and Eort in Free/Open Source Software Projects (PDF). In Feller, J.; Fitzgerald, B.;
Hissam, S. et al. Perspectives on Free and Open
Source Software. MIT Press.
Hafner, Katie; Marko, John (1991). Cyberpunk:

Outlaws and Hackers on the Computer Frontier. New
York: Simon & Schuster. ISBN 0-671-68322-5.
Himanen, Pekka (2001). The Hacker Ethic and the

Spirit of the Information Age. Random House. ISBN
0-375-50566-0.
Sterling, Bruce (1992). The Hacker Crackdown.

Bantam. ISBN 0-553-08058-X.
Ingo, Henrik (2006). Open Life: The Philosophy of

Open Source. Lulu.com. ISBN 1-84728-611-9.
Logik Bomb: Hackers Encyclopedia (1997)
Slatalla, Michelle; Joshua Quittner (1995). Masters

of Deception: The Gang That Ruled Cyberspace.
HarperCollins. ISBN 0-06-017030-1.
Dreyfus, Suelette (1997). Underground: Tales of
Hacking, Madness and Obsession on the Electronic
Frontier. Mandarin. ISBN 1-86330-595-5.
Verton, Dan (2002). The Hacker Diaries : Confessions of Teenage Hackers. McGraw-Hill Osborne
Media. ISBN 0-07-222364-2.
Thomas, Douglas (2002). Hacker Culture. University of Minnesota Press. ISBN 0-8166-3345-2.
Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. Routledge. ISBN 978-0-415-18072-6.
Levy, Steven (2002). Crypto: How the Code Rebels
Beat the Government Saving Privacy in the Digital
Age. Penguin. ISBN 0-14-024432-8.
Ventre, Daniel (2009). Information Warfare. Wiley
- ISTE. ISBN 978-1-84821-094-3.
18.9.2
Free Software/Open Source
Raymond, Eric S.; Steele, Guy L., eds. (1996). The

New Hackers Dictionary. The MIT Press. ISBN 0262-68092-0.
Raymond, Eric S. (2003). The Art of Unix Programming. Prentice Hall International. ISBN 0-13142901-9.
Levy, Steven (1984). Hackers: Heroes of the Computer Revolution. Doubleday. ISBN 0-385-191952.
Turkle, Sherry (1984). The Second Self: Computers and the Human Spirit. MIT Press. ISBN 0-26270111-1.
Graham, Paul (2004). Hackers and Painters. Beijing: O'Reilly. ISBN 0-596-00662-4.
Chapter 19
Hacker group
Hacker groups began to ourish in the early 1980s, with
the advent of the home computer. Prior to that, the term
hacker was simply a referral to any computer hobbyist.
The hacker groups were out to make names for themselves, and were often spurred on by their own press.
This was a heyday of hacking, at a time before there was
much law against computer crime. Hacker groups provided access to information and resources, and a place
to learn from other members.[1] Hackers could also gain
credibility by being aliated with an elite group.[1] The
names of hacker groups parody large corporations, governments, police and criminals;[2] and often used specialized orthography.[2]
19.1 See also

List of hacker groups
19.2 References
Minnesota Press. p. 90. ISBN 978-0-8166-3346-3.
[2] Sterling, Bruce (1993). Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN
1-4043-0641-2.
19.3 External links

Hacker group at DMOZ
98
Chapter 20
Hacker Manifesto
The Conscience of a Hacker (also known as The Hacker
Manifesto) is a small essay written January 8, 1986
by a computer security hacker who went by the handle (or pseudonym) of The Mentor (born Loyd Blankenship), who belonged to the 2nd generation of Legion of
Doom.[1]
20.1 In popular culture
Considered a cornerstone of hacker culture,[4] The Manifesto acts as a guideline to hackers across the globe, especially those new to the eld. It serves as an ethical foundation for hacking, and asserts that there is a point to hacking that supersedes selsh desires to exploit or harm other
people, and that technology should be used to expand our
horizons and try to keep the world free.
A Hacker Manifesto is also the name of a book written

by The New School media studies professor McKenzie
Wark.
When asked about his motivation for writing the article,

Blankenship said,
20.2 See also
The article is quoted several times in the 1995 movie

Hackers, although in the movie it is being read from an
issue of the hacker magazine 2600, not the historically
accurate Phrack. It is also reproduced inside the CD case
It was written after the authors arrest, and rst published of the computer game Uplink.
in the underground hacker ezine Phrack[2] and can be The Mentor gave a reading of The Hacker Manifesto and
found on many websites, as well as on T-shirts and in oered additional insight at H2K2.[5] It is also an item in
lms.[3]
the game Culpa Innata.
A poster of the Hacker Manifesto is displayed in The Social Network in Mark Zuckerbergs dorm room.
Phrack
I was going through hacking withdrawal,
and Craig/Knight Lightning needed something
for an upcoming issue of Phrack. I was reading The Moon is a Harsh Mistress and was very
taken with the idea of revolution.[1]
Timeline of computer security hacker history
20.3 Related
The Hacker Ethic
At a more prominent public event, when asked about his

arrest and motivation for writing the article, Blankenship
said,
The Hackers Way written by Mark Zuckerberg[7]
20.4 References
I was just in a computer I shouldnt have
been. And [had] a great deal of empathy for
my friends around the nation that were also in
the same situation. This was post-WarGames,
the movie, so pretty much the only public perception of hackers at that time was hey, were
going to start a nuclear war, or play tic-tac-toe,
one of the two, and so I decided I would try to
write what I really felt was the essence of what
we were doing and why we were doing it.[5][6]
[1] Elf Qrin interviews The Mentor.

[2] The Mentor. The Conscience of a Hacker 1 (7). Phrack,
Inc. p. 3 of 10. Retrieved 15 June 2014.
Minnesota Press. pp. xxiv. ISBN 978-0-8166-3346-3.
[4] Marsh, Josh (November 4, 2013). Hacking and Philosophy: The Mentors Manifesto. Hackaday.com. Retrieved 15 June 2014.
99
100
[5] Blankenship, Lloyd (July 13, 2002). ""The Conscience

of a Hacker, Panel at H2K2 (Hackers on Planet Earth)".
New York, NY: 2600. Retrieved 15 June 2014.
[6] The Mentor at H2K2. Archived from the original on
2005-04-14. Retrieved 2014-04-10.
[7] Mark Zuckerbergs letter to investors: 'The Hacker
Way'". February 1, 2012. Retrieved 15 June 2014.
CHAPTER 20. HACKER MANIFESTO
Chapter 21
Hacking tool
A hacking tool is a program designed to assist with 21.3 Hacking Linux
hacking, or a piece of software which can be used for
hacking purposes.
Although not much is said about threats to the Linux sysExamples include Nmap, Nessus, John the Ripper, p0f, tem, they do exist and could increase in the future. One
and Winzapper.[1] Bribes have also been described as of the biggest threats to the Linux system is given by the
among the most potent hacking tools, due to their po- so-called Rootkits. These are programs that have special
tential exploitation in social engineering attacks.[2] Occa- privileges and are able to hide to the system administrasionally, common software such as ActiveX is exploited tor.
as a hacking tool as well.[3][4]
One way to counteract rootkits is by Tiger (security softHacking tools such as Cain and Abel, however, are well ware) program. This is a set of scripts that allow us to
known as Script Kiddie Tools. Script kiddies are people monitor whether a program on your computer privileges
who follow instructions from a manual, without realis- has changed recently.
ing how it happens. These Script Kiddies have been an
enormous threat to computer security as there are many
hacking tools and keyloggers up for download which are 21.4 References
free.
[1] Top 15 Security/Hacking Tools and Utilities, July 23,
2007.
[2] New hacking tool: chocolate, Munir Kotadia, Zdnet, Apr.
20, 2004.
21.1 Worms
[3] ActiveX used as hacking tool, CNet, Feb. 7, 1997.
Main article: Computer worm

Another example of a hacking tool is a computer
worm. These malicious programs detect vulnerabilities
in operating systems. Not all worms, however, are malicious. The Nachi Worms have actually xed operating
system vulnerabilities by downloading and installing security patches from the Microsoft website.
[4] The basics of hacking and penetration testing: ethical

hacking and penetration testing made easy, Engebretson,
Pat (Patrick Henry), 1974- Call NumberPublisherEdition
Waltham, MA : Elsevier, 2010.
21.5 External links

Top 100 Network Security Tools, Fyodor
Clause 202c of German penal code endangers German IT industry, Chaos Computer Club
21.2 Port Scanners
Top 400 Security Tools organized by Functionality

Main article: Port scanner
Port scanners detect vulnerabilities in rewalls, and are
able to nd a great deal about the computer system, such
as the operating system, ISP, wireless routers and how
long the system has been online. However, port scanners
are the best security auditing tools.
101
Chapter 22
Keystroke logging
A keylogger example of a screencapture, which holds potentially

condential and private information. This is the corresponding
text result of the keylogger.
A logle from a software-based keylogger
Keystroke logging, often referred to as keylogging or

keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert
manner so that the person using the keyboard is unaware
that their actions are being monitored.[1] It has uses in
the study of humancomputer interaction. There are numerous keylogging methods, ranging from hardware and
software-based approaches to acoustic analysis.
22.1 Application
22.1.1
Software-based keyloggers
These are computer programs designed to work on the

target computers software.[2] Keyloggers are used in IT
organizations to troubleshoot technical problems with
computers and business networks. Other legal uses include family or business people using them to monitor
the network usage without their users direct knowledge.
However, malicious individuals may use keyloggers on
public computers to steal passwords or credit card information.
From a technical perspective there are several categories:
Hypervisor-based: The keylogger can theoretically
102
reside in a malware hypervisor running underneath

the operating system, which remains untouched. It
eectively becomes a virtual machine. Blue Pill is a
conceptual example.
Kernel-based: A program on the machine obtains
root access to hide itself in the OS and starts intercepting keystrokes that pass through the kernel.
This method is dicult both to write and to combat. Such keyloggers reside at the kernel level and
are thus dicult to detect, especially for user-mode
applications who don't have root access. They are
frequently implemented as rootkits that subvert the
operating system kernel and gain unauthorized access to the hardware, making them very powerful.
A keylogger using this method can act as a keyboard
device driver for example, and thus gain access to
any information typed on the keyboard as it goes to
the operating system.
API-based: These keyloggers hook keyboard APIs
inside a running application. The keylogger registers for keystroke events, as if it was a normal piece
of the application instead of malware. The keylogger receives an event each time the user presses or
releases a key. The keylogger simply records it.
Windows APIs such as GetAsyncKeyState(),
GetForegroundWindow(), etc. are used to poll
the state of the keyboard or to subscribe to
22.1. APPLICATION
keyboard events.[3] A more recent example
simply polls the BIOS for pre-boot authentication PINs that have not been cleared from
memory.[4]
Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the
web browsing on submit events. These happen when
the user nishes lling in a form and submits it
usually by clicking a button or hitting enter. This
records form data before it is passed over the Internet.
Memory injection based: Memory Injection
(MitB)-based keyloggers alter memory tables associated with the browser and other system functions
to perform their logging functions. By patching the
memory tables or injecting directly into memory,
this technique can be used by malware authors who
are looking to bypass Windows UAC (User Account
Control). The Zeus and Spyeye Trojans use this
method exclusively.[5] Non-Windows systems have
analogous protection mechanisms that need to be
thwarted somehow by the keylogger.
Packet analyzers: This involves capturing network
trac associated with HTTP POST events to retrieve unencrypted passwords. This is made more
dicult when connecting via HTTPS, which is one
of the reasons HTTPS was invented.
Remote access software keyloggers
These are local software keyloggers with an
added feature that allows access to the locally
recorded data from a remote location. Remote
communication may be achieved using one of
these methods:
Data is uploaded to a website, database
or an FTP server.
Data is periodically emailed to a predened email address.
Data is wirelessly transmitted by means
of an attached hardware system.
The software enables a remote login to
the local machine from the Internet or the
local network, for data logs stored on the
target machine to be accessed.
Most of these aren't stopped by HTTPS encryption because that only protects data in transit between computers; this is a threat in your own computer - the one connected to the keyboard.
103
of writing activities,[8] including Inputlog, Scriptlog, and
Translog.
In terms of legitimate uses, Keystroke logging can be a
suitable research instrument in a number of writing contexts. These include studies on cognitive writing processes, description of writing strategies, the writing development of children with and without writing diculties, spelling, rst and second language writing, and
specialist skill areas such as translation and subtitling.
Keystroke logging be used in research specically on
writing, it can also be integrated in educational domains
for second language learning, programming skills, and
typing skills.
Related features
Software keyloggers may be augmented with features that
capture user information without relying on keyboard key
presses as the sole input. Some of these features include:
Clipboard logging. Anything that has been copied
to the clipboard can be captured by the program.
Screen logging. Screenshots are taken in order to
capture graphics-based information. Applications
with screen logging abilities may take screenshots
of the whole screen, just one application or even
just around the mouse cursor. They may take these
screenshots periodically or in response to user behaviours (for example, when a user has clicked the
mouse). A practical application used by some keyloggers with this screen logging ability is to take
small screenshots around where a mouse has just
clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen
keyboard without screenshot protection.
Programmatically capturing the text in a control.
The Microsoft Windows API allows programs to
request the text 'value' in some controls. This
means that some passwords may be captured, even
if they are hidden behind password masks (usually
asterisks).[9]
The recording of every program/folder/window
opened including a screenshot of each and every
website visited, also including a screenshot of each.
The recording of search engines queries, instant
messenger conversations, FTP downloads and other
Internet-based activities (including the bandwidth
used).
Keystroke logging in Writing Process Research
22.1.2 Hardware-based keyloggers

Keystroke logging has become an established research
method to study writing processes.[6][7] Dierent pro- Main article: Hardware keylogger
grams have been developed to collect online process data
104
CHAPTER 22. KEYSTROKE LOGGING

key sequence.[11] A hardware keylogger has an advantage over a software solution: it is not dependent
on being installed on the target computers operating
system and therefore will not interfere with any program running on the target machine or be detected
by any software. However its physical presence may
be detected if, for example, it is installed outside the
case as an inline device between the computer and
the keyboard. Some of these implementations have
the ability to be controlled and monitored remotely
by means of a wireless communication standard.[12]
A hardware-based keylogger.
Wireless keyboard sniers: These passive sniers

collect packets of data being transferred from a
wireless keyboard and its receiver. As encryption
may be used to secure the wireless communications between the two devices, this may need to be
cracked beforehand if the transmissions are to be
read.
Keyboard overlays: Criminals have been known to
use keyboard overlays on ATMs to capture peoples
PINs. Each keypress is registered by the keyboard
of the ATM as well as the criminals keypad that is
placed over it. The device is designed to look like
an integrated part of the machine so that bank customers are unaware of its presence.[13]
A connected hardware-based keylogger.
Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a
computer system.
Firmware-based: BIOS-level rmware that handles
keyboard events can be modied to record these
events as they are processed. Physical and/or rootlevel access is required to the machine, and the software loaded into the BIOS needs to be created for
the specic hardware that it will be running on.[10]
Keyboard hardware: Hardware keyloggers are used
for keystroke logging by means of a hardware circuit
that is attached somewhere in between the computer
keyboard and the computer, typically inline with the
keyboards cable connector. There are also USB
connectors based Hardware keyloggers as well as
ones for Laptop computers (the Mini-PCI card plugs
into the expansion slot of a laptop). More stealthy
implementations can be installed or built into standard keyboards, so that no device is visible on the
external cable. Both types log all keyboard activity to their internal memory, which can be subsequently accessed, for example, by typing in a secret
Acoustic keyloggers: Acoustic cryptanalysis can be

used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes
a subtly dierent acoustic signature when struck. It
is then possible to identify which keystroke signature
relates to which keyboard character via statistical
methods such as frequency analysis. The repetition
frequency of similar acoustic keystroke signatures,
the timings between dierent keyboard strokes and
other context information such as the probable language in which the user is writing are used in this
analysis to map sounds to letters.[14] A fairly long
recording (1000 or more keystrokes) is required so
that a big enough sample is collected.[15]
Electromagnetic emissions: It is possible to capture
the electromagnetic emissions of a wired keyboard
from up to 20 metres (66 ft) away, without being
physically wired to it.[16] In 2009, Swiss researchers
tested 11 dierent USB, PS/2 and laptop keyboards
in a semi-anechoic chamber and found them all vulnerable, primarily because of the prohibitive cost
of adding shielding during manufacture.[17] The researchers used a wide-band receiver to tune into the
specic frequency of the emissions radiated from the
keyboards.
Optical surveillance: Optical surveillance, while not
a keylogger in the classical sense, is nonetheless
22.3. CRACKING
105
an approach that can be used to capture passwords As of 2013, Russian special services still use
or PINs. A strategically placed camera, such as typewriters.[29][31][32]
a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being
entered.[18][19]
22.3 Cracking
Physical evidence: For a keypad that is used only
to enter a security code, the keys which are in actual use will have evidence of use from many ngerprints. A passcode of four digits, if the four digits in question are known, is reduced from 10,000
possibilities to just 24 possibilities (104 versus 4!
(factorial of 4)). These could then be used on separate occasions for a manual brute force attack.
Writing simple software applications for keylogging can

be trivial, and like any nefarious computer program, can
be distributed as a trojan horse or as part of a virus. What
is not trivial for an attacker, however, is installing a covert
keystroke logger without getting caught and downloading
data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that
sends keylogged data to a xed e-mail address or IP ad Smartphone sensors: Researchers have demon- dress risks exposing the attacker.
strated that it is possible to capture the keystrokes
of nearby computer keyboards using only the com22.3.1 Trojan
modity accelerometer found in smartphones.[20] The
attack is made possible by placing a smartphone Researchers devised several methods for solving this
nearby a keyboard on the same desk. The smart- problem. They presented a deniable password snatchphones accelerometer can then detect the vibrations ing attack in which the keystroke logging trojan is increated by typing on the keyboard, and then trans- stalled using a virus or worm.[33] [34] An attacker who
late this raw accelerometer signal into readable sen- is caught with the virus or worm can claim to be a
tences with as much as 80 percent accuracy. The victim. The cryptotrojan asymmetrically encrypts the
technique involves working through probability by pilfered login/password pairs using the public key of
detecting pairs of keystrokes, rather than individ- the trojan author and covertly broadcasts the resulting
ual keys. It models keyboard events in pairs and ciphertext. They mentioned that the ciphertext can be
then works out whether the pair of keys pressed is steganographically encoded and posted to a public bulon the left or the right side of the keyboard and letin board such as Usenet.
whether they are close together or far apart on the
QWERTY keyboard. Once it has worked this out,
it compares the results to a preloaded dictionary 22.3.2 Use by police
where each word has been broken down in the same
way.[21] Similar techniques have also been shown to In 2000, the FBI used FlashCrest iSpy to obtain the PGP
be eective at capturing keystrokes on touchscreen passphrase of Nicodemo Scarfo, Jr., son of mob boss
keyboards[22][23][24] while in some cases, in combi- Nicodemo Scarfo.[35] Also in 2000, the FBI lured two
nation with gyroscope.[25][26]
suspected Russian cyber criminals to the US in an elaborate ruse, and captured their usernames and passwords
with a keylogger that was covertly installed on a machine
that they used to access their computers in Russia. The
22.2 History
FBI then used these credentials to hack into the suspects
computers in Russia in order to obtain evidence to prosAn early keylogger was written by Perry Kivolowitz ecute them.[36]
and posted to the Usenet news group net.unixwizards,net.sources on November 17, 1983.[27] The
posting seems to be a motivating factor in restricting
22.4 Countermeasures
access to /dev/kmem on Unix systems. The user-mode
program operated by locating and dumping character
The eectiveness of countermeasures varies, because
lists (clists) as they were assembled in the Unix kernel.
keyloggers use a variety of techniques to capture data
In the 1970s, spies installed keystroke loggers in the and the countermeasure needs to be eective against the
US Embassy and Consulate buildings in Moscow and St particular data capture technique. For example, an onPetersburg.[28][29] They installed the bugs in Selectric II screen keyboard will be eective against hardware keyand Selectric III electric typewriters.[30]
loggers, transparency will defeat somebut not all
Soviet embassies used manual typewriters, rather screenloggers and an anti-spyware application that can
than electric typewriters, for classied information only disable hook-based keyloggers will be ineective
apparently because they are immune to such bugs.[30] against kernel-based keyloggers.
106
Also, keylogger program authors may be able to up- but it could potentially defeat hook- and API-based keydate the code to adapt to countermeasures that may have loggers.
proven to be eective against them.
22.4.1
Anti keyloggers
22.4.4 Network monitors
Network monitors (also known as reverse-rewalls) can

be used to alert the user whenever an application attempts
to make a network connection. This gives the user the
An anti keylogger is a piece of software specically de- chance to prevent the keylogger from "phoning home"
signed to detect keyloggers on a computer, typically com- with his or her typed information.
paring all les in the computer against a database of keyloggers looking for similarities which might signal the 22.4.5 Automatic form ller programs
presence of a hidden keylogger. As anti keyloggers have
been designed specically to detect keyloggers, they have Main article: Form ller
the potential to be more eective than conventional anti
virus software; some anti virus software do not consider
certain keyloggers a virus, as under some circumstances Automatic form-lling programs may prevent keylogging
a keylogger can be considered a legitimate piece of soft- by removing the requirement for a user to type personal
details and passwords using the keyboard. Form llers
ware.
are primarily designed for web browsers to ll in checkout
pages and log users into their accounts. Once the users
22.4.2 Live CD/USB
account and credit card information has been entered into
the program, it will be automatically entered into forms
Rebooting the computer using a Live CD or write- without ever using the keyboard or clipboard, thereby reprotected Live USB is a possible countermeasure against ducing the possibility that private data is being recorded.
software keyloggers if the CD is clean of malware and However someone with physical access to the machine
the operating system contained on it is secured and fully may still be able to install software that is able to interpatched so that it cannot be infected as soon as it is cept this information elsewhere in the operating system
started. Booting a dierent operating system does not or while in transit on the network. (Transport Layer Seimpact the use of a hardware or BIOS based keylogger. curity (TLS) reduces the risk that data in transit may be
intercepted by network sniers and proxy tools.)
Main article: Anti keylogger
22.4.3
Anti-spyware / Anti-virus programs

22.4.6 One-time passwords (OTP)
Many anti-spyware applications are able to detect some

software based keyloggers and quarantine, disable or
cleanse them. However, because many keylogging programs are legitimate pieces of software under some circumstances, anti spyware often neglects to label keylogging programs as spyware or a virus. These applications
are able to detect software-based keyloggers based on
patterns in executable code, heuristics and keylogger behaviours (such as the use of hooks and certain APIs).
No software-based anti-spyware application can be 100%
eective against all keyloggers. Also, software-based
anti-spyware cannot defeat non-software keyloggers (for
example, hardware keyloggers attached to keyboards will
always receive keystrokes before any software-based antispyware application).
However, the particular technique that the anti-spyware
application uses will inuence its potential eectiveness against software keyloggers. As a general rule,
anti-spyware applications with higher privileges will defeat keyloggers with lower privileges. For example,
a hook-based anti-spyware application cannot defeat a
kernel-based keylogger (as the keylogger will receive the
keystroke messages before the anti-spyware application),
Using one-time passwords may be keylogger-safe, as each

password is invalidated as soon as it is used. This solution may be useful for someone using a public computer.
However, an attacker who has remote control over such a
computer can simply wait for the victim to enter his/her
credentials before performing unauthorised transactions
on their behalf while their session is active.
22.4.7 Security tokens

Use of smart cards or other security tokens may improve
security against replay attacks in the face of a successful keylogging attack, as accessing protected information
would require both the (hardware) security token as well
as the appropriate password/passphrase. Knowing the
keystrokes, mouse actions, display, clipboard etc. used on
one computer will not subsequently help an attacker gain
access to the protected resource. Some security tokens
work as a type of hardware-assisted one-time password
system, and others implement a cryptographic challengeresponse authentication, which can improve security in
a manner conceptually similar to one time passwords.
22.5. SEE ALSO

Smartcard readers and their associated keypads for PIN
entry may be vulnerable to keystoke logging through a
so-called supply chain attack[37] where an attacker substitutes the card reader/PIN entry hardware for one which
records the users PIN.
22.4.8
On-screen keyboards
107
22.4.12 Macro expanders/recorders

With the help of many programs, a seemingly meaningless text can be expanded to a meaningful text and most
of the time context-sensitively, e.g. en.wikipedia.org
can be expanded when a web browser window has the
focus. The biggest weakness of this technique is that
these programs send their keystrokes directly to the target program. However, this can be overcome by using
the 'alternating' technique described below, i.e. sending
mouse clicks to non-responsive areas of the target program, sending meaningless keys, sending another mouse
click to target area (e.g. password eld) and switching
back-and-forth.
Most on-screen keyboards (such as the on-screen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to
type text. Software key loggers can log these typed characters sent from one program to another.[38] Additionally, keylogging software can take screenshots of what is
displayed on the screen (periodically, and/or upon each 22.4.13 Non-technological methods
mouse click), which means that although certainly a useful security measure, an on-screen keyboard will not pro- Alternating between typing the login credentials and typtect from all keyloggers.
ing characters somewhere else in the focus window[40]
can cause a keylogger to record more information than
they need to, although this could easily be ltered out by
an attacker. Similarly, a user can move their cursor using
22.4.9 Keystroke interference software
the mouse during typing, causing the logged keystrokes
[39]
to be in the wrong order e.g., by typing a password beKeystroke interference software is also available.
These programs attempt to trick keyloggers by introduc- ginning with the last letter and then using the mouse to
ing random keystrokes, although this simply results in move the cursor for each subsequent letter. Lastly, somethe keylogger recording more information than it needs one can also use context menus to remove, cut, copy, and
to. An attacker has the task of extracting the keystrokes paste parts of the typed text without using the keyboard.
of interestthe security of this mechanism, specically An attacker who is able to capture only parts of a password will have a smaller key space to attack if he chose
how well it stands up to cryptanalysis, is unclear.
to execute a brute-force attack.
22.4.10
Speech recognition
Another very similar technique uses the fact that any selected text portion is replaced by the next key typed. e.g.,
if the password is secret, one could type s, then some
dummy keys asdfsd. Then, these dummies could be selected with the mouse, and the next character from the
password e is typed, which replaces the dummies asdfsd.
Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since
there are no typing or mouse movements involved. The
weakest point of using voice-recognition software may be
how the software sends the recognized text to target soft- These techniques assume incorrectly that keystroke logware after the recognition took place.
ging software cannot directly monitor the clipboard, the
selected text in a form, or take a screenshot every time a
keystroke or mouse click occurs. They may however be
22.4.11 Handwriting recognition and eective against some hardware keyloggers.
mouse gestures
Also, many PDAs and lately tablet PCs can already
convert pen (also called stylus) movements on their
touchscreens to computer understandable text successfully. Mouse gestures use this principle by using mouse
movements instead of a stylus. Mouse gesture programs
convert these strokes to user-denable actions, such as
typing text. Similarly, graphics tablets and light pens can
be used to input these gestures, however these are less
common everyday.
The same potential weakness of speech recognition applies to this technique as well.
22.5 See also

Anti keylogger
Black-bag cryptanalysis
Computer surveillance
Digital footprint
Hardware keylogger
Reverse connection
108
Spyware
Trojan horse
Virtual keyboard
22.6 References
[1] Keylogger. Oxford dictionaries.
[2] What is a Keylogger?". PC Tools.
[19] Maggi, Federico; Volpatto, Alberto; Gasparini, Simone;

Boracchi, Giacomo; Zanero, Stefano (2011). A fast
eavesdropping attack against touchscreens. 7th International Conference on Information Assurance and Security.
IEEE. doi:10.1109/ISIAS.2011.6122840.
[20] Marquardt, Philip; Verma, Arunabh; Carter, Henry;
Traynor, Patrick (2011). (sp)iPhone: decoding vibrations
from nearby keyboards using mobile phone accelerometers. Proceedings of the 18th ACM conference on Computer and communications security. ACM. pp. 561562.
doi:10.1145/2046707.2046771.
[3] The Evolution of Malicious IRC Bots (PDF). Symantec.

2005-11-26. pp. 2324. Retrieved 2011-03-25.
[21] iPhone Accelerometer Could Spy on Computer

Keystrokes. Wired. 19 October 2011. Retrieved August
25, 2014.
[4] Jonathan Brossard (2008-09-03). Bypassing pre-boot

authentication passwords by instrumenting the BIOS keyboard buer (practical low level attaks against x86 preboot authentiation software)" (PDF). Iviz Technosolutions. Retrieved 2008-09-23.
[22] Owusu, Emmanuel; Han, Jun; Das, Sauvik; Perrig,

Adrian; Zhang, Joy (2012). ACCessory: password inference using accelerometers on smartphones. Proceedings of
the Thirteenth Workshop on Mobile Computing Systems
and Applications. ACM. doi:10.1145/2162081.2162095.
[5] SpyEye Targets Opera, Google Chrome Users. Krebs

on Security. Retrieved 26 April 2011.
[23] Aviv, Adam J.; Sapp, Benjamin; Blaze, Matt; Smith,

Jonathan M. (2012). Practicality of accelerometer side
channels on smartphones. Proceedings of the 28th Annual Computer Security Applications Conference. ACM.
doi:10.1145/2420950.2420957.
[6] K.P.H. Sullivan & E. Lindgren (Eds., 2006), Studies in

Writing: Vol. 18. Computer Key-Stroke Logging and
Writing: Methods and Applications. Oxford: Elsevier.
[7] V. W. Berninger (Ed., 2012), Past, present, and future
contributions of cognitive writing research to cognitive
psychology. New York/Sussex: Taylor & Francis. [ISBN
9781848729636]
[8] Vincentas (11 July 2013). Keystroke Logging in SpyWareLoop.com. Spyware Loop. Retrieved 27 July 2013.
[9] Microsoft. EM_GETLINE Message()". Microsoft. Retrieved 2009-07-15.
[10] Apple keyboard hack. Apple keyboard hack. Digital
Society. Retrieved 9 June 2011.
[11] Keyghost. keyghost.com. Retrieved 2009-04-19.
[12] Keylogger Removal. Keylogger Removal. SpyReveal
Anti Keylogger. Retrieved 25 April 2011.
[24] Cai, Liang; Chen, Hao (2011). TouchLogger: inferring

keystrokes on touch screen from smartphone motion (PDF).
Proceedings of the 6th USENIX conference on Hot topics
in security. USENIX. Retrieved 25 August 2014.
[25] Xu, Zhi; Bai, Kun; Zhu, Sencun (2012). TapLogger: inferring user inputs on smartphone touchscreens
using on-board motion sensors. Proceedings of the
fth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM. pp. 113124.
doi:10.1145/2185448.2185465.
[26] Miluzzo, Emiliano; Varshavsky, Alexander; Balakrishnan, Suhrid; Choudhury, Romit Roy (2012). Tapprints: your nger taps have ngerprints. Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM. pp. 323336.
doi:10.1145/2307636.2307666.
[27] The Security Digest Archives. Retrieved 2009-11-22.
[13] Jeremy Kirk (2008-12-16). Tampered Credit Card Terminals. IDG News Service. Retrieved 2009-04-19.
[14] Andrew Kelly (2010-09-10). Cracking Passwords using
Keyboard Acoustics and Language Modeling (PDF).
[15] Sarah Young (14 September 2005). Researchers recover typed text using audio recording of keystrokes. UC
Berkeley NewsCenter.
[16] Remote monitoring uncovered by American techno activists. ZDNet. 2000-10-26. Retrieved 2008-09-23.
[17] Martin Vuagnoux and Sylvain Pasini (2009-06-01).
Compromising Electromagnetic Emanations of Wired
and Wireless Keyboards. Lausanne: Security and Cryptography Laboratory (LASEC).
[18] ATM camera. snopes.com. Retrieved 2009-04-19.
[28] Soviet Spies Bugged Worlds First Electronic Typewriters

[29] Georey Ingersoll. Russia Turns To Typewriters To Protect Against Cyber Espionage. 2013.
[30] Sharon A. Maneki. Learning from the Enemy: The
GUNMAN Project. 2012.
[31] Wanted: 20 electric typewriters for Russia to avoid leaks
[32] Anna Arutunyan. Russian security agency to buy typewriters to avoid surveillance.
[33] Young, Adam; Yung, Moti (1997).
Deniable
Password Snatching: On the Possibility of Evasive
Electronic Espionage.
Proceedings of IEEE Symposium on Security and Privacy (IEEE): 224235.
doi:10.1109/SECPRI.1997.601339.
[34] Young, Adam; Yung, Moti (1996). Cryptovirology:

extortion-based security threats and countermeasures.
Proceedings of IEEE Symposium on Security and Privacy
(IEEE): 129140. doi:10.1109/SECPRI.1996.502676.
[35] John Leyden (2000-12-06). Maa trial to test FBI spying tactics: Keystroke logging used to spy on mob suspect
using PGP. The Register. Retrieved 2009-04-19.
[36] John Leyden (2002-08-16). Russians accuse FBI Agent
of Hacking. The Register.
[37] Austin Modine (2008-10-10). Organized crime tampers
with European card swipe devices. The Register. Retrieved 2009-04-18.
[38] Scott Dunn (2009-09-10). Prevent keyloggers from
grabbing your passwords. Windows Secrets. Retrieved
2014-05-10.
[39] Christopher Ciabarra (2009-06-10). Anti Keylogger.
Networkintercept.com.
[40] Cormac Herley and Dinei Florencio (2006-02-06). How
To Login From an Internet Cafe Without Worrying About
Keyloggers (PDF). Microsoft Research. Retrieved 200809-23.
22.7 External links

Keyloggers at DMOZ
109
Chapter 23
List of computer criminals

use of devices, forgery (or identity theft) and electronic
fraud.[2]
Hacker Adrian Lamo (left) with contemporaries Kevin Mitnick

(center) and Kevin Poulsen
In the infancy of the hacker subculture and the computer

underground,[3] criminal convictions were rare because
there was an informal code of ethics that was followed
by white hat hackers.[4] Proponents of hacking claim to
be motivated by artistic and political ends, but are often
unconcerned about the use of criminal means to achieve
them.[5] White hat hackers break past computer security for non-malicious reasons and do no damage, akin
to breaking into a house and looking around.[6] They enjoy learning and working with computer systems, and by
this experience gain a deeper understanding of electronic
security.[6] As the computer industry matured, individuals with malicious intentions (black hats) would emerge to
exploit computer systems for their own personal prot.[6]
Convictions of computer crimes, or hacking, began as
early as 1983 with the case of The 414s from the 414 area
code in Milwaukee. In that case, six teenagers broke into
a number of high-prole computer systems, including
Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacic Bank. On May 1, 1983,
one of the 414s, Gerald Wondra, was sentenced to two
years of probation.[7]
In 2006, a prison term of nearly ve years was handed
down to Jeanson James Ancheta, who created hundreds
of zombie computers to do his bidding via giant bot networks or botnets.[8] He then sold the botnets to the highest
bidder who in turn used them for Denial-of-service (DoS)
attacks.[9]
Mark Abene, who was convicted of computer charges
Convicted computer criminals are people who are caught

and convicted of computer crimes such as breaking into
computers or computer networks.[1] Computer crime can
be broadly dened as criminal activity involving information technology infrastructure, including illegal access
(unauthorized access), illegal interception (by technical
means of non-public transmissions of computer data to,
from or within a computer system), data interference
(unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), mis-
As of 2012, the longest sentence for computer crimes is

that of Albert Gonzalez for 20 years.[10]
The next longest sentences are those of 13 years for
Max Ray Vision,[11] 108 months of Brian Salcedo in
2004 and upheld in 2006 by the U.S. 4th Circuit Court
of Appeals,[12][13] and 68 months of Kevin Mitnick in
1999.[14]
110
23.3. REFERENCES
111
23.1 Computer criminals
[15] Phiber Optik Goes to PrisonIssue 2.04. Wired. April

1994. Retrieved August 23, 2008.
23.2 See also
[16] Elinor Mills (June 23, 2009). Q&A: Mark Abene, from
'Phiber Optik' to security guru. CNET Networks. Retrieved June 28, 2009.
Timeline of computer security hacker history
[17] American owns up to hijacking PCs. BBC News. January 24, 2006. Retrieved June 22, 2009.
23.3 References
[1] Bruce Sterling (1993). The Hacker CrackdownLaw and
Disorder on the Electronic Frontier (January 1994 ed.).
Project Gutenberg. p. 336. ISBN 0-553-56370-X.
[2] Paul Taylor. Hackers: Crime in the Digital Sublime
(November 3, 1999 ed.). Routledge; 1 edition. p. 200.
ISBN 0-415-18072-4.
[3] Steve Mizrach (2009). The electronic discourse of the
computer underground. Florida International University.
Retrieved May 10, 2009. Gordon Meyer, a sociologist
who has since left academia but continues to be involved
in the computer industry (and to publish the Computer
Underground Digest), wrote in his seminal paper The Social Organization of the Computer Underground that the
computer underground consists of actors in three roles
computer hackers, phone phreaks, and software pirates.
[18] Debra Wong Chang - United States Attorney (May 8,

2006). ""Botherder Dealt Record Prison Sentence
for Selling and Spreading Malicious Computer Code.
United States Department of Justice. Retrieved June 22,
2009.
[19] Dreyfus, Suelette (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier
(PDF). pp. 4849.
(PDF). pp. 4849.
[21] http://zlh.halcon.tv/files/Phreak/Misc/handbook.txt
[22] http://www.textfiles.com/magazines/NEUROCACTUS/
nc-002.txt
[4] Interview with Chris Davis. Public Broadcasting Service. 2001. Retrieved May 9, 2009.
[23] . April 16, 2012 http://www.textfiles.com/magazines/

NEUROCACTUS/nc-002.txt/. Missing or empty |title=
(help)
[5] Brian Blomquist (May 29, 1999). FBI'S web site socked
as hackers target feds. New York Post. Retrieved May
8, 2009.
[24] Kevin Poulsen (2009). Michigan Wi-Fi hacker jailed for

nine years. The Register. Retrieved June 22, 2009.
[6] Andrew Brandt (April 2, 2001). Hacker Speak. PC

World (magazine). Retrieved May 10, 2009.
[25] Judgement in a Criminal Case, 5:03CR53-02, Western

District of North Carolina (PDF). timmins. December
16, 2004. Retrieved August 23, 2008.
[7] Computer User Sentenced. The New York Times. May

1, 1983. Retrieved September 11, 2008.
[8] pg 26Richard Gissel. Digital Underworld (August 23,
2005 ed.). Lulu. p. 222. ISBN 1-4116-4423-9.
[9] Robert Vamosi (January 27, 2006). Cybercrime does
pay; heres how. CNET Reviews. Retrieved September
11, 2008.
[10] Zetter, Kim (March 25, 2010). TJX Hacker Gets 20
Years in Prison. Wired (magazine). Retrieved January
22, 2012.
[11] Poulsen, Kevin (February 12, 2010). Record 13-Year
Sentence for Hacker Max Vision. Wired (magazine).
Retrieved January 22, 2012.
[12] Hacker Sentenced to Prison for Breaking into Lowes
Companies Computers with Intent to Steal Credit Card
Information. cybercrime.gov. December 15, 2004. Retrieved January 22, 2012.
[26] Tony Long (February 7, 2007). February 7, 2000: Maaboys Moment. Wired. Retrieved May 23, 2009.
[27] Maaboy given eight months. The Register. September
13, 2001. Retrieved May 23, 2009.
[28] FBI Facts and Figure 2003. Federal Bureau of Investigation. April 2003. Archived from the original on March
26, 2007. Retrieved March 27, 2007.
[29] Chad Davis, Global Hell Hacker, Sentenced to Six
Months in Prison, Three Years Probation., For Air Force
Network Hacks. United States Department of Justice.
March 1, 2000. Retrieved May 11, 2009.
[30] Hack to the future. Melbourne: The Age. May 25,
2003. Retrieved August 23, 2008.
[31] John Leyden (July 6, 2001). "Bill Gates hacker escapes
jail. The Register. Retrieved September 11, 2008.
[13] Crazy-Long Hacker Sentence Upheld. Wired (magazine). July 11, 2006. Retrieved January 22, 2012.
[32] Teen hacker escapes jail sentence. BBC News. July 6,

2001. Retrieved September 11, 2008.
[14] Kevin Mitnick Sentenced to Nearly Four Years in

Prison. cybercrime.gov. August 9, 1999. Retrieved January 22, 2012.
[33] Poulsen, Kevin (April 6, 2007). Court Okays CounterHack of eBay Hackers Computer. Wired News. Retrieved April 21, 2010.
112
[34] Michael Newton (2004). The Encyclopedia of High-Tech

Crime and Crime-Fighting (November 2003 ed.). Checkmark Books, an imprint of Facts on File Inc. p. 416.
ISBN 0-8160-4978-5.
[35] MySpace speaks about Samy Kamkars sentencing.
TechSpot. January 31, 2007. Retrieved December 27,
2010.
[36] , Times Dispatch, United States, 21 November 2014.
[37] Brian Krebs (February 27, 2007). They'll Always Have
Paris. The Washington Post. Retrieved May 9, 2009.
[38] George V. Hulme (July 15, 2004). Hacker Lamo Sentenced To Home Detention. Information Week. United
Business Media, Inc. Retrieved August 23, 2008.
[39] Is Department of Defense (DoD), Pentagon, NASA, NSA
secure?, TheHackerNews, May 14, 2011.
[40] Man jailed for attempting to compromise websites, Kent
Police, United Kingdom, 16 May 2013.
[41] Kevin Mitnick sentenced to nearly four years in prison.
United States Department of Justice. August 9, 1999. Retrieved August 23, 2008.
[42] Hacker sentenced, must program jail computers. USA
Today. Associated Press. February 6, 2002. Retrieved
August 23, 2008.
[43] Ronald B. Standler (August 14, 2002). Judgment in U.S.
v. Robert Tappan Morris. rbs2. Retrieved August 23,
2008.
[44] Teen Pleds Guilty in Blaster Worm Attack. CRN Magazine. August 12, 2004. Retrieved May 11, 2009.
[45] Blaster-B worm author sentenced to 18 months in jail but bigger villain remains free, Sophos reports. Sophos
Plc. January 28, 2005. Retrieved May 11, 2009.
[46] Henry Weinstein (March 23, 1991). Hacker Enters
Guilty Plea in Theft of Computer Data. Business;
PART-D; Financial Desk: Los Angeles Times. p. 2. Retrieved May 9, 2009.
[47] Rodney Homan (March 27, 1991). Legion of Dooms
Terminus sentenced. RISKS Digest. Retrieved May 9,
2009.
[48] Rodney Homan (March 31, 1991). Correction Re:
Terminus. RISKS Digest. Retrieved May 9, 2009. Under the plea agreements, ... Rose ... will serve a year in
prison.
[49] Creator of Melissa Computer Virus Sentenced to 20
Months in Federal Prison. United States Department of
Justice. May 1, 2002. Retrieved May 11, 2009.
[50] Kevin Poulsen (June 15, 2001). Solar Sunrise hacker
Analyzer escapes jail. The Register. Retrieved September 11, 2008.
[51] Two years jail for UK virus writer who infected 27,000
PCs, Sophos reacts. Sophos Plc. January 21, 2003. Retrieved August 23, 2008.
CHAPTER 23. LIST OF COMPUTER CRIMINALS
[52] Robert Blincoe (September 27, 2001). Kournikova virus

kiddie gets 150 hours community service. The Register.
Retrieved May 10, 2009.
[53] John Leyden (September 14, 2001). Anna Kournikova
virus author stands trial. The Register. Retrieved June
22, 2009.
[54] Joris Evers (September 28, 2001). Kournikova Virus
Writer Found Guilty. PC World. Retrieved May 23,
2009.
[55] Two who raided computers pleading guiltyLate City
Final Edition, Section 1, Page 6, Column 1, 383 words.
The New York Times. March 17, 1984. Retrieved May 9,
2009.
(PDF). pp. 4345.
(PDF). pp. 4546.
23.4 External links

Hacker High: 10 Stories of Teenage Hackers Getting into the System
CUSSE List of Convicted Hackers
Chapter 24
Phreaking
This article is about the manipulation of telephone call to nd secret documents. They snuck into telephone
routing. For the use of telephone technology to steal company buildings at night and wired up their own teleinformation, see Phone hacking.
phones. They built clever little electronic devices called
blue boxes, black boxes, and red boxes to help them explore the network and make free phone calls. They hung
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, out on early conference call circuits and loop arounds
to communicate with one another. They wrote their own
or explore telecommunication systems, such as equipment and systems connected to public telephone net- newsletters to spread information.
works. The term phreak is a portmanteau of the words
phone and freak, and may also refer to the use of various
audio frequencies to manipulate a phone system. Phreak,
phreaker, or phone phreak are names used for and by individuals who participate in phreaking.
Prior to 1984, long-distance telephone calls were a premium item, with archaic regulations. In some locations,
calling across the street counted as long distance.[2] To report that a phone call was long distance meant an elevated
importance universally accepted as, the calling party is
The term rst referred to groups who had reverse engi- paying by the minute to speak to the called party; transneered the system of tones used to route long-distance act business quickly.
calls. By re-creating these tones, phreaks could switch Phreaking consisted of techniques to evade the longcalls from the phone handset, allowing free calls to be distance charges. This evasion was illegal; the crime was
made around the world. To ease the creation of these called toll fraud.[3]
tones, electronic tone generators known as blue boxes became a staple of the phreaker community, including future Apple Inc. cofounders Steve Jobs and Steve Woz- 24.1.1 Switch hook and tone dialer
niak.
The blue box era came to an end with the ever increasing Possibly one of the rst phreaking methods was switchuse of computerized phone systems which sent dialling hooking. It allows placing calls from a phone where the
information on a separate, inaccessible channel. By the rotary dial or keypad has been disabled by a key lock
1980s, much of the system in the US and Western Europe or other means to prevent unauthorized calls from that
had been converted. Phreaking has since become closely phone. It is done by rapidly pressing and releasing the
linked with computer hacking.[1] This is sometimes called switch hook to open and close the subscriber circuit, simthe H/P culture (with H standing for hacking and P stand- ulating the pulses generated by the rotary dial. Even
most current telephone exchanges support this method, as
ing for phreaking).
they need to be backward compatible with old subscriber
hardware.[4]
24.1 History
Phone phreaking got its start in the late 1950s in the
United States. Its golden age was the late 1960s and early
1970s. Phone phreaks spent a lot of time dialing around
the telephone network to understand how the phone system worked. They listened to the pattern of tones to gure out how calls were routed. They read obscure telephone company technical journals. They learned how to
impersonate operators and other telephone company personnel. They dug through telephone company trash bins
By rapidly clicking the hook for a variable number of

times at roughly 5 to 10 clicks per second, separated by intervals of roughly one second, the caller can dial numbers
as if they were using the rotary dial. The pulse counter
in the exchange counts the pulses or clicks and interprets
them in two possible ways. Depending on continent and
country, one click with a following interval can be either
one or zero and subsequent clicks before the interval are additively counted. This renders ten consecutive
clicks being either zero or nine, respectively. Some
exchanges allow using additional clicks for special controls, but numbers 09 now fall in one of these two stan-
113
114
CHAPTER 24. PHREAKING
dards. One special code, ash, is a very short single

click, possible but hard to simulate. Back in the day of rotary dial, very often technically identical phone sets were
marketed in multiple areas of the world, only with plugs
matched by country and the dials being bezeled with the
local standard numbers.
While single frequency worked on certain phone routes,

the most common signaling on the then long-distance network was multi-frequency (MF) controls. The slang term
for these tones and their use was Marty Freeman. The
specic frequencies required were unknown to the general public until 1964, when the Bell System published
the information in the Bell System Technical Journal in
an article describing the methods and frequencies used
for interoce signalling. The journal was intended for
the companys engineers; however, it found its way to various college campuses across the United States. With this
one article, the Bell System accidentally gave away the
keys to the kingdom, and the intricacies of the phone
system were at the disposal of people with a knowledge
of electronics.[8]
Such key-locked telephones, if wired to a modern DTMF

capable exchange, can also be exploited by a tone dialer
that generates the DTMF tones used by modern keypad
units. These signals are now very uniformly standardized
worldwide, and along with rotary dialing, they are almost
all that is left of in-band signaling. It is notable that the
two methods can be combined: Even if the exchange does
not support DTMF, the key lock can be circumvented by
switch-hooking, and the tone dialer can be then used to
operate automated DTMF controlled services that can't The second generation of phreaks arose at this time, inbe used with rotary dial.
cluding the New Yorkers Evan Doorbell, Ben Decibel and Neil R. Bell and Californians Mark Bernay,
Chris Bernay, and Alan from Canada. Each conducted
their own independent exploration and experimentation
24.1.2 2600 hertz
of the telephone network, initially on an individual basis,
The origins of phone phreaking trace back at least to and later within groups as they discovered each other in
AT&T's implementation of fully automatic switches. their travels. Evan Doorbell, Ben and Neil formed
These switches used tone dialing, a form of in-band sig- a group of phreaks known as Group Bell. Mark Bernay
naling, and included some tones which were for internal initiated a similar group named the Mark Bernay Socitelephone company use. One internal-use tone was a tone ety. Both Mark and Evan received fame amongst todays
of 2600 Hz which caused a telephone switch to think the phone phreakers for Internet publication of their colleccall was over, leaving an open carrier line which could tion of telephone exploration recordings. These recordbe exploited to provide free long-distance and interna- ings, conducted in the 1960s, 1970s, and early 1980s are
[9]
tional calls. At that time, long-distance calls were quite available at Marks website Phone Trips.
[5]
expensive.
The tone was discovered in approximately 1957,[5] by
Joe Engressia, a blind seven-year-old boy. Engressia had
perfect pitch, and discovered that whistling the fourth E
above middle C (a frequency of 2600 Hz) would stop a
dialed phone recording. Unaware of what he had done,
Engressia called the phone company and asked why the
recordings had stopped. Joe Engressia is considered to be
the father of phreaking.[6]
Other early phreaks, such as Bill from New York, began
to develop a rudimentary understanding of how phone
networks worked. Bill discovered that a recorder he
owned could also play the tone at 2600 Hz with the same
eect. John Draper discovered through his friendship
with Engressia that the free whistles given out in Cap'n
Crunch cereal boxes also produced a 2600 Hz tone when
blown (providing his nickname, Captain Crunch). This
allowed control of phone systems that worked on single
frequency (SF) controls. One could sound a long whistle
to reset the line, followed by groups of whistles (a short
tone for a 1, two for a 2, etc.) to dial numbers.[7]
24.1.3
Multi frequency
Main article: Multi-frequency
24.1.4 Blue boxes

Main article: Blue box
In October 1971, phreaking was introduced to the masses
when Esquire Magazine published a story called Secrets of the Little Blue Box[10][11][12][13] by Ron Rosenbaum. This article featured Engressia and John Draper
prominently, synonymising their names with phreaking.
The article also attracted the interest of other soon-to-be
phreaks, such as Steve Wozniak and Steve Jobs, who went
on to found Apple Computer.[14]
1971 also saw the beginnings of YIPL (Youth International Party Line), a publication started by Abbie Homan and Al Bell to provide information to Yippies on how
to beat the man, mostly involving telephones. In 1973,
Al Bell would move YIPL over and start TAP (Technological American Party).[15] TAP would develop into a
major source for subversive technical information among
phreaks and hackers all over the world. TAP ran from
1973 to 1984, with Al Bell handing over the magazine to
Tom Edison in the late 70s. TAP ended publication in
1984 due mostly to a break-in and arson at Tom Edisons
residence in 1983.[16] Cheshire Catalyst then took over
running the magazine for its nal (1984) year.
24.1. HISTORY
A controversially suppressed article How to Build a
'Phone Phreaks box in Ramparts Magazine (June,
1972) touched o a restorm of interest in phreaking.
This article published simple schematic plans of a black
box used to make free long-distance phone calls, and included a very short parts list that could be used to construct one. Bell sued Ramparts, forcing the magazine
to pull all copies from shelves, but not before numerous
copies were sold and many regular subscribers received
them.
24.1.5
Computer hacking
In the 1980s, the revolution of the personal computer

and the popularity of computer bulletin board systems
(BBSes) (accessed via modem) created an inux of techsavvy users. These BBSes became popular for computer hackers and others interested in the technology,
and served as a medium for previously scattered independent phone phreaks to share their discoveries and experiments. This not only led to unprecedented collaboration between phone phreaks, but also spread the notion of phreaking to others who took it upon themselves
to study, experiment with, or exploit the telephone system. This was also at a time when the telephone company was a popular subject of discussion in the US, as
the monopoly of AT&T Corporation was forced into divestiture. During this time, exploration of telephone networks diminished, and phreaking focused more on toll
fraud. Computer hackers began to use phreaking methods to nd the telephone numbers for modems belonging
to businesses, which they could exploit later. Groups then
formed around the BBS hacker/phreaking (H/P) community such as the famous Masters of Deception (Phiber
Optik) and Legion of Doom (Erik Bloodaxe) groups. In
1985, an underground e-zine called Phrack (a combination of the words Phreak and Hack) began circulation
among BBSes, and focused on hacking, phreaking, and
other related technological subjects.
115
24.1.6 Toll fraud

The 1984 AT&T breakup gave rise to many small companies intent upon competing in the long distance market. These included the then-edgling Sprint and MCI,
both of whom had only recently entered the marketplace.
At the time, there was no way to switch a phone line to
have calls automatically carried by non-AT&T companies. Customers of these small long distance operations
would be required to dial a local access number, enter
their calling card number, and nally enter the area code
and phone number they wish to call. Because of the relatively lengthy process for customers to complete a call,
the companies kept the calling card numbers short usually 6 or 7 digits. This opened up a huge vulnerability to
phone phreaks with a computer.
6-digit calling card numbers only oer 1 million combinations. 7-digit numbers oer just 10 million. If a
company had 10,000 customers, a person attempting to
guess a card number would have a good chance of doing so correctly once every 100 tries for a 6-digit card
and once every 1000 tries for a 7-digit card. While this
is almost easy enough for people to do manually, computers made the task far easier.[17][18] Code hack programs were developed for computers with modems. The
modems would dial the long distance access number, enter a random calling card number (of the proper number of digits), and attempt to complete a call to a computer bulletin board system (BBS). If the computer connected successfully to the BBS, it proved that it had found
a working card number, and it saved that number to disk.
If it did not connect to the BBS in a specied amount of
time (usually 30 or 60 seconds), it would hang up and try
a dierent code. Using this method, code hacking programs would turn up hundreds (or in some cases thousands) of working calling card numbers per day. These
would subsequently be shared amongst fellow phreakers.
There was no way for these small phone companies to

identify the culprits of these hacks. They had no access to local phone company records of calls into their
access numbers, and even if they had access, obtaining
such records would be prohibitively expensive and timeconsuming. While there was some advancement in tracking down these code hackers in the early 1990s, the probIn the early 1990s, H/P groups like Masters of Deception lem did not completely disappear until most long distance
and Legion of Doom were shut down by the US Secret companies were able to oer standard 1+ dialing without
Service's Operation Sundevil. Phreaking as a subculture the use of an access number.
saw a brief dispersion in fear of criminal prosecution in
the 1990s, before the popularity of the internet initiated a
24.1.7 Diverters
reemergence of phreaking as a subculture in the US and
spread phreaking to international levels.
Another method of obtaining free phone calls involved
Into the turn of the 21st century, phreaks began to focus
on the exploration and playing with the network, and the
concept of toll fraud became widely frowned on among
serious phreakers, primarily under the inuence of the
website Phone Trips, put up by second generation phreaks
Mark Bernay and Evan Doorbell.
the use of so-called diverters. Call forwarding was

not an available feature for many business phone lines in
the 1980s and early 1990s, so they were forced to buy
equipment that could do the job manually between two
phone lines. When the business would close, they would
program the call diverting equipment to answer all calls,
116
pick up another phone line, call their answering service,
and bridge the two lines together. This gave the appearance to the caller that they were directly forwarded to the
companys answering service. The switching equipment
would typically reset the line after the call had hung up
and timed out back to dial tone, so the caller could simply wait after the answering service had disconnected, and
would eventually get a usable dial tone from the second
line. Phreakers recognized the opportunity this provided,
and they would spend hours manually dialing businesses
after hours, attempting to identify faulty diverters. Once
a phreaker had access to one of these lines, he could use
it for one of many purposes. In addition to completing
phone calls anywhere in the world at the businesses expense, they could also dial 1-900 phone sex/entertainment
numbers, as well as use the phone line to harass their enemies without fear of being traced. Victimized small businesses were usually required to foot the bill for the long
distance calls, as it was their own private equipment (not
phone company security aws) that allowed such fraud
to occur. By 1993, call forwarding was oered to nearly
every business line subscriber, making these diverters obsolete. As a result, hackers stopped searching for the few
remaining ones, and this method of toll fraud died.

mailboxes less popular. To this day bridges are still very
popular with phreakers yet, with the advent of VoIP, the
use of telephone company owned bridges has decreased
slightly in favor of phreaker-owned conferences.
24.1.9 Cell phones

By the late 1990s, the fraudulent aspect of phreaking
all but vanished. Most cellular phones oered unlimited domestic long distance calling for the price of standard airtime (often totally unlimited on weekends), and
at-rate long-distance plans appeared oering unlimited
home phone long distance for as little as $25 per month.
Rates for international calls had also decreased signicantly. Between the much higher risk of being caught
(due to advances in technology) and the much lower gain
of making free phone calls, toll fraud started to become
a concept associated very little with phreaking.
24.1.10 End of multi-frequency
The end of multi-frequency (MF) phreaking in the lower

48 United States occurred on June 15, 2006, when the
last exchange in the contiguous United States to use a
24.1.8 Voice mail boxes and bridges
phreakable MF-signalled trunk replaced the aging (yet
still well kept) N2 carrier with a T1 carrier. This exPrior to the BBS era of the 1980s phone phreaking was change, located in Wawina Township, Minnesota, was
more of a solitary venture as it was dicult for phreaks run by the Northern Telephone Company of Minnesota.
to connect with one another. In addition to communicating over BBSs phone phreaks discovered voice mail
boxes and party lines as ways to network and keep in
touch over the telephone. It was rare for a phone phreak 24.2 2600 Hz
to legally purchase access to voice mail. Instead, they
would usually appropriate unused boxes that were part In the original analog networks, short-distance telephone
of business or cellular phone systems. Once a vulnera- calls were completed by sending relatively high-power
ble mailbox system was discovered, word would spread electrical signals through the wires to the end oce,
around the phreak community, and scores of them would which then switched the call. This technique could not
take residence on the system. They would use the sys- be used for long-distance connections, because the sigtem as a home base for communication with one annals would be ltered out due to capacitance in the wires.
other until the rightful owners would discover the intru- Long-distance switching remained a manual operation
sion and wipe them o. Voice mailboxes also provided a years after short-distance calls were automated, requiring
safe phone number for phreaks to give out to one another operators at either end of the line to set up the connecas home phone numbers would allow the phreaks iden- tions.
tity (and home address) to be discovered. This was espe- Bell automated this process by sending in-band signals.
cially important given that phone phreaks were breaking Since the one thing the long-distance trunks were defthe law.
initely able to do was send voice-frequency signals, the
Phreakers also used bridges to communicate live with
one another. The term bridge originally referred to a
group of telephone company test lines that were bridged
together giving the eect of a party-line. Eventually, all
party-lines, whether bridges or not, came to be known as
bridges if primarily populated by hackers and/or phreakers.
Bell System used a selection of tones sent over the trunks

to control the system. When calling long-distance, the
local end-oce switch would rst route the call to a special switch which would then convert further dialing into
tones and send them over an appropriately selected trunk
line (selected with the area code). A similar machine at
the far end of the trunk would decode the tones back into
The popularity of the Internet in the mid-1990s, along electrical signals, and the call would complete as normal.
with the better awareness of voice mail by business and In addition to dialing instructions, the system also incell phone owners, made the practice of stealing voice cluded a number of other tones that represented various
24.3. SEE ALSO

commands or status. 2600 Hz, the key to early phreaking,
was the frequency of the tone sent by the long-distance
switch indicating that the user had gone on-hook (hung up
the phone). This normally resulted in the remote switch
also going on-hook, freeing the trunk for other uses. In
order to make free lines easy to nd, the 2600 Hz tone was
continually played into free trunks. If the tone was sent
manually by the local user into the phone line, it would
trigger the remote switch to go on-hook, but critically,
the local switch knew he was still o-hook because that
was signaled electrically, not by the tone (which their local
switch ignored). The system was now in an inconsistent
state, leaving the local user connected to an operational
long-distance trunk line. With further experimentation,
the phreaks learned the rest of the signals needed to dial
on the remote switch.
Normally, long-distance calls were billed locally. Since
the trick required a long distance call to be placed in order to connect to the remote switch, it would be billed as
usual. However there were some types of calls that had either no billing, like calls to directory service, or for which
the billing was reversed or billed to another number, like
WATS lines (area code 800 numbers). By dialing one of
these toll-free numbers, the caller was connected to a
remote switch as normal, but no billing record was made
locally. The caller would then play the 2600 Hz tone into
the line to return the remote switch to on-hook, and then
use a blue box to dial the number to which they really
wanted to connect. The local Bell oce would have no
record of the call.
As knowledge of phreaking spread, a minor culture
emerged from the increasing number of phone phreaks.
Sympathetic (or easily social-engineered) telephone company employees were persuaded to reveal the various
routing codes to use international satellites and trunk
lines. At the time it was felt that there was nothing Bell
could do to stop this. Their entire network was based
on this system, so changing the system in order to stop
the phreakers would require a massive infrastructure upgrade.
117
ing lines which phreaks could not access. This system is
known as Common Channel Interoce Signaling. Classic phreaking with the 2600 Hz tone continued to work
in more remote locations into the 1980s, but was of little
use in North America by the 1990s.
The last 2600 Hz-controlled trunk in the continental
United States was operated by the independent Northern
Telephone Company with an N2 Carrier system serving
Wawina, Minnesota until June 15, 2006, when it was
replaced by T1 carrier.[19] The last 2600 Hz-controlled
trunks in North America were located in Livengood,
Alaska, survived another 5 years, and were nally retired
in March 2011.[20]
24.3 See also

24.4 References
[1] Sterling, Bruce (2002) [1993]. The Hacker Crackdown.
McLean, Virginia: IndyPublish.com. ISBN 1-40430641-2.
[2] Stott, Kim (22 July 1983). Hung Up Glenpool Has LongDistance Woes In Making Calls Across the Street. NewsOK. Retrieved 26 May 2013.
[3] Notice to our customers regarding Toll Fraud (PDF).
BizFon. Retrieved 2014-07-25.
[4] SoftCab. Phone Call Recorder. Modemspy.com. Retrieved 2014-07-24.
[5] Robson, Gary D. (April 2004). The Origins of Phreaking. Blacklisted! 411.
[6] DELON (February 27, 2008). COMPLETE HISTORY
OF HACKING. Hacking | LEMNISCATE. Retrieved
2014-12-25.
[7] Lapsley, Phil (2013-11-02). Exploding the Phone: The
Untold Story of the Teenagers and Outlaws who Hacked
Ma Bell. New York: Grove/Atlantic, corporated. ISBN
080212061X.
In fact, Bell responded fairly quickly, but in a more targeted fashion. Looking on local records for inordinately
long calls to directory service or other hints that phreakers were using a particular switch, lters could then be in- [8]
stalled to block eorts at that end oce. Many phreakers
were forced to use pay telephones as the telephone company technicians regularly tracked long-distance toll free
calls in an elaborate cat-and-mouse game. AT&T instead [9]
turned to the law for help, and a number of phreaks were
caught by the government.
[10]
Bell System Technical Journal 43 (5).

September
1964 http://www.alcatel-lucent.com/bstj/vol43-1964/
Retrieved 24 June 2011.
bstj-vol43-issue05.html.
Missing or empty |title= (help)
Phone Trips. Retrieved 2008-06-21.
Rosenbaum, Ron (2011-10-07). The article that inspired
Steve Jobs: Secrets of the Little Blue Box". Slate.com.

Eventually, the phone companies in North America did,
Archived from the original on 2011-11-03. Retrieved
in fact, replace all their hardware. They didn't do it to stop
2013-11-30.
the phreaks, but simply as a matter of course while moving to fully digital switching systems. Unlike the crossbar [11] Secrets of the Little Blue Box. Retrieved 2010-09-04.
switch, where the switching signals and voice were carried
on the same lines, the new systems used separate signal- [12] Steve Jobs and Me: He said my 1971 article inspired him.
His iBook obsessed me.. Retrieved 2011-10-12.
118
[13] ""Secrets of the Little Blue Box": The 1971 article about
phone hacking that inspired Steve Jobs.. Archived from
the original on 2011-11-03. Retrieved 2011-10-12.
[14] Welcome to Woz.org. Retrieved 2008-06-21.
[15] Youth International Party Line (YIPL) / Technological
American Party (TAP), New York FBI les 100-NY179649 and 117-NY-2905 (3.2 Mbytes). (PDF). Retrieved 2013-11-30.
[16] Cheshires Book - TAP.HTML. Retrieved 2008-06-21.
[17] W32.Bugbear.B Worm Identied As Targeting Banks
| Scoop News. Scoop.co.nz. 2003-06-09. Retrieved
2014-07-24.
[18] Angela Moscaritolo (2011-03-18). AT&T sues two over
scheme to steal customer data. SC Magazine. Retrieved
2014-07-24.
[19] Telephone World - Sounds & Recordings from Wawina,
MN. Phworld.org. Retrieved 2013-11-30.
[20] The death of Livengood - Old Skool Phreaking - Binary
Revolution Forums. Binrev.com. Retrieved 2013-11-30.
24.5 External links

Original Esquire article that started it all.
AusPhreak - Australias oldest and largest phreaking
forum
Secrets of the Little Blue Box article with photos
Telephone World Sounds & Recordings of Wawina, Minnesota
Textles.com / phreak Large collection of phreaking
related text les. See also, audio conferences.
Digital Information Society
The History of Phone Phreaking
Phone Trips Large collection of historical phone
recordings.
Phreaky Boys A collection of recordings made in
1990 of voice mail box systems compromised by
phreakers.
Phone Phreaking Demonstrated in India.
Chapter 25
Rootkit
A rootkit is a stealthy type of software, typically
malicious, designed to hide the existence of certain processes or programs from normal methods of detection
and enable continued privileged access to a computer.[1]
The term rootkit is a concatenation of root (the traditional name of the privileged account on Unix operating
systems) and the word kit (which refers to the software components that implement the tool). The term
rootkit has negative connotations through its association with malware.[1]
using tools such as Tripwire that had not been compromised to access the same information.[4][5] Lane Davis
and Steven Dake wrote the earliest known rootkit in 1990
for Sun Microsystems' SunOS UNIX operating system.[6]
In the lecture he gave upon receiving the Turing award in
1983, Ken Thompson of Bell Labs, one of the creators
of Unix, theorized about subverting the C compiler in a
Unix distribution and discussed the exploit. The modied compiler would detect attempts to compile the Unix
login command and generate altered code that would accept not only the users correct password, but an additional "backdoor" password known to the attacker. Additionally, the compiler would detect attempts to compile a new version of the compiler, and would insert the
same exploits into the new compiler. A review of the
source code for the login command or the updated compiler would not reveal any malicious code.[7] This exploit
was equivalent to a rootkit.
Rootkit installation can be automated, or an attacker can

install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on
a system (i.e.), exploiting a known vulnerability (such as
privilege escalation) or a password (obtained by cracking
or social engineering). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged
access. The key is the root or Administrator access. Full
control over a system means that existing software can The rst documented computer virus to target the
be modied, including software that might otherwise be personal computer, discovered in 1986, used cloaking
used to detect or circumvent it.
techniques to hide itself: the Brain virus intercepted
attempts to read the boot sector, and redirected these
Rootkit detection is dicult because a rootkit may be
where a copy of the original
able to subvert the software that is intended to nd it. De- to elsewhere on the disk,
boot sector was kept.[1] Over time, DOS-virus cloaktection methods include using an alternative and trusted
operating system, behavioral-based methods, signature ing methods became more sophisticated, with advanced
techniques including the hooking of low-level disk INT
scanning, dierence scanning, and memory dump analcalls to hide unauthorized modicaysis. Removal can be complicated or practically impos- 13H BIOS interrupt
[1]
tions
to
les.
sible, especially in cases where the rootkit resides in the
kernel; reinstallation of the operating system may be the
only available solution to the problem.[2] When dealing
with rmware rootkits, removal may require hardware replacement, or specialized equipment.
The rst malicious rootkit for the Windows NT operating

system appeared in 1999: a trojan called NTRootkit created by Greg Hoglund.[8] It was followed by HackerDefender in 2003.[1] The rst rootkit targeting Mac OS X
appeared in 2009,[9] while the Stuxnet worm was the rst
to target programmable logic controllers (PLC).[10]
25.1 History
The term rootkit or root kit originally referred to a maliciously modied set of administrative tools for a Unixlike operating system that granted "root" access.[3] If an
intruder could replace the standard administrative tools
on a system with a rootkit, the intruder could obtain root
access over the system whilst simultaneously concealing
these activities from the legitimate system administrator.
These rst-generation rootkits were trivial to detect by
25.1.1 Sony BMG copy protection rootkit

scandal
Main article: Sony BMG copy protection rootkit scandal
In 2005, Sony BMG published CDs with copy protection
and digital rights management software called Extended
Copy Protection, created by software company First 4 In-
119
120
CHAPTER 25. ROOTKIT

and modify the data block checksum verication command. A backdoor allowed an operator with sysadmin
status to deactivate the exchanges transaction log and
alarms and access commands related to the surveillance
capability.[17] The rootkit was discovered after the intruders installed a faulty update, which caused SMS texts to be
undelivered, leading to an automated failure report being
generated. Ericsson engineers were called in to investigate the fault and discovered the hidden data blocks containing the list of phone numbers being monitored, along
with the rootkit and illicit monitoring software.
Screenshot of RootkitRevealer, showing the les hidden by the

Extended Copy Protection rootkit
ternet. The software included a music player but silently

installed a rootkit which limited the users ability to access the CD.[11]
Software engineer Mark Russinovich, who created the
rootkit detection tool RootkitRevealer, discovered the
rootkit on one of his computers.[1] The ensuing scandal
raised the publics awareness of rootkits.[12]
To cloak itself, the rootkit hid from the user any le starting with "$sys$". Soon after Russinovichs report, malware appeared which took advantage of that vulnerability
of aected systems.[1]
25.2 Uses
Modern rootkits do not elevate access,[3] but rather are
used to make another software payload undetectable by
adding stealth capabilities.[8] Most rootkits are classied
as malware, because the payloads they are bundled with
are malicious. For example, a payload might covertly
steal user passwords, credit card information, computing resources, or conduct other unauthorized activities. A
small number of rootkits may be considered utility applications by their users: for example, a rootkit might cloak
a CD-ROM-emulation driver, allowing video game users
to defeat anti-piracy measures that require insertion of the
original installation media into a physical optical drive
to verify that the software was legitimately purchased,
which can be very inconvenient even to those who did
legitimately purchase it.
One BBC analyst called it a public relations

nightmare.[13] Sony BMG released patches to uninstall
Rootkits and their payloads have many uses:
the rootkit, but it exposed users to an even more serious
vulnerability.[14] The company eventually recalled the
Provide an attacker with full access via a backdoor,
CDs. In the United States, a class-action lawsuit was
[15]
permitting unauthorized access to, for example,
brought against Sony BMG.
steal or falsify documents. One of the ways to carry
this out is to subvert the login mechanism, such
as the /bin/login program on Unix-like systems or
25.1.2 Greek wiretapping case 200405
GINA on Windows. The replacement appears to
function normally, but also accepts a secret login
Main article: Greek wiretapping case 20042005
combination that allows an attacker direct access to
the system with administrative privileges, bypassThe Greek wiretapping case of 2004-05, also referred
ing standard authentication and authorization mechto as Greek Watergate,[16] involved the illegal tapping
anisms.
of more than 100 mobile phones on the Vodafone Greece
Conceal other malware, notably password-stealing
network belonging mostly to members of the Greek govkey loggers and computer viruses.[18]
ernment and top-ranking civil servants. The taps began
sometime near the beginning of August 2004 and were
Appropriate the compromised machine as a zombie
removed in March 2005 without discovering the identity
computer for attacks on other computers. (The atof the perpetrators.
tack originates from the compromised system or netThe intruders installed a rootkit targeting Ericssons AXE
work, instead of the attackers system.) Zombie
telephone exchange. According to IEEE Spectrum, this
computers are typically members of large botnets
was the rst time a rootkit has been observed on a
that can launch denial-of-service attacks, distribute
special-purpose system, in this case an Ericsson telee-mail spam, conduct click fraud, etc.
phone switch.[17] The rootkit was designed to patch the
Enforcement of digital rights management (DRM).
memory of the exchange while it was running, enable
wiretapping while disabling audit logs, patch the commands that list active processes and active data blocks, In some instances, rootkits provide desired functionality,
25.3. TYPES
121
User-Mode
and may be installed intentionally on behalf of the computer user:

Conceal cheating in online games from software like
Warden.[19]
Detect attacks, for example, in a honeypot.[20]
Enhance emulation software and security

Kernel-Mode
software.[21] Alcohol 120% and Daemon Tools
Ring 0
are commercial examples of non-hostile rootkits
used to defeat copy-protection mechanisms such
as SafeDisc and SecuROM. Kaspersky antivirus
Ring 1
software also uses techniques resembling rootkits
to protect itself from malicious actions. It loads
Ring 2
its own drivers to intercept system activity, and
then prevents other processes from doing harm
Ring 3
Gate
to itself. Its processes are not hidden, but cannot
be terminated by standard methods (It can be
terminated with Process Hacker).
Computer security rings (Note that Ring 1 is not shown)
Anti-theft protection: Laptops may have BIOSbased rootkit software that will periodically report
to a central authority, allowing the laptop to be monitored, disabled or wiped of information in the event
that it is stolen.[22]
Bypassing Microsoft Product Activation[23]
25.3 Types
Further information: Ring (computer security)
There are at least ve types of rootkit, ranging from those
at the lowest level in rmware (with the highest privileges), through to the least privileged user-based variants
that operate in Ring 3. Hybrid combinations of these
may occur spanning, for example, user mode and kernel
mode.[24]
25.3.1
Interception of messages.
Debuggers.
Exploitation of security vulnerabilities.
Function hooking or patching of commonly used
APIs, for example, to hide a running process or le
that resides on a lesystem.[26]
...since user mode applications all run in
their own memory space, the rootkit needs to
perform this patching in the memory space
of every running application. In addition, the
rootkit needs to monitor the system for any
new applications that execute and patch those
programs memory space before they fully
execute.
Windows Rootkit Overview, Symantec[3]
User mode
User-mode rootkits run in Ring 3, along with other applications as user, rather than low-level system processes.[25]
They have a number of possible installation vectors to
intercept and modify the standard behavior of application programming interfaces (APIs). Some inject a
dynamically linked library (such as a .DLL le on Windows, or a .dylib le on Mac OS X) into other processes,
and are thereby able to execute inside any target process
to spoof it; others with sucient privileges simply overwrite the memory of a target application. Injection mechanisms include:[25]
25.3.2 Kernel mode
Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system, including both the
kernel and associated device drivers. Most operating systems support kernel-mode device drivers, which execute
with the same privileges as the operating system itself.
As such, many kernel-mode rootkits are developed as device drivers or loadable modules, such as loadable kernel modules in Linux or device drivers in Microsoft Windows. This class of rootkit has unrestricted security access, but is more dicult to write.[27] The complexity
Use of vendor-supplied application extensions. For makes bugs common, and any bugs in code operating
example, Windows Explorer has public interfaces at the kernel level may seriously impact system stabilthat allow third parties to extend its functionality.
ity, leading to discovery of the rootkit.[27] One of the rst
122
CHAPTER 25. ROOTKIT
widely known kernel rootkits was developed for Windows The only known defenses against bootkit attacks are
NT 4.0 and released in Phrack magazine in 1999 by Greg the prevention of unauthorized physical access to the
Hoglund.[28][29][30]
systema problem for portable computersor the use
Platform Module congured to protect the
Kernel rootkits can be especially dicult to detect and of a Trusted
[45]
boot
path.
remove because they operate at the same security level as
the operating system itself, and are thus able to intercept
or subvert the most trusted operating system operations.
Any software, such as antivirus software, running on the 25.3.3 Hypervisor level
compromised system is equally vulnerable.[31] In this sitRootkits have been created as Type II Hypervisors in
uation, no part of the system can be trusted.
academia as proofs of concept. By exploiting hardware
A rootkit can modify data structures in the Windows ker- virtualization features such as Intel VT or AMD-V, this
nel using a method known as direct kernel object manip- type of rootkit runs in Ring 1 and hosts the target opulation (DKOM).[32] This method can be used to hide erating system as a virtual machine, thereby enabling the
processes. A kernel mode rootkit can also hook the rootkit to intercept hardware calls made by the original
System Service Descriptor Table (SSDT), or modify the operating system.[5] Unlike normal hypervisors, they do
gates between user mode and kernel mode, in order to not have to load before the operating system, but can load
cloak itself.[3] Similarly for the Linux operating system, into an operating system before promoting it into a vira rootkit can modify the system call table to subvert ker- tual machine.[5] A hypervisor rootkit does not have to
nel functionality.[33] Its common that a rootkit creates a make any modications to the kernel of the target to subhidden, encrypted lesystem in which it can hide other vert it; however, that does not mean that it cannot be demalware or original copies of les it has infected.[34]
tected by the guest operating system. For example, timOperating systems are evolving to counter the threat of ing dierences may be detectable in CPU instructions.[5]
kernel-mode rootkits. For example, 64-bit editions of The SubVirt laboratory rootkit, developed jointly by
Microsoft Windows now implement mandatory signing Microsoft and University of Michigan researchers, is an
of all kernel-level drivers in order to make it more dicult academic example of a virtual machinebased rootkit
for untrusted code to execute with the highest privileges (VMBR),[46] while Blue Pill is another.
in a system.[35]
In 2009, researchers from Microsoft and North Carolina
Bootkits
A kernel-mode rootkit variant called a bootkit can infect startup code like the Master Boot Record (MBR),
Volume Boot Record (VBR) or boot sector, and in this
way, can be used to attack full disk encryption systems.
An example is the Evil Maid Attack, in which an attacker installs a bootkit on an unattended computer, replacing the legitimate boot loader with one under his control. Typically the malware loader persists through the
transition to protected mode when the kernel has loaded,
and is thus able to subvert the kernel.[36][37][38][39] For
example, the Stoned Bootkit subverts the system by
using a compromised boot loader to intercept encryption keys and passwords.[40] More recently, the Alureon
rootkit has successfully subverted the requirement for 64bit kernel-mode driver signing in Windows 7 by modifying the master boot record.[41] Although not malware in
the sense of doing something the user doesn't want, certain Vista Loader or Windows Loader software works
in a similar way by injecting an ACPI SLIC (System Licensed Internal Code) table in the RAM-cached version
of the BIOS during boot, in order to defeat the Windows
Vista and Windows 7 activation process.[42][43] This vector of attack was rendered useless in the (non-server)
versions of Windows 8, which use a unique, machinespecic key for each system, that can only be used by that
one machine.[44]
State University demonstrated a hypervisor-layer antirootkit called Hooksafe, which provides generic protection against kernel-mode rootkits.[47]
25.3.4 Firmware and hardware

A rmware rootkit uses device or platform rmware
to create a persistent malware image in hardware, such
as a router, network card,[48] hard drive, or the system BIOS.[25] The rootkit hides in rmware, because
rmware is not usually inspected for code integrity. John
Heasman demonstrated the viability of rmware rootkits
in both ACPI rmware routines[49] and in a PCI expansion card ROM.[50]
In October 2008, criminals tampered with European
credit-card-reading machines before they were installed.
The devices intercepted and transmitted credit card details via a mobile phone network.[51] In March 2009, researchers Alfredo Ortega and Anibal Sacco published
details of a BIOS-level Windows rootkit that was able
to survive disk replacement and operating system reinstallation.[52][53][54] A few months later they learned that
some laptops are sold with a legitimate rootkit, known as
Absolute CompuTrace or Absolute LoJack for Laptops,
preinstalled in many BIOS images. This is an anti-theft
technology system that researchers showed can be turned
to malicious purposes.[22]
Intel Active Management Technology, part of Intel vPro,
25.5. DETECTION
implements out-of-band management, giving administrators remote administration, remote management, and
remote control of PCs with no involvement of the host
processor or BIOS, even when the system is powered o.
Remote administration includes remote power-up and
power-down, remote reset, redirected boot, console redirection, pre-boot access to BIOS settings, programmable
ltering for inbound and outbound network trac, agent
presence checking, out-of-band policy-based alerting, access to system information, such as hardware asset information, persistent event logs, and other information that
is stored in dedicated memory (not on the hard drive)
where it is accessible even if the OS is down or the PC is
powered o. Some of these functions require the deepest level of rootkit, a second non-removable spy computer
built around the main computer. Sandy Bridge and future
chipsets have the ability to remotely kill and restore a lost
or stolen PC via 3G. Hardware rootkits built into the
chipset can help recover stolen computers, remove data,
or render them useless, but they also present privacy and
security concerns of undetectable spying and redirection
by management or hackers who might gain control.
25.4 Installation and cloaking

Rootkits employ a variety of techniques to gain control
of a system; the type of rootkit inuences the choice of
attack vector. The most common technique leverages
security vulnerabilities to achieve surreptitious privilege
escalation. Another approach is to use a Trojan horse, deceiving a computer user into trusting the rootkits installation program as benignin this case, social engineering
convinces a user that the rootkit is benecial.[27] The installation task is made easier if the principle of least privilege is not applied, since the rootkit then does not have
to explicitly request elevated (administrator-level) privileges. Other classes of rootkits can be installed only by
someone with physical access to the target system. Some
rootkits may also be installed intentionally by the owner
of the system or somebody authorized by the owner, e.g.
for the purpose of employee monitoring, rendering such
subversive techniques unnecessary.[55]
The installation of malicious rootkits is commercially
driven, with a pay-per-install (PPI) compensation method
typical for distribution.[56][57]
Once installed, a rootkit takes active measures to obscure its presence within the host system through subversion or evasion of standard operating system security
tools and APIs used for diagnosis, scanning, and monitoring. Rootkits achieve this by modifying the behavior of core parts of an operating system through loading code into other processes, the installation or modication of drivers, or kernel modules. Obfuscation
techniques include concealing running processes from
system-monitoring mechanisms and hiding system les
and other conguration data.[58] It is not uncommon for
123
a rootkit to disable the event logging capacity of an operating system, in an attempt to hide evidence of an attack. Rootkits can, in theory, subvert any operating system activities.[59] The perfect rootkit can be thought of
as similar to a "perfect crime": one that nobody realizes
has taken place.
Rootkits also take a number of measures to ensure their
survival against detection and cleaning by antivirus software in addition to commonly installing into Ring 0
(kernel-mode), where they have complete access to a system. These include polymorphism, stealth techniques, regeneration, and disabling anti-malware software.[60]
25.5 Detection
The fundamental problem with rootkit detection is that if
the operating system has been subverted, particularly by
a kernel-level rootkit, it cannot be trusted to nd unauthorized modications to itself or its components.[59] Actions
such as requesting a list of running processes, or a list of
les in a directory, cannot be trusted to behave as expected. In other words, rootkit detectors that work while
running on infected systems are only eective against
rootkits that have some defect in their camouage, or that
run with lower user-mode privileges than the detection
software in the kernel.[27] As with computer viruses, the
detection and elimination of rootkits is an ongoing struggle between both sides of this conict.[59]
Detection can take a number of dierent approaches,
including signatures (e.g. antivirus software), integrity
checking (e.g. digital signatures), dierence-based detection (comparison of expected vs. actual results), and
behavioral detection (e.g. monitoring CPU usage or network trac). For kernel-mode rootkits, detection is considerably more complex, requiring careful scrutiny of the
System Call Table to look for hooked functions where the
malware may be subverting system behavior,[61] as well
as forensic scanning of memory for patterns that indicate
hidden processes.
Unix rootkit detection oerings include Zeppoo,[62]
chkrootkit, rkhunter and OSSEC. For Windows,
detection tools include Microsoft Sysinternals
RootkitRevealer,[63] Avast! Antivirus, Sophos AntiRootkit,[64] F-Secure,[65] Radix,[66] GMER,[67] and
WindowsSCOPE. Any rootkit detectors that prove effective ultimately contribute to their own ineectiveness,
as malware authors adapt and test their code to escape
detection by well-used tools.[Notes 1]
Detection by examining storage while the suspect operating system is not operational can miss rootkits not recognised by the checking software, as the rootkit is not active
and suspicious behavior is suppressed; conventional antimalware software running with the rootkit operational
may fail if the rootkit hides itself eectively.
124
25.5.1
CHAPTER 25. ROOTKIT
Alternative trusted medium
A rootkit may detect the presence of a such dierencebased scanner or virtual machine (the latter being commonly used to perform forensic analysis), and adjust
its behaviour so that no dierences can be detected.
Dierence-based detection was used by Russinovich's
RootkitRevealer tool to nd the Sony DRM rootkit.[1]
The best and most reliable method for operating-systemlevel rootkit detection is to shut down the computer suspected of infection, and then to check its storage by
booting from an alternative trusted medium (e.g. a rescue
CD-ROM or USB ash drive).[68] The technique is eective because a rootkit cannot actively hide its presence if
25.5.5
it is not running.
25.5.2
Integrity checking
Behavioral-based
The behavioral-based approach to detecting rootkits attempts to infer the presence of a rootkit by looking for
rootkit-like behavior. For example, by proling a system,
dierences in the timing and frequency of API calls or in
overall CPU utilization can be attributed to a rootkit. The
method is complex and is hampered by a high incidence
of false positives. Defective rootkits can sometimes introduce very obvious changes to a system: the Alureon
rootkit crashed Windows systems after a security update
exposed a design aw in its code.[69][70]
Logs from a packet analyzer, rewall, or intrusion prevention system may present evidence of rootkit behaviour in
a networked environment.[24]
25.5.3
Signature-based
Antivirus products rarely catch all viruses in public tests

(depending on what is used and to what extent), even
though security software vendors incorporate rootkit detection into their products. Should a rootkit attempt
to hide during an antivirus scan, a stealth detector may
notice; if the rootkit attempts to temporarily unload itself from the system, signature detection (or ngerprinting) can still nd it. This combined approach forces
attackers to implement counterattack mechanisms, or
retro routines, that attempt to terminate antivirus programs. Signature-based detection methods can be eective against well-published rootkits, but less so against
specially crafted, custom-root rootkits.[59]
25.5.4
Dierence-based
Another method that can detect rootkits compares

trusted raw data with tainted content returned by
an API. For example, binaries present on disk can be
compared with their copies within operating memory (in
some operating systems, the in-memory image should
be identical to the on-disk image), or the results returned from le system or Windows Registry APIs can
be checked against raw structures on the underlying physical disks[59][71] however, in the case of the former,
some valid dierences can be introduced by operating
system mechanisms like memory relocation or shimming.
The rkhunter utility uses SHA-1 hashes to verify the integrity of

system les.
Code signing uses public-key infrastructure to check if a

le has been modied since being digitally signed by its
publisher. Alternatively, a system owner or administrator
can use a cryptographic hash function to compute a ngerprint at installation time that can help to detect subsequent unauthorized changes to on-disk code libraries.[72]
However, unsophisticated schemes check only whether
the code has been modied since installation time; subversion prior to that time is not detectable. The ngerprint
must be re-established each time changes are made to the
system: for example, after installing security updates or a
service pack. The hash function creates a message digest,
a relatively short code calculated from each bit in the le
using an algorithm that creates large changes in the message digest with even smaller changes to the original le.
By recalculating and comparing the message digest of the
installed les at regular intervals against a trusted list of
message digests, changes in the system can be detected
and monitoredas long as the original baseline was created before the malware was added. More-sophisticated
rootkits are able to subvert the verication process by
presenting an unmodied copy of the le for inspection,
or by making code modications only in memory, rather
25.7. PUBLIC AVAILABILITY
125
than on disk. The technique may therefore be eective

only against unsophisticated rootkitsfor example, those
that replace Unix binaries like "ls" to hide the presence of
a le.
to be copied oor, alternatively, a forensic examination performed.[24] Lightweight operating systems such
as Windows PE, Windows Recovery Console, Windows
Recovery Environment, BartPE, or Live Distros can be
Similarly, detection in rmware can be achieved by com- used for this purpose, allowing the system to be cleaned.
puting a cryptographic hash of the rmware and compar- Even if the type and nature of a rootkit is known, maning it to a whitelist of expected values, or by extending the ual repair may be impractical, while re-installing the
hash value into Trusted Platform Module (TPM) cong- operating system and applications is safer, simpler and
uration registers, which are later compared to a whitelist quicker.[83]
of expected values.[73] The code that performs hash, compare, or extend operations must also be protectedin this
context, the notion of an immutable root-of-trust holds
that the very rst code to measure security properties of 25.7 Public availability
a system must itself be trusted to ensure that a rootkit or
bootkit does not compromise the system at its most fun- Like much malware used by attackers, many rootkit
implementations are shared and are easily available on
damental level.[74]
the Internet. It is not uncommon to see a compromised system in which a sophisticated, publicly available rootkit hides the presence of unsophisticated worms
25.5.6 Memory dumps
or attack tools apparently written by inexperienced
Forcing a complete dump of virtual memory will cap- programmers.[24]
ture an active rootkit (or a kernel dump in the case of a Most of the rootkits available on the Internet originated
kernel-mode rootkit), allowing oine forensic analysis to as exploits or as academic proofs of concept to demonbe performed with a debugger against the resulting dump strate varying methods of hiding things within a computer
le, without the rootkit being able to take any measures to system and of taking unauthorized control of it.[85] Often
cloak itself. This technique is highly specialized, and may not fully optimized for stealth, such rootkits sometimes
require access to non-public source code or debugging leave unintended evidence of their presence. Even so,
symbols. Memory dumps initiated by the operating sys- when such rootkits are used in an attack, they are often
tem cannot always be used to detect a hypervisor-based eective. Other rootkits with keylogging features such
rootkit, which is able to intercept and subvert the lowest- as GameGuard are installed as part of online commercial
level attempts to read memory[5] a hardware device, games.
such as one that implements a non-maskable interrupt,
may be required to dump memory in this scenario.[75][76]
25.8 Defenses
25.6 Removal
Manual removal of a rootkit is often too dicult for a typical computer user,[25] but a number of security-software
vendors oer tools to automatically detect and remove
some rootkits, typically as part of an antivirus suite. As of
2005, Microsofts monthly Windows Malicious Software
Removal Tool is able to detect and remove some classes
of rootkits.[77][78] Some antivirus scanners can bypass le
system APIs, which are vulnerable to manipulation by
a rootkit. Instead, they access raw lesystem structures
directly, and use this information to validate the results
from the system APIs to identify any dierences that may
be caused by a rootkit.[Notes 2][79][80][81][82]
There are experts who believe that the only reliable
way to remove them is to re-install the operating system from trusted media.[83][84] This is because antivirus
and malware removal tools running on an untrusted system may be ineective against well-written kernel-mode
rootkits. Booting an alternative operating system from
trusted media can allow an infected system volume to be
mounted and potentially safely cleaned and critical data
System hardening represents one of the rst layers of defence against a rootkit, to prevent it from being able to
install.[86] Applying security patches, implementing the
principle of least privilege, reducing the attack surface
and installing antivirus software are some standard security best practices that are eective against all classes of
malware.[87]
New secure boot specications like Unied Extensible
Firmware Interface are currently being designed to address the threat of bootkits.
For server systems, remote server attestation using technologies such as Intel Trusted Execution Technology
(TXT) provide a way of validating that servers remain
in a known good state. For example, Microsoft Bitlocker
encrypting data-at-rest validates servers are in a known
good state on bootup. PrivateCore vCage is a software oering that secures data-in-use (memory) to avoid
bootkits and rootkits by validating servers are in a known
good state on bootup. The PrivateCore implementation
works in concert with Intel TXT and locks down server
system interfaces to avoid potential bootkits and rootkits.
126
25.9 See also

Hacker con
Host-based intrusion detection system
Man-in-the-middle attack
The Rootkit Arsenal: Escape and Evasion in the
Dark Corners of the System
25.10 Notes
[1] The process name of Sysinternals RootkitRevealer was
targeted by malware; in an attempt to counter this countermeasure, the tool now uses a randomly generated process
name.
[2] In theory, a suciently sophisticated kernel-level rootkit
could subvert read operations against raw lesystem data
structures as well, so that they match the results returned
by APIs.
25.11 References
CHAPTER 25. ROOTKIT
[11] Spyware Detail: XCP.Sony.Rootkit. Computer Associates. 2005-11-05. Archived from the original on 201209-21. Retrieved 2010-08-19.
[12] Russinovich, Mark (2005-10-31). Sony, Rootkits and
Digital Rights Management Gone Too Far. TechNet
Blogs. Microsoft. Archived from the original on 201207-07. Retrieved 2010-08-16.
[13] Sonys long-term rootkit CD woes. BBC News. 200511-21. Archived from the original on 2012-07-15. Retrieved 2008-09-15.
[14] Felton, Ed (2005-11-15). Sonys Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs.
Archived from the original on 2012-09-05.
[15] Knight, Will (2005-11-11). Sony BMG sued over cloaking software on music CD. New Scientist (Sutton, UK:
Reed Business Information). Archived from the original
on 2012-09-21. Retrieved 2010-11-21.
[16] Kyriakidou, Dina (March 2, 2006). ""Greek Watergate
Scandal Sends Political Shockwaves. Reuters. Retrieved
2007-11-24.
[17] Vassilis Prevelakis, Diomidis Spinellis (July 2007). The
Athens Aair. Archived from the original on 2012-0921.
[1] Rootkits, Part 1 of 3: The Growing Threat (PDF).

McAfee. 2006-04-17. Archived from the original (PDF)
on 2006-08-23.
[18] Russinovich, Mark (June 2005). Unearthing Root Kits.

Windows IT Pro. Archived from the original on 2012-0918. Retrieved 2010-12-16.
[2] http://www.technibble.com/
how-to-remove-a-rootkit-from-a-windows-system/
[19] World of Warcraft Hackers Using Sony BMG Rootkit.

The Register. 2005-11-04. Archived from the original on
2012-09-17. Retrieved 2010-08-23.
[3] Windows Rootkit Overview (PDF). Symantec. 200603-26. Retrieved 2010-08-17.

[4] Sparks, Sherri; Butler, Jamie (2005-08-01). Raising
The Bar For Windows Rootkit Detection. Phrack 0xb
(0x3d).
[5] Myers, Michael; Youndt, Stephen (2007-08-07). An Introduction to Hardware-Assisted Virtual Machine (HVM)
Rootkits. Crucial Security. CiteSeerX: 10.1.1.90.8832.
[20] Steve Hanna (September 2007). Using Rootkit Technology for Honeypot-Based Malware Detection (PDF).
CCEID Meeting.
[21] Russinovich, Mark (6 February 2006). Using Rootkits
to Defeat Digital Rights Management. Winternals. SysInternals. Archived from the original on 31 August 2006.
[6] Andrew Hay, Daniel Cid, Rory Bray (2008). OSSEC HostBased Intrusion Detection Guide. Syngress. p. 276. ISBN
1-59749-240-X.
[22] Ortega, Alfredo; Sacco, Anibal (2009-07-24). Deactivate

the Rootkit: Attacks on BIOS anti-theft technologies (PDF).
Black Hat USA 2009 (PDF). Boston, MA: Core Security
Technologies. Retrieved 2014-06-12.
[7] Thompson, Ken (August 1984). Reections on Trusting

Trust (PDF). Communications of the ACM 27 (8): 761.
doi:10.1145/358198.358210.
[23] Kleissner, Peter (2009-09-02). Stoned Bootkit: The Rise

of MBR Rootkits & Bootkits in the Wild (PDF). Retrieved 2010-11-23.
[8] Greg Hoglund, James Butler (2006). Rootkits: Subverting

the Windows kernel. Addison-Wesley. p. 4. ISBN 0-32129431-9.
[24] Anson, Steve; Bunting, Steve (2007). Mastering Windows Network Forensics and Investigation. John Wiley and
Sons. pp. 7374. ISBN 0-470-09762-0.
[9] Dai Zovi, Dino (2009-07-26). Advanced Mac OS X

Rootkits (PDF). Blackhat. Endgame Systems. Retrieved
2010-11-23.
[25] Rootkits Part 2: A Technical Primer (PDF). McAfee.

2007-04-03. Archived from the original (PDF) on 200812-05. Retrieved 2010-08-17.
[10] Stuxnet Introduces the First Known Rootkit for Industrial Control Systems. Symantec. 2010-08-06. Archived
from the original on 2012-09-11. Retrieved 2010-12-04.
[26] Kdm. NTIllusion: A portable Win32 userland rootkit.

Phrack 62 (12). Archived from the original on 2012-0912.
25.11. REFERENCES
[27] Understanding Anti-Malware Technologies (PDF).

Microsoft. 2007-02-21. Retrieved 2010-08-17.
[28] Hoglund, Greg (1999-09-09). A *REAL* NT Rootkit,
Patching the NT Kernel. Phrack 9 (55). Archived from
the original on 2012-07-14. Retrieved 2010-11-21.
[29] Shevchenko, Alisa (2008-09-01). Rootkit Evolution.
Help Net Security. Help Net Security. p. 2. Archived
from the original on 2012-09-03.
[30] Chuvakin, Anton (2003-02-02). An Overview of Unix
Rootkits (PDF) (Report). Chantilly, Virginia: iDEFENSE. Retrieved 2010-11-21.
[31] Butler, James; Sparks, Sherri (2005-11-16). Windows
Rootkits of 2005, Part Two. Symantec Connect. Symantec. Archived from the original on 2012-09-11. Retrieved
2010-11-13.
[32] Butler, James; Sparks, Sherri (2005-11-03). Windows
Rootkits of 2005, Part One. Symantec Connect. Symantec. Archived from the original on 2012-09-12. Retrieved
2010-11-12.
[33] Burdach, Mariusz (2004-11-17). Detecting Rootkits
And Kernel-level Compromises In Linux. Symantec.
2010-11-23.
[34] Marco Giuliani (11 April 2011). ZeroAccess An Advanced Kernel Mode Rootkit (PDF). Webroot Software.
[35] Driver Signing Requirements for Windows. Microsoft.
2008-07-06.
[36] Soeder, Derek; Permeh, Ryan (2007-05-09). Bootroot.
eEye Digital Security. Archived from the original on
2012-09-21. Retrieved 2010-11-23.
[37] Schneier, Bruce (2009-10-23). "'Evil Maid' Attacks on
Encrypted Hard Drives. Archived from the original on
2012-09-11. Retrieved 2009-11-07.
[38] Kumar, Nitin; Kumar, Vipin (2007). Vbootkit: Compromising Windows Vista Security (PDF). Black Hat Europe
2007.
[39] BOOT KIT: Custom boot sector based Windows
2000/XP/2003 Subversion. NVlabs. 2007-02-04. Retrieved 2010-11-21.
[40] Kleissner, Peter (2009-10-19). Stoned Bootkit. Peter
Kleissner. Archived from the original on 2012-09-21.
[41] Goodin, Dan (2010-11-16). Worlds Most Advanced
Rootkit Penetrates 64-bit Windows. The Register.
2010-11-22.
[42] Peter Kleissner, The Rise of MBR Rootkits And Bootkits
in the Wild, Hacking at Random (2009) - text; slides
[43] Windows Loader - Software Informer. This is the loader
application thats used by millions of people worldwide
127
[44] Microsoft tightens grip on OEM Windows 8 licensing

[45] Scambray, Joel; McClure, Stuart (2007). Hacking Exposed Windows: Windows Security Secrets & Solutions.
McGraw-Hill Professional. pp. 371372. ISBN 0-07149426-X.
[46] King, Samuel T.; Chen, Peter M.; Wang, Yi-Min;
Verbowski, Chad; Wang, Helen J.; Lorch, Jacob R.
(2006-04-03). International Business Machines (ed.),
ed. SubVirt: Implementing malware with virtual machines (PDF). 2006 IEEE Symposium on Security and
Privacy. Institute of Electrical and Electronics Engineers. doi:10.1109/SP.2006.38. ISBN 0-7695-2574-1.
[47] Wang, Zhi; Jiang, Xuxian; Cui, Weidong; Ning,
Peng (2009-08-11). Countering Kernel Rootkits with
Lightweight Hook Protection (PDF). In Al-Shaer, Ehab
(General Chair). Proceedings of the 16th ACM Conference on Computer and Communications Security. CCS
2009: 16th ACM Conference on Computer and Communications Security. Jha, Somesh; Keromytis, Angelos D. (Program Chairs). New York: ACM New
York. doi:10.1145/1653662.1653728. ISBN 978-160558-894-0. Retrieved 2009-11-11.
[48] Delugr, Guillaume (2010-11-21). Reversing the Broacom
NetExtremes Firmware (PDF). hack.lu. Sogeti. Retrieved
2010-11-25.
[49] Heasman, John (2006-01-25). Implementing and Detecting an ACPI BIOS Rootkit (PDF). Black Hat Federal 2006.
NGS Consulting. Retrieved 2010-11-21.
[50] Heasman, John (2006-11-15). Implementing and Detecting a PCI Rootkit (PDF). Next Generation Security
Software. CiteSeerX: 10.1.1.89.7305. Retrieved 201011-13.
[51] Modine, Austin (2008-10-10). Organized crime tampers with European card swipe devices: Customer data
beamed overseas. The Register. Situation Publishing.
2008-10-13.
[52] Sacco, Anibal; Ortga, Alfredo (2009). Persistent BIOS
infection (PDF). CanSecWest 2009. Core Security Technologies. Retrieved 2010-11-21.
[53] Goodin, Dan (2009-03-24). Newfangled rootkits survive hard disk wiping. The Register. Situation Publishing. Archived from the original on 2012-09-21. Retrieved
2009-03-25.
[54] Sacco, Anibal; Ortga, Alfredo (2009-06-01). Persistent
BIOS Infection: The Early Bird Catches the Worm.
Phrack 66 (7). Archived from the original on 2012-0717. Retrieved 2010-11-13.
[55] Ric Vieler (2007). Professional Rootkits. John Wiley &
Sons. p. 244. ISBN 9780470149546.
[56] Matrosov, Aleksandr; Rodionov, Eugene (2010-06-25).
TDL3: The Rootkit of All Evil?" (PDF). Moscow:
ESET. p. 3. Retrieved 2010-08-17.
128
[57] Matrosov, Aleksandr; Rodionov, Eugene (2011-06-27).

The Evolution of TDL: Conquering x64 (PDF). ESET.
[58] Brumley, David (1999-11-16). Invisible Intruders:
rootkits in practice. USENIX. USENIX. Archived from
the original on 2012-05-27.
[59] Davis, Michael A.; Bodmer, Sean; LeMasters, Aaron
(2009-09-03). Chapter 10: Rootkit Detection (PDF).
Hacking Exposed Malware & Rootkits: Malware & rootkits security secrets & solutions (PDF). New York: McGraw
Hill Professional. ISBN 978-0-07-159118-8. Retrieved
2010-08-14.
[60] Trlokom (2006-07-05). Defeating Rootkits and Keyloggers (PDF). Trlokom. Retrieved 2010-08-17.
[61] Dai Zovi, Dino (2011). Kernel Rootkits. Retrieved 13
Sep 2012.
[62] Zeppoo. SourceForge. 18 July 2009. Archived from
the original on 2012-07-19. Retrieved 8 August 2011.
[63] Cogswell, Bryce; Russinovich, Mark (2006-11-01).
RootkitRevealer v1.71. Microsoft. Archived from the
original on 2012-06-04. Retrieved 2010-11-13.
[64] Sophos Anti-Rootkit. Sophos. Archived from the original on 2012-09-21. Retrieved 8 August 2011.
[65] BlackLight. F-Secure. Archived from the original on
2012-09-21. Retrieved 8 August 2011.
[66] Radix Anti-Rootkit. usec.at. Archived from the original on 2012-09-21. Retrieved 8 August 2011.
[67] GMER. Archived from the original on 2012-08-02.
[68] Harriman, Josh (2007-10-19). A Testing Methodology
for Rootkit Removal Eectiveness (PDF). Dublin, Ireland: Symantec Security Response. Retrieved 2010-0817.
[69] Cuibotariu, Mircea (2010-02-12). Tidserv and MS10015. Symantec. Archived from the original on 2012-0921. Retrieved 2010-08-19.
[70] Restart Issues After Installing MS10-015. Microsoft.
2010-02-11. Archived from the original on 2012-07-07.
[71] Strider GhostBuster Rootkit Detection. Microsoft Research. 2010-01-28. Archived from the original on 201207-29. Retrieved 2010-08-14.
[72] Signing and Checking Code with Authenticode.
Microsoft. Archived from the original on 2012-09-21.
[73] Stopping Rootkits at the Network Edge (PDF). Beaverton, Oregon: Trusted Computing Group. January 2007.
[74] TCG PC Specic Implementation Specication, Version
1.1 (PDF). Trusted Computing Group. 2003-08-18. Retrieved 2010-11-22.
CHAPTER 25. ROOTKIT
[75] How to generate a complete crash dump le or a kernel

crash dump le by using an NMI on a Windows-based
system. Microsoft. Archived from the original on 201207-20. Retrieved 2010-11-13.
[76] Seshadri, Arvind et al. (2005). Pioneer: Verifying Code
Integrity and Enforcing Untampered Code Execution on
Legacy Systems. Carnegie Mellon University.
[77] Dillard, Kurt (2005-08-03). Rootkit battle: Rootkit Revealer vs. Hacker Defender. Archived from the original
on 2012-07-13.
[78] The Microsoft Windows Malicious Software Removal
Tool helps remove specic, prevalent malicious software
from computers that are running Windows 7, Windows
Vista, Windows Server 2003, Windows Server 2008, or
Windows XP. Microsoft. 2010-09-14. Archived from
[79] Hultquist, Steve (2007-04-30). Rootkits: The next big
enterprise threat?". InfoWorld (IDG). Archived from the
original on 2012-09-21. Retrieved 2010-11-21.
[80] Security Watch: Rootkits for fun and prot. CNET Reviews. 2007-01-19. Archived from the original on 201207-18. Retrieved 2009-04-07.
[81] Bort, Julie (2007-09-29). Six ways to ght back against
botnets. PCWorld. San Francisco: PCWorld Communications. Archived from the original on 2012-09-07. Retrieved 2009-04-07.
[82] Hoang, Mimi (2006-11-02). Handling Todays Tough
Security Threats: Rootkits.
Symantec Connect.
Symantec. Archived from the original on 2012-09-21.
[83] Danseglio, Mike; Bailey, Tony (2005-10-06). Rootkits:
The Obscure Hacker Attack. Microsoft. Archived from
[84] Messmer, Ellen (2006-08-26). Experts Divided Over
Rootkit Detection and Removal. NetworkWorld.com
(Framingham, Mass.: IDG). Archived from the original
on 2012-09-03. Retrieved 2010-08-15.
[85] Stevenson, Larry; Altholz, Nancy (2007). Rootkits for
Dummies. John Wiley and Sons Ltd. p. 175. ISBN 0471-91710-9.
[86] Skoudis, Ed; Zeltser, Lenny (2004). Malware: Fighting
Malicious Code. Prentice Hall PTR. p. 335. ISBN 0-13101405-6.
[87] Hannel, Jeromey (2003-01-23). Linux RootKits For Beginners - From Prevention to Removal (PDF). SANS Institute. Retrieved 2010-11-22.

Blunden, Bill (2009). The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System.
Wordware. ISBN 978-1-59822-061-2.

Hoglund, Greg; Butler, James (2005). Rootkits:
Subverting the Windows Kernel. Addison-Wesley
Professional. ISBN 0-321-29431-9.
Grampp, F. T.; Morris, Robert H., Sr. (October
1984). The UNIX System: UNIX Operating System Security. AT&T Bell Laboratories Technical
Journal (AT&T) 62 (8): 16491672.
Kong, Joseph (2007). Designing BSD Rootkits. No
Starch Press. ISBN 1-59327-142-5.
Veiler, Ric (2007). Professional Rootkits. Wrox.
ISBN 978-0-470-10154-4.

Rootkit Analysis: Research and Analysis of Rootkits
Even Nastier: Traditional RootKits
Sophos Podcast about rootkit removal
Rootkit research in Microsoft
Testing of antivirus/anti-rootkit software for the detection and removal of rootkits, Anti-Malware Test
Lab, January 2008
Testing of anti-rootkit software, InformationWeek,
January 2007
Security Now! Episode 9, Rootkits, Podcast by
Steve Gibson/GRC explaining Rootkit technology,
October 2005
129
Chapter 26
Script kiddie
In programming culture a script kiddie or skiddie[1]
(also known as skid, script bunny,[2] script kitty)[3] is an
unskilled individual who uses scripts or programs developed by others to attack computer systems and networks,
and deface websites. It is generally assumed that script
kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own, and that their
objective is to try to impress their friends or gain credit
in computer-enthusiast communities.[4] The term is generally considered to be pejorative.
toolkits to create and propagate the Anna Kournikova and

Love Bug viruses.[1] Script kiddies lack, or are only developing, programming skills sucient to understand the
eects and side eects of their actions. As a result, they
leave signicant traces which lead to their detection, or
directly attack companies which have detection and countermeasures already in place, or in recent cases, leave automatic crash reporting turned on.[11][12]
26.2 See also

26.1 Characteristics
Black hat hacker

In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are dened
as

Lamer
The more immature but unfortunately often just as dangerous exploiter of security
lapses on the Internet. The typical script
kiddy uses existing and frequently well known
and easy-to-nd techniques and programs or
scripts to search for and exploit weaknesses
in other computers on the Internetoften
randomly and with little regard or perhaps
even understanding of the potentially harmful
consequences.[5]
List of convicted computer criminals
26.3 References
[1] Leyden, John (February 21, 2001). Virus toolkits are
skiddie menace. The Register.
[2] Script bunny - denition. SpywareGuide.com.
Script kiddies have at their disposal a large number of effective, easily downloadable programs capable of breaching computers and networks.[4] Such programs have
included remote denial-of-service WinNuke,[6] trojans
Back Orice, NetBus, Sub7,[7] and ProRat, vulnerability
scanner/injector kit Metasploit,[8] and often software intended for legitimate security auditing.[9] A survey of college students in 2010, supported by the UKs Association
of Chief Police Ocers, indicated a high level of interest
in beginning hacking: 23% of 'uni' students have hacked
into IT systems [...] 32% thought hacking was 'cool' [...]
28% considered it to be easy.[10]
Script kiddies vandalize websites both for the thrill of
it and to increase their reputation among their peers.[4]
Some more malicious script kiddies have used virus
130
[3] Baldwin, Clare; Christie, Jim (July 9, 2009). Cyber attacks may not have come from North Korea. San Francisco; Reuters.com.
[4] Lemos, Robert (July 12, 2000). Script kiddies: The Nets
cybergangs. ZDNet. Retrieved 2007-04-24.
[5] Mead, Nancy R.; Hough, Eric D.; Stehney, Theodore
R. III (May 16, 2006). Security Quality Requirements Engineering (SQUARE) Methodology CMU/SEI2005-TR-009 (PDF). Carnegie Mellon University, DOD.
CERT.org.
[6] Klevinsky, T. J. ; Laliberte, Scott; Gupta, Ajay (2002).
Hack I.T.: security through penetration testing. AddisonWesley. ISBN 978-0-201-71956-7.
[7] Granneman, Scott (January 28, 2004). A Visit from the
FBI - We come in peace. The Register.
[8] Biancuzzi, Federico (March 27, 2007). Metasploit 3.0

day. SecurityFocus.com.
[9] Rodriguez, Chris; Martinez, Richard (September 2,
2012). The Growing Hacking Threat to Websites:
An Ongoing Commitment to Web Application Security
(PDF). Frost & Sullivan. Retrieved November 30, 2013.
[10] Zax, David (September 22, 2010). IT Security Firm:
Fear Students. Fast Company.
[11] Taylor, Josh (August 26, 2010). Hackers accidentally
give Microsoft their code. ZDNet.com.au.
[12] Ms. Smith (August 28, 2010). Error Reporting Oops:
Microsoft, Meter Maids and Malicious Code. Privacy
and Security Fanatic. Network World.

Tapeworm (2005). 1337 h4x0r h4ndb00k. Sams
Publishing. ISBN 0-672-32727-9.
26.5 External links

Honeynet.org - Know Your Enemy (Essay about
script kiddies)
131
Chapter 27
Spyware
Spyware is software that aims to gather information
about a person or organization without their knowledge
and that may send such information to another entity
without the consumers consent, or that asserts control
over a computer without the consumers knowledge.[1]
27.1 Routes of infection
Spyware is mostly classied into four types: system

monitors, trojans, adware, and tracking cookies.[2] Spyware is mostly used for the purposes of tracking and storing Internet users movements on the Web and serving up
pop-up ads to Internet users.
Whenever spyware is used for malicious purposes, its
presence is typically hidden from the user and can be difcult to detect. Some spyware, such as keyloggers, may
be installed by the owner of a shared, corporate, or public
computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a
users computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any
type of data, including personal information like Internet
surng habits, user logins, and bank or credit account information. Spyware can also interfere with user control
of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or
changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website. In response to the emergence of spyware, a small industry
has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices, especially
for computers running Microsoft Windows. A number of
jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to
control a users computer.
In German-speaking countries, spyware used or made by
the government is sometimes called govware. Govware is
typically a trojan horse software used to intercept communications from the target computer. Some countries
like Switzerland and Germany have a legal framework
governing the use of such software.[3][4] In the US, the
term policeware has been used for similar purposes.[5]
Malicious websites attempt to install spyware on readers

computers.
Spyware does not necessarily spread in the same way as a

virus or worm because infected systems generally do not
attempt to transmit or copy the software to other computers. Instead, spyware installs itself on a system by deceiving the user or by exploiting software vulnerabilities.
Most spyware is installed without users knowledge, or
by using deceptive tactics. Spyware may try to deceive
users by bundling itself with desirable software. Other
common tactics are using a Trojan horse. Some spyware
authors infect a system through security holes in the Web
browser or in other software. When the user navigates to
a Web page controlled by the spyware author, the page
contains code which attacks the browser and forces the
download and installation of spyware.
The installation of spyware frequently involves Internet
Explorer. Its popularity and history of security issues
have made it a frequent target. Its deep integration
with the Windows environment make it susceptible to
attack into the Windows operating system. Internet Explorer also serves as a point of attachment for spyware in
the form of Browser Helper Objects, which modify the
browsers behavior to add toolbars or to redirect trac.
132
27.3. REMEDIES AND PREVENTION
27.2 Eects and behaviors
133
27.3 Remedies and prevention

See also: Virus removal
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as
various user practices which reduce the chance of getting
A spyware program is rarely alone on a computer: an af- spyware on a system.
fected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of sys- Nonetheless, spyware remains a costly problem. When a
tem performance. A spyware infestation can create sig- large number of pieces of spyware have infected a Winnicant unwanted CPU activity, disk usage, and network dows computer, the only remedy may involve backing up
trac. Stability issues, such as applications freezing, user data, and fully reinstalling the operating system. For
failure to boot, and system-wide crashes are also com- instance, some spyware cannot be completely removed by
mon. Spyware, which interferes with networking soft- Symantec, Microsoft, PC Tools.
ware, commonly causes diculty connecting to the Internet.
27.3.1 Anti-spyware programs
In some infections, the spyware is not even evident. Users

assume in those situations that the performance issues relate to faulty hardware, Windows installation problems,
or another infection. Some owners of badly infected systems resort to contacting technical support experts, or
even buying a new computer because the existing system
has become too slow. Badly infected systems may require a clean reinstallation of all their software in order
to return to full functionality.
See also: Category:Spyware removal

Many programmers and some commercial rms have released products dedicated to remove or block spyware.
Programs such as PC Tools Spyware Doctor, Lavasofts
Ad-Aware SE and Patrick Kollas Spybot - Search & Destroy rapidly gained popularity as tools to remove, and in
some cases intercept, spyware programs. On December
16, 2004, Microsoft acquired the GIANT AntiSpyware
software,[7] rebranding it as Windows AntiSpyware beta
and releasing it as a free download for Genuine Windows
XP and Windows 2003 users. (In 2006 it was renamed
Windows Defender).
Moreover, some types of spyware disable software

rewalls and anti-virus software, and/or reduce browser
security settings, which further open the system to further opportunistic infections. Some spyware disables
or even removes competing spyware programs, on the
grounds that more spyware-related annoyances make it
Major anti-virus rms such as Symantec, PC Tools,
even more likely that users will take action to remove the
McAfee and Sophos have also added anti-spyware feaprograms.[6]
tures to their existing anti-virus products. Early on,
Keyloggers are sometimes part of malware packages anti-virus rms expressed reluctance to add anti-spyware
downloaded onto computers without the owners knowl- functions, citing lawsuits brought by spyware authors
edge. Some keyloggers software is freely available on against the authors of web sites and programs which dethe internet while others are commercial or private ap- scribed their products as spyware. However, recent
plications. Most keyloggers allow not only keyboard versions of these major rms home and business antikeystrokes to be captured but also are often capable of virus products do include anti-spyware functions, albeit
collecting screen captures from the computer.
treated dierently from viruses. Symantec Anti-Virus,
A typical Windows user has administrative privileges, for instance, categorizes spyware programs as extended
mostly for convenience. Because of this, any program threats and now oers real-time protection against these
the user runs has unrestricted access to the system. As threats.
with other operating systems, Windows users are able
to follow the principle of least privilege and use non27.3.2 How anti-spyware software works
administrator accounts. Alternatively, they can also reduce the privileges of specic vulnerable Internet-facing
Anti-spyware programs can combat spyware in two ways:
processes such as Internet Explorer.
Since Windows Vista, by default, a computer administrator runs everything under limited user privileges. When
a program requires administrative privileges, a User Account Control pop-up will prompt the user to allow or
deny the action. This improves on the design used by
previous versions of Windows.
1. They can provide real-time protection in a manner

similar to that of anti-virus protection: they scan all
incoming network data for spyware and blocks any
threats it detects.
2. Anti-spyware software programs can be used solely
134
CHAPTER 27. SPYWARE

for detection and removal of spyware software that
has already been installed into the computer. This
kind of anti-spyware can often be set to scan on a
regular schedule.
taken a dierent approach to blocking spyware: they use

their network rewalls and web proxies to block access to
Web sites known to install spyware. On March 31, 2005,
Cornell University's Information Technology department
released a report detailing the behavior of one particular
Such programs inspect the contents of the Windows reg- piece of proxy-based spyware, Marketscore, and the steps
[8]
istry, operating system les, and installed programs, and the university took to intercept it. Many other educaremove les and entries which match a list of known spy- tional institutions have taken similar steps.
ware. Real-time protection from spyware works identi- Individual users can also install rewalls from a variety of
cally to real-time anti-virus protection: the software scans companies. These monitor the ow of information going
disk les at download time, and blocks the activity of to and from a networked computer and provide protection
components known to represent spyware. In some cases, against spyware and malware. Some users install a large
it may also intercept attempts to install start-up items or to hosts le which prevents the users computer from conmodify browser settings. Earlier versions of anti-spyware necting to known spyware-related web addresses. Spyprograms focused chiey on detection and removal. Java- ware may get installed via certain shareware programs
cool Softwares SpywareBlaster, one of the rst to oer oered for download. Downloading programs only from
real-time protection, blocked the installation of ActiveX- reputable sources can provide some protection from this
based spyware.
source of attack.[9]
Like most anti-virus software, many anti-spyware/adware
tools require a frequently updated database of threats. As
new spyware programs are released, anti-spyware devel- 27.4 Comparison of spyware, adopers discover and evaluate them, adding to the list of
ware, and viruses
known spyware, which allows the software to detect and
remove new spyware. As a result, anti-spyware software
is of limited usefulness without regular updates. Updates 27.4.1 Spyware, adware and trackers
may be installed automatically or manually.
A popular generic spyware removal tool used by those The term adware frequently refers to software that
that requires a certain degree of expertise is HijackThis, displays advertisements. An example is the Eudora
which scans certain areas of the Windows OS where spy- email client display advertisements as an alternative to
ware often resides and presents a list with items to delete shareware registration fees. However, these are not conmanually. As most of the items are legitimate windows sidered spyware.
les/registry entries it is advised for those who are less
knowledgeable on this subject to post a HijackThis log
on the numerous antispyware sites and let the experts decide what to delete.
Other spyware behavior, such as reporting websites the

user visits, occurs in the background. The data is used for
targeted advertisement impressions. The prevalence of
spyware has cast suspicion on other programs that track
Web browsing, even for statistical or research purposes.
Many of these adware-distributing companies are backed
by millions of dollars of adware-generating revenues. Adware and spyware are similar to viruses in that they can
be considered malicious in nature.
If a spyware program is not blocked and manages to get

itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an antispyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, 27.4.2 Spyware, viruses and worms
booting the infected computer in safe mode allows an
anti-spyware program a better chance of removing per- Unlike viruses and worms, spyware does not usually selfsistent spyware. Killing the process tree may also work. replicate. Like many recent viruses, however, spyware
by designexploits infected computers for commercial
gain. Typical tactics include delivery of unsolicited pop27.3.3 Security practices
up advertisements, theft of personal information (includTo detect spyware, computer users have found several ing nancial information such as credit card numbers),
practices useful in addition to installing anti-spyware pro- monitoring of Web-browsing activity for marketing purgrams. Many users have installed a web browser other poses, and routing of HTTP requests to advertising sites.
than Internet Explorer, such as Mozilla Firefox or Google
Chrome. Though no browser is completely safe, Internet
27.4.3 Stealware and aliate fraud
Explorer is at a greater risk for spyware infection due to its
large user base as well as vulnerabilities such as ActiveX. A few spyware vendors, notably 180 Solutions, have writSome ISPsparticularly colleges and universitieshave ten what the New York Times has dubbed "stealware",
27.4. COMPARISON OF SPYWARE, ADWARE, AND VIRUSES
135
and what spyware researcher Ben Edelman terms aliate daily basis, like spyware.[20][21] It can be removed with
fraud, a form of click fraud. Stealware diverts the pay- the RemoveWGA tool.
ment of aliate marketing revenues from the legitimate
aliate to the spyware vendor.
Spyware which attacks aliate networks places the spyware operators aliate tag on the users activity replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user
has their choices thwarted, a legitimate aliate loses revenue, networks reputations are injured, and vendors are
harmed by having to pay out aliate revenues to an afliate who is not party to a contract.[10] Aliate fraud is
a violation of the terms of service of most aliate marketing networks. As a result, spyware operators such as
180 Solutions have been terminated from aliate networks including LinkShare and ShareSale. Mobile devices can also be vulnerable to chargeware, which manipulates users into illegitimate mobile charges.
27.4.6 Personal relationships
Spyware has been used to monitor electronic activities

of partners in intimate relationships. At least one software package, Loverspy, was specically marketed for
this purpose. Depending on local laws regarding communal/marital property, observing a partners online activity without their consent may be illegal; the author of
Loverspy and several users of the product were indicted
in California in 2005 on charges of wiretapping and various computer crimes.[22]
27.4.7 Browser cookies
Anti-spyware programs often report Web advertisers

HTTP cookies, the small text les that track browsing
27.4.4 Identity theft and fraud
activity, as spyware. While they are not always inherently malicious, many users object to third parties using
In one case, spyware has been closely associated with space on their personal computers for their business puridentity theft.[11] In August 2005, researchers from se- poses, and many anti-spyware programs oer to remove
curity software rm Sunbelt Software suspected the cre- them.[23]
ators of the common CoolWebSearch spyware had used
it to transmit "chat sessions, user names, passwords, bank
information, etc.";[12] however it turned out that it actu- 27.4.8 Examples
ally (was) its own sophisticated criminal little trojan thats
independent of CWS.[13] This case is currently under in- These common spyware programs illustrate the diversity
vestigation by the FBI.
of behaviors found in these attacks. Note that as with
The Federal Trade Commission estimates that 27.3 mil- computer viruses, researchers give names to spyware prolion Americans have been victims of identity theft, and grams which may not be used by their creators. Prothat nancial losses from identity theft totaled nearly $48 grams may be grouped into families based not on shared
billion for businesses and nancial institutions and at least program code, but on common behaviors, or by following the money of apparent nancial or business connec$5 billion in out-of-pocket expenses for individuals.[14]
tions. For instance, a number of the spyware programs
distributed by Claria are collectively known as Gator.
Likewise, programs that are frequently installed together
27.4.5 Digital rights management
may be described as parts of the same spyware package,
even if they function separately.
Some copy-protection technologies have borrowed from
spyware. In 2005, Sony BMG Music Entertainment was
CoolWebSearch, a group of programs, takes adfound to be using rootkits in its XCP digital rights man[15]
vantage of Internet Explorer vulnerabilities. The
agement technology Like spyware, not only was it difpackage directs trac to advertisements on Web
cult to detect and uninstall, it was so poorly written that
sites including coolwebsearch.com. It displays popmost eorts to remove it could have rendered computers
up ads, rewrites search engine results, and alters the
unable to function. Texas Attorney General Greg Abbott
[16]
infected computers hosts le to direct DNS lookups
led suit,
and three separate class-action suits were
[17]
to these sites.[24]
led.
Sony BMG later provided a workaround on its
website to help users remove it.[18]
FinFisher, sometimes called FinSpy is a high-end
Beginning on 25 April 2006, Microsofts Windows Gensurveillance suite sold to law enforcement and intel[19]
uine Advantage Notications application was installed
ligence agencies. Support services such as training
on most Windows PCs as a critical security update.
and technology updates are part of the package.[25]
While the main purpose of this deliberately uninstallable
application is to ensure the copy of Windows on the machine was lawfully purchased and installed, it also installs
software that has been accused of "phoning home" on a
HuntBar, aka WinTools or Adware.Websearch,

was installed by an ActiveX drive-by download at
136
CHAPTER 27. SPYWARE

aliate Web sites, or by advertisements displayed
by other spyware programsan example of how
spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing
behavior, redirect aliate references, and display
advertisements.[26][27]
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising.
When users follow a broken link or enter an erroneous URL, they see a page of advertisements.
However, because password-protected Web sites
(HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it
impossible for the user to access password-protected
sites.[28]
Spyware such as Look2Me hides inside systemcritical processes and start up even in safe mode.
With no process to terminate they are harder to detect and remove, which is a combination of both spyware and a rootkit. Rootkit technology is also seeing
increasing use,[29] as newer spyware programs also
have specic countermeasures against well known
anti-malware products and may prevent them from
running or being installed, or even uninstall them.
Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has
been the subject of thousands of complaints to the
Federal Trade Commission (FTC), the Washington
State Attorney Generals Oce, the Better Business
Bureau, and other agencies. Consumers complained
they were held hostage by a cycle of oversized popup windows demanding payment of at least $29.95,
claiming that they had signed up for a three-day
free trial but had not cancelled before the trial period was over, and were thus obligated to pay.[30][31]
The FTC led a complaint, since settled, against
Movieland and eleven other defendants charging
them with having engaged in a nationwide scheme
to use deception and coercion to extract payments
from consumers.[32]
advertisements linked from a Web site, so that the

advertisements make unearned prot for the 180 Solutions company. It opens pop-up ads that cover over
the Web sites of competing companies (as seen in
their [Zango End User License Agreement]).[10]
Zlob trojan, or just Zlob, downloads itself to a
computer via an ActiveX codec and reports information back to Control Server. Some information can
be the search-history, the Websites visited, and even
keystrokes. More recently, Zlob has been known to
hijack routers set to defaults.[33]
27.5 History and development

The rst recorded use of the term spyware occurred on
16 October 1995 in a Usenet post that poked fun at
Microsoft's business model.[34] Spyware at rst denoted
software meant for espionage purposes. However, in early
2000 the founder of Zone Labs, Gregor Freund, used the
term in a press release for the ZoneAlarm Personal Firewall.[35] Later in 2000, a parent using ZoneAlarm was
alerted to the fact that Reader Rabbit, educational software marketed to children by the Mattel toy company,
was surreptitiously sending data back to Mattel.[36] Since
then, spyware has taken on its present sense.
According to a 2005 study by AOL and the National
Cyber-Security Alliance, 61 percent of surveyed users
computers were infected with form of spyware. 92 percent of surveyed users with spyware reported that they
did not know of its presence, and 91 percent reported
that they had not given permission for the installation of
the spyware.[37] As of 2006, spyware has become one of
the preeminent security threats to computer systems running Microsoft Windows operating systems. Computers
on which Internet Explorer (IE) is the primary browser
are particularly vulnerable to such attacks, not only because IE is the most widely used,[38] but because its tight
integration with Windows allows spyware access to crucial parts of the operating system.[38][39]
Before Internet Explorer 6 SP2 was released as part of
Windows XP Service Pack 2, the browser would automatically display an installation window for any ActiveX
component that a website wanted to install. The combination of user ignorance about these changes, and the
assumption by Internet Explorer that all ActiveX components are benign, helped to spread spyware signicantly. Many spyware components would also make use
of exploits in JavaScript, Internet Explorer and Windows
to install without user knowledge or permission.
WeatherStudio has a plugin that displays a

window-panel near the bottom of a browser window. The ocial website notes that it is easy
to remove (uninstall) WeatherStudio from a computer, using its own uninstall-program, such as under C:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns to the prior
display appearance, without the need to modify the
browser settings.
The Windows Registry contains multiple sections where
modication of key values allows software to be executed
Zango (formerly 180 Solutions) transmits detailed automatically when the operating system boots. Spyware
information to advertisers about the Web sites which can exploit this design to circumvent attempts at removal.
users visit. It also alters HTTP requests for aliate The spyware typically will link itself from each location
27.8. LEGAL ISSUES
137
in the registry that allows execution. Once running, the

spyware will periodically check if any of these links are
removed. If so, they will be automatically restored. This
ensures that the spyware will execute when the operating
system is booted, even if some (or most) of the registry
links are removed.
AntiVirus Gold
ContraVirus
MacSweeper
Pest Trap
PSGuard
27.6 Programs distributed with

spyware
Spy Wiper
Spydawn
Kazaa[40]
Spylocked
Morpheus[41]
Spysheri
WeatherBug[42]
SpyShredder
WildTangent[43][44]
Spyware Quake
SpywareStrike
27.6.1
Programs formerly distributed with

spyware
UltimateCleaner
WinAntiVirus Pro 2006
AOL Instant Messenger

(AOL Instant Messenger still packages Viewpoint Media Player, and
WildTangent)
Windows Police Pro
DivX[45]
WorldAntiSpy
[43]
FlashGet[46][47][48][49][50][51]
magicJack[52]
WinFixer[55]
Fake antivirus products constitute 15 percent of all

malware.[56]
27.7 Rogue anti-spyware programs
On January 26, 2006, Microsoft and the Washington state

attorney general led suit against Secure Computer for its
Spyware Cleaner product.[57]
See also: List of rogue security software, List of fake

anti-spyware programs and Rogue software
27.8 Legal issues
Malicious programmers have released a large number

of rogue (fake) anti-spyware programs, and widely distributed Web banner ads can warn users that their
computers have been infected with spyware, directing
them to purchase programs which do not actually remove spywareor else, may add more spyware of their
own.[53][54]
27.8.1 Criminal law

Unauthorized access to a computer is illegal under
computer crime laws, such as the U.S. Computer Fraud
and Abuse Act, the U.K.'s Computer Misuse Act, and
similar laws in other countries. Since owners of computers infected with spyware generally claim that they never
authorized the installation, a prima facie reading would
suggest that the promulgation of spyware would count as
a criminal act. Law enforcement has often pursued the
authors of other malware, particularly viruses. However,
few spyware developers have been prosecuted, and many
operate openly as strictly legitimate businesses, though
some have faced lawsuits.[58][59]
The recent proliferation of fake or spoofed antivirus

products that bill themselves as antispyware can be troublesome. Users may receive popups prompting them to
install them to protect their computer, when it will in fact
add spyware. This software is called rogue software. It
is recommended that users do not install any freeware
claiming to be anti-spyware unless it is veried to be leSpyware producers argue that, contrary to the users
gitimate. Some known oenders include:
claims, users do in fact give consent to installations. Spyware that comes bundled with shareware applications
AntiVirus 360
may be described in the legalese text of an end-user li Antivirus 2009
cense agreement (EULA). Many users habitually ignore
138
CHAPTER 27. SPYWARE
these purported contracts, but spyware companies such as Netherlands OPTA

Claria say these demonstrate that users have consented.
Despite the ubiquity of EULAs agreements, under which An administrative ne, the rst of its kind in Europe, has
been issued by the Independent Authority of Posts and
a single click can be taken as consent to the entire text,
relatively little caselaw has resulted from their use. It has Telecommunications (OPTA) from the Netherlands. It
applied nes in total value of Euro 1,000,000 for infecting
been established in most common law jurisdictions that
this type of agreement can be a binding contract in cer- 22 million computers. The spyware concerned is called
DollarRevenue. The law articles that have been violated
tain circumstances.[60] This does not, however, mean that
are art. 4.1 of the Decision on universal service providers
every such agreement is a contract, or that every term in
and on the interests of end users; the nes have been isone is enforceable.
sued based on art. 15.4 taken together with art. 15.10 of
Some jurisdictions, including the U.S. states of Iowa[61] the Dutch telecommunications law.[67]
and Washington,[62] have passed laws criminalizing some
forms of spyware. Such laws make it illegal for anyone
other than the owner or operator of a computer to in- 27.8.3 Civil law
stall software that alters Web-browser settings, monitors
keystrokes, or disables computer-security software.
Former New York State Attorney General and former
In the United States, lawmakers introduced a bill in Governor of New York Eliot Spitzer has pursued spy[68]
2005 entitled the Internet Spyware Prevention Act, which ware companies for fraudulent installation of software.
In
a
suit
brought
in
2005
by
Spitzer,
the
California
rm
would imprison creators of spyware.[63]
Intermix Media, Inc. ended up settling, by agreeing to
pay US$7.5 million and to stop distributing spyware.[69]
27.8.2
Administrative sanctions
US FTC actions
The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers
sued Claria for replacing advertisements, but settled out
of court.
Courts have not yet had to decide whether advertisers
can be held liable for spyware that displays their ads.
In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with
the spyware rm. Rather, they have contracted with an
advertising agency, which in turn contracts with an online subcontractor who gets paid by the number of impressions or appearances of the advertisement. Some
major rms such as Dell Computer and Mercedes-Benz
have sacked advertising agencies that have run their ads
in spyware.[70]
The US Federal Trade Commission has sued Internet

marketing organizations under the "unfairness doctrine"
[64]
to make them stop infecting consumers PCs with spyware. In one case, that against Seismic Entertainment
Productions, the FTC accused the defendants of developing a program that seized control of PCs nationwide,
infected them with spyware and other malicious software,
bombarded them with a barrage of pop-up advertising for
Seismics clients, exposed the PCs to security risks, and
caused them to malfunction. Seismic then oered to sell
the victims an antispyware program to x the computers, and stop the popups and other problems that Seis27.8.4 Libel suits by spyware developers
mic had caused. On November 21, 2006, a settlement
was entered in federal court under which a $1.75 million
Litigation has gone both ways. Since spyware has bejudgment was imposed in one case and $1.86 million in
come a common pejorative, some makers have led libel
another, but the defendants were insolvent[65]
and defamation actions when their products have been so
In a second case, brought against CyberSpy Software described. In 2003, Gator (now known as Claria) led
LLC, the FTC charged that CyberSpy marketed and sold suit against the website PC Pitstop for describing its proRemoteSpy keylogger spyware to clients who would gram as spyware.[71] PC Pitstop settled, agreeing not to
then secretly monitor unsuspecting consumers comput- use the word spyware, but continues to describe harm
ers. According to the FTC, Cyberspy touted Remote- caused by the Gator/Claria software.[72] As a result, other
Spy as a 100% undetectable way to Spy on Anyone. anti-spyware and anti-virus companies have also used
From Anywhere. The FTC has obtained a temporary or- other terms such as "potentially unwanted programs"
der prohibiting the defendants from selling the software or greyware to denote these products.
and disconnecting from the Internet any of their servers
that collect, store, or provide access to information that
this software has gathered. The case is still in its prelim- 27.8.5 WebcamGate
inary stages. A complaint led by the Electronic Privacy
Information Center (EPIC) brought the RemoteSpy soft- Main article: Robbins v. Lower Merion School District
ware to the FTCs attention.[66]
27.10. REFERENCES
139
In the 2010 WebcamGate case, plaintis charged two [7] "http://www.microsoft.com/presspass/press/2004/

dec04/12-16GIANTPR.mspx"
suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams
[8] Schuster, Steve. "Blocking Marketscore: Why Cornell
embedded in school-issued laptops the students were usDid It. Archived from the original on February 14,
ing at home, and therefore infringed on their privacy
2007.. Cornell University, Oce of Information Techrights. The school loaded each students computer with
nologies. March 31, 2005.
LANrevs remote activation tracking software. This included the now-discontinued TheftTrack. While Theft- [9] Vincentas (11 July 2013). Information About Spyware in
SpyWareLoop.com. Spyware Loop. Retrieved 27 July
Track was not enabled by default on the software, the pro2013.
gram allowed the school district to elect to activate it, and
to choose which of the TheftTrack surveillance options
[10] Edelman, Ben (2004). "The Eect of 180solutions on
the school wanted to enable.[73]
Aliate Commissions and Merchants". Benedelman.org.
Retrieved November 14, 2006.
TheftTrack allowed school district employees to secretly
remotely activate a tiny webcam embedded in the stu[11] Ecker, Clint (2005). Massive spyware-based identity theft
dents laptop, above the laptops screen. That allowed
ring uncovered. Ars Technica, August 5, 2005.
school ocials to secretly take photos through the webcam, of whatever was in front of it and in its line of [12] Eckelberry, Alex. Massive identity theft ring, Sunbeltsight, and send the photos to the schools server. The
BLOG, August 4, 2005.
LANrev software disabled the webcams for all other uses
(e.g., students were unable to use Photo Booth or video [13] Eckelberry, Alex. Identity Theft? What to do?", SunbeltBLOG, August 8, 2005.
chat), so most students mistakenly believed their webcams did not work at all. In addition to webcam surveil- [14] FTC Releases Survey of Identity Theft in U.S. 27.3
lance, TheftTrack allowed school ocials to take screenMillion Victims in Past 5 Years, Billions in Losses for
shots, and send them to the schools server. In addition,
Businesses and Consumers. Federal Trade Commission,
LANrev allowed school ocials to take snapshots of inSeptember 3, 2003.
stant messages, web browsing, music playlists, and written compositions. The schools admitted to secretly snap- [15] Russinovich, Mark. Sony, Rootkits and Digital Rights
Management Gone Too Far,, Marks Blog, October 31,
ping over 66,000 webshots and screenshots, including we2005. Retrieved November 22, 2006.
[73][74][75]
bcam shots of students in their bedrooms.
27.9 See also

Cyber spying
Employee monitoring software
Industrial espionage
Malware
Spy-phishing
27.10 References
[1] FTC Report (2005). ""
[2] SPYWARE ""
[3] Basil Cupa, Trojan Horse Resurrected: On the Legality of
the Use of Government Spyware (Govware), LISS 2013,
pp. 419-428
[16] Press release from the Texas Attorney Generals oce,

November 21, 2005; Attorney General Abbott Brings
First Enforcement Action In Nation Against Sony BMG
For Spyware Violations. Retrieved November 28, 2006.
[17] Sony sued over copy-protected CDs; Sony BMG is facing
three lawsuits over its controversial anti-piracy software,
BBC News, November 10, 2005. Retrieved November 22,
2006.
[18] Information About XCP Protected CDs.
November 29, 2006.
Retrieved
[19] Microsoft.com Description of the Windows Genuine

Advantage Notications application. Retrieved June 13,
2006.
[20] Weinstein, Lauren. Windows XP update may be classied as 'spyware', Lauren Weinsteins Blog, June 5, 2006.
Retrieved June 13, 2006.
[21] Evers, Joris. Microsofts antipiracy tool phones home
daily, CNET, June 7, 2006. Retrieved August 31, 2014.
[4] FAQ Hug gestellte Fragen
[22] Creator and Four Users of Loverspy Spyware Program

Indicted. Department Of Justice. August 26, 2005. Retrieved 21 November 2014.
[5] Jeremy Reimer (20 July 2007). The tricky issue of spyware with a badge: meet 'policeware'". Ars Technica.
[23] Tracking Cookie. Symantec. Retrieved 2013-04-28.
[6] Edelman, Ben; December 7, 2004 (updated February 8,

2005); Direct Revenue Deletes Competitors from Users
Disks; benedelman.com. Retrieved November 28, 2006.
[24] "CoolWebSearch.
Parasite information database.
Archived from the original on January 6, 2006. Retrieved
September 4, 2008.
140
[25] Nicole Perlroth (August 30, 2012). Software Meant to

Fight Crime Is Used to Spy on Dissidents. The New York
Times. Retrieved August 31, 2012.
[26] CA Spyware Information Center HuntBar. .ca.com.
Retrieved September 11, 2010.
[27] What is Huntbar or Search Toolbar?". Pchell.com. Retrieved September 11, 2010.
[28] "InternetOptimizer. Parasite information database.
Archived from the original on January 6, 2006. Retrieved
September 4, 2008.
[29] Roberts, Paul F. "Spyware meets Rootkit Stealth".
eweek.com. June 20, 2005.
[30] FTC, Washington Attorney General Sue to Halt Unfair
Movieland Downloads. Federal Trade Commission. August 15, 2006.
[31] Attorney General McKenna Sues Movieland.com and
Associates for Spyware. Washington State Oce of the
Attorney General. August 14, 2006.
[32] Complaint for Permanent Injunction and Other Equitable Relief (PDF, 25 pages)" (PDF). Federal Trade Commission. August 8, 2006.
[33] PCMAG, New Malware changes router settings, PC Magazine, June 13, 2008.
[34] Vossen, Roland (attributed); October 21, 1995; Win 95
Source code in c!! posted to rec..programmer; retrieved
from groups.google.com November 28, 2006.
[35] Wienbar, Sharon. "The Spyware Inferno". News.com.
August 13, 2004.
[36] Hawkins, Dana; "Privacy Worries Arise Over Spyware in
Kids Software". U.S. News & World Report. June 25,
2000
[37] "AOL/NCSA Online Safety Study". America Online &
The National Cyber Security Alliance. 2005.
[38] Spanbauer, Scott. "Is It Time to Ditch IE?". Pcworld.com.
September 1, 2004
[39] Keizer, Gregg. "Analyzing IE At 10: Integration With OS
Smart Or Not?". TechWeb Technology News. August 25,
2005.
[40] Edelman, Ben (2004). "Claria License Agreement Is Fifty
Six Pages Long". Retrieved July 27, 2005.
[41] Edelman, Ben (2005). "Comparison of Unwanted Software Installed by P2P Programs". Retrieved July 27,
2005.
[42] "WeatherBug. Parasite information database. Archived
from the original on February 6, 2005. Retrieved September 4, 2008.
[43] Adware.WildTangent.
Sunbelt Malware Research
Labs. June 12, 2008. Retrieved September 4, 2008.
CHAPTER 27. SPYWARE
[44] Winpipe. Sunbelt Malware Research Labs. June 12,

2008. Retrieved September 4, 2008. It is possible that
this spyware is distributed with the adware bundler WildTangent or from a threat included in that bundler.
[45] "How Did I Get Gator?". PC Pitstop. Retrieved July 27,
2005.
[46] "eTrust Spyware Encyclopedia FlashGet". Computer
Associates. Retrieved July 27, 2005.
[47] Jottis malware scan of FlashGet 3. Virusscan.jotti.org.
Retrieved September 11, 2010.
[48] VirusTotal scan of FlashGet 3.
[49] Jottis malware scan of FlashGet 1.96.
can.jotti.org. Retrieved September 11, 2010.
Viruss-
[50] VirusTotal scan of FlashGet 1.96.

[51] Some caution is required since FlashGet 3 EULA makes
mention of Third Party Software, but does not name any
third party producer of software. However, a scan with
SpyBot Search & Destroy, performed on November 20,
2009 after installing FlashGet 3 did not show any malware
on an already anti-spyware immunized system (by SpyBot
and SpywareBlaster).
[52] Gadgets boingboing.net, ''MagicJacks EULA says it
will spy on you and force you into arbitration''". Gadgets.boingboing.net. April 14, 2008. Retrieved September 11, 2010.
[53] Roberts, Paul F. (May 26, 2005). Spyware-Removal
Program Tagged as a Trap. eWeek. Retrieved September
4, 2008.
[54] Howes, Eric L. "The Spyware Warrior List of
Rogue/Suspect Anti-Spyware Products & Web Sites".
Retrieved July 10, 2005.
[55] Also known as WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy,
Windows Police Pro, Performance Optimizer, StorageProtector, PrivacyProtector, WinReanimator, DriveCleaner, WinspywareProtect, PCTurboPro, FreePCSecure, ErrorProtector, SysProtect, WinSoftware, XPAntivirus, Personal Antivirus, Home Antivirus 20xx, VirusDoctor, and ECsecure
[56] Elinor Mills (April 27, 2010). Google: Fake antivirus is
15 percent of all malware. CNET. Retrieved 2011-1105.
[57] McMillan, Robert. Antispyware Company Sued Under
Spyware Law. PC World, January 26, 2006.
[58] "Lawsuit led against 180solutions". zdnet.com September 13, 2005
[59] Hu, Jim.
"180solutions sues allies over adware".
news.com July 28, 2004
[60] Coollawyer; 20012006; Privacy Policies, Terms and
Conditions, Website Contracts, Website Agreements;
coollawyer.com. Retrieved November 28, 2006.
[61] "CHAPTER 715 Computer Spyware and Malware Protection". nxtsearch.legis.state.ia.us. Retrieved May 11,
2011.
[62] Chapter
19.270
RCW:
Computer
spyware.
apps.leg.wa.gov. Retrieved November 14, 2006.
[63] Gross, Grant. US lawmakers introduce I-Spy bill. InfoWorld, March 16, 2007. Retrieved March 24, 2007.
[64] See Federal Trade Commission v. Sperry & Hutchinson
Trading Stamp Co.
[65]
FTC Permanently Halts Unlawful Spyware Operations

(FTC press release with links to supporting documents;
archived copy); see also FTC cracks down on spyware and
PC hijacking, but not true lies, Micro Law, IEEE MICRO
(Jan.-Feb. 2005), also available at IEEE Xplore.
[66] See Court Orders Halt to Sale of Spyware (FTC press release Nov. 17, 2008, with links to supporting documents).
[67] OPTA, Besluit van het college van de Onafhankelijke
Post en Telecommunicatie Autoriteit op grond van artikel
15.4 juncto artikel 15.10 van de Telecommunicatiewet tot
oplegging van boetes ter zake van overtredingen van het
gestelde bij of krachtens de Telecommunicatiewet from 5
november 2007, http://opta.nl/download/202311+boete+
verspreiding+ongewenste+software.pdf
[68] State Sues Major Spyware Distributor (Press release).
Oce of New York State Attorney General. April 28,
2005. Retrieved September 4, 2008. Attorney General
Spitzer today sued one of the nations leading internet
marketing companies, alleging that the rm was the source
of spyware and adware that has been secretly installed
on millions of home computers.
[69] Gormley, Michael. Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general. Yahoo!
News. June 15, 2005. Archived from the original on June
22, 2005.
[70] Gormley, Michael (June 25, 2005). Major advertisers
caught in spyware net. USA Today. Retrieved September
4, 2008.
[71] Festa, Paul. "See you later, anti-Gators?". News.com. October 22, 2003.
[72] "Gator Information Center". pcpitstop.com November 14,
2005.
[73] Initial LANrev System Findings, LMSD Redacted
Forensic Analysis, L-3 Services prepared for Ballard
Spahr (LMSDs counsel), May 2010. Retrieved August
15, 2010.
[74] Doug Stanglin (February 18, 2010). School district accused of spying on kids via laptop webcams. USA Today.
Retrieved February 19, 2010.
[75] Suit: Schools Spied on Students Via Webcam. CBS
NEWS. March 8, 2010.
141

Home Computer Security - Carnegie Mellon Software Institute
OnGuard Online.gov How to Secure Your Computer
What Is Spyware?
27.12 Categories
Chapter 28
Timeline of computer security hacker

history
Timeline of computer security hacker history. 28.3.1 1965
Hacking and system cracking appeared with the rst
William D. Mathews from MIT found a vulnerabilelectronic computers. Below are some important events
ity in a Multics CTSS running on an IBM 7094.
in the history of hacking and cracking.
The standard text editor on the system was designed
to be used by one user at a time, working in one directory, and so created a temporary le with a con28.1 1903
stant name for all instantiations of the editor. The
aw was discovered when two system programmers
Magician and inventor Nevil Maskelyne disrupts
were editing at the same time and the temporary les
John Ambrose Fleming's public demonstration of
for the message-of-the day and the password le beGuglielmo Marconi's purportedly secure wireless
came swapped, causing the contents of the system
telegraphy technology, sending insulting Morse
CTSS password le to display to any user logging
code messages through the auditoriums projector.[1]
into the system.[2][3]
28.2 1930s
28.4 1970s
28.2.1
28.4.1 1971
1932
Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Rycki broke the Enigma machine
code.
28.2.2
John T. Draper (later nicknamed Captain Crunch),

his friend Joe Engressia, and blue box phone phreaking hit the news with an Esquire Magazine feature
story.[4]
1939
Alan Turing, Gordon Welchman and Harold Keen 28.5 1980s

worked together to develop the Bombe (on the basis of Rejewskis works on Bomba). The Enigma 28.5.1 1981
machine's use of a reliably small key space makes
Chaos Computer Club forms in Germany.
it vulnerable to brute force and thus a violation of
CWE-326.
The Warelords forms in The United States,
founded by Black Bart (cracker of Dung Beetles
28.2.3 1943
in 1982) in St. Louis, Missouri, and was composed of many teenage hackers, phreakers, coders,
French computer expert Ren Carmille, hacked the
and largely black hat-style underground computer
punched card used by the Nazis to locate Jews.
geeks. One of the more notable group members
was Tennessee Tuxedo, a young man who was instrumental with developing conference calls via the
use of trunk line phreaking via the use of the No28.3 1960s
vation Apple Cat II that allowed them to share their
142
28.5. 1980S
143
current hacks, phreaking codes, and new software

In his Turing Award lecture, Ken Thompson menreleases. Other notable members were The Aptions hacking and describes a security exploit that
ple Bandit, Krakowicz, Krac-man, and The Codehe calls a "Trojan horse".[9]
smith, who ran the BBS The Trading Post for the
group. Black Bart was clever at using his nationally known and very popular BBS system in order 28.5.3 1984
to promote the latest gaming software. He used
Someone calling himself Lex Luthor founds the
that relationship to his advantage, often shipping the
Legion of Doom. Named after a Saturday morning
original pre-released software to his most trusted
cartoon, the LOD had the reputation of attracting
code crackers during the beta-testing phase, weeks
the best of the bestuntil one of the most talented
prior to their public release. The Warelords often
members called Phiber Optik feuded with Legion
collaborated with other piracy groups at the time,
of
Doomer Erik Bloodaxe and got 'tossed out of the
such as The Syndicate and The Midwest Pirates
clubhouse'.
Phibers friends formed a rival group,
Guild, and developed an international ring of inthe
Masters
of
Deception.
volved piracy groups that reached as far away as
Japan. Long before the movie WarGames went into
The Comprehensive Crime Control Act gives the Sepre-production, The Warelords had successfully incret Service jurisdiction over computer fraud.
ltrated such corporations and institutions as the
Cult of the Dead Cow forms in Lubbock, Texas, and
White House, Southwestern Bell Ma Bell Mainbegins publishing its ezine.
frame Systems, and large corporate providers of
voice mail systems.
The hacker magazine 2600 begins regular publication, right when TAP was putting out its nal issue.
Captain Zap: Ian Murphy, known to his friends as
The editor of 2600, "Emmanuel Goldstein" (whose
Captain Zap, was the rst cracker to be tried and
real name is Eric Corley), takes his handle from the
convicted as a felon. Murphy broke into AT&Ts
leader of the resistance in George Orwell's 1984.
computers in 1981 and changed the internal clocks
The publication provides tips for would-be hackers
that metered billing rates. People were getting lateand phone phreaks, as well as commentary on the
night discount rates when they called at midday.
hacker issues of the day. Today, copies of 2600 are
sold at most large retail bookstores.
Of course, the bargain-seekers who waited until midnight
The Chaos Communication Congress, the annual
to call long distance were hit with high bills.[5]
European hacker conference organized by the Chaos
Computer Club, is held in Hamburg, Germany
28.5.2
1983
William Gibson's groundbreaking science ction

novel Neuromancer, about Case, a futuristic computer hacker, is published. Considered the rst major cyberpunk novel, it brought into hacker jargon
such terms as "cyberspace", the matrix, simstim,
and "ICE".
The 414s break into 60 computer systems at institutions ranging from the Los Alamos National Laboratory to Manhattans Memorial Sloan-Kettering Cancer Center.[6] The incident appeared as the cover
story of Newsweek with the title Beware: Hackers at play, possibly the rst mass-media use of the
term hacker in the context of computer security.[7] 28.5.4 1985
As a result, the U.S. House of Representatives held
KILOBAUD is re-organized into The P.H.I.R.M.,
hearings on computer security and passed several
and begins sysopping hundreds of BBSs throughout
laws.
the United States, Canada, and Europe.
The group KILOBAUD is formed in February,
The online 'zine Phrack is established.
kicking o a series of other hacker groups which
form soon after.
The Hackers Handbook is published in the UK.
The movie WarGames introduces the wider public
to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed
abilities to bring the world to a screeching halt by
launching nuclear ICBMs.
The U.S. House of Representatives begins hearings
on computer security hacking.[8]
The FBI, Secret Service, Middlesex County NJ

Prosecutors Oce and various local law enforcement agencies execute seven search warrants concurrently across New Jersey on July 12, 1985, seizing equipment from BBS operators and users alike
for complicity in computer theft,[10] under a newly
passed, and yet untested criminal statue.[11] This is
famously known as the Private Sector Bust,[12] or
144
CHAPTER 28. TIMELINE OF COMPUTER SECURITY HACKER HISTORY

the 2600 BBS Seizure,[13] and implicated the Pri- 28.5.8 1989
vate Sector BBS sysop, Store Manager (also a BBS
sysop), Beowulf, Red Barchetta, The Vampire, the
Jude Milhon (aka St Jude) and R. U. Sirius launch
NJ Hack Shack BBS sysop, and the Treasure Chest
Mondo 2000, a major '90s tech-lifestyle magazine,
BBS sysop.
in Berkeley, California.
28.5.5
1986
After more and more break-ins to government

and corporate computers, Congress passes the
Computer Fraud and Abuse Act, which makes it
a crime to break into computer systems. The law,
however, does not cover juveniles.
The politically motivated WANK worm spreads

over DECnet.
Dutch magazine Hack-Tic begins.
The Cuckoos Egg by Cliord Stoll is published.
Robert Schifreen and Stephen Gold are convicted 28.6 1990s

of accessing the Telecom Gold account belonging to
the Duke of Edinburgh under the Forgery and Counterfeiting Act 1981 in the United Kingdom, the rst 28.6.1 1990
conviction for illegally accessing a computer system.
Operation Sundevil introduced. After a prolonged
On appeal, the conviction is overturned as hacking
sting investigation, Secret Service agents swoop
[14]
is not within the legal denition of forgery.
down on organizers and prominent members of
Arrest of a hacker who calls himself The Mentor.
BBSs in 14 U.S. cities including the Legion of
He published a now-famous treatise shortly after his
Doom, conducting early-morning raids and arrests.
arrest that came to be known as the Hackers ManThe arrests involve and are aimed at cracking down
ifesto in the e-zine Phrack. This still serves as the
on credit-card theft and telephone and wire fraud.
most famous piece of hacker literature and is freThe result is a breakdown in the hacking commuquently used to illustrate the mindset of hackers.
nity, with members informing on each other in exchange for immunity. The oces of Steve Jackson
Astronomer Cliord Stoll plays a pivotal role in
Games are also raided, and the role-playing sourcetracking down hacker Markus Hess, events later
book GURPS Cyberpunk is conscated, possibly
[15]
covered in Stolls 1990 book The Cuckoos Egg.
because the government fears it is a handbook for
computer crime. Legal battles arise that prompt the
formation of the Electronic Frontier Foundation, in28.5.6 1987
cluding the trial of Knight Lightning.
Decoder magazine begins in Italy.
Australian federal police tracking Realm members
The Christmas Tree EXEC worm causes maPhoenix, Electron and Nom are the rst in the world
jor disruption to the VNET, BITNET and EARN
to use a remote data intercept to gain evidence for a
networks.[16]
computer crime prosecution.[19]
28.5.7
1988
The Computer Misuse Act 1990 is passed in the

United Kingdom, criminalising any unauthorised
access to computer systems.
The Morris Worm. Graduate student Robert T.

Morris, Jr. of Cornell University launches a worm
on the governments ARPAnet (precursor to the
Internet).[17][18] The worm spreads to 6,000 net- 28.6.2 1992
worked computers, clogging government and uni Release of the movie Sneakers, in which security exversity systems. Morris is dismissed from Corperts are blackmailed into stealing a universal denell, sentenced to three years probation, and ned
coder for encryption systems.
$10,000.
First National Bank of Chicago is the victim of $70million computer theft.
The Computer Emergency Response Team (CERT)
is created by DARPA to address network security.
The Father Christmas (computer worm) spreads
over DECnet networks.
MindVox opens to the public.

Bulgarian virus writer Dark Avenger wrote 1260,
the rst known use of polymorphic code, used to
circumvent the type of pattern recognition used by
Anti-virus software, and nowadays also intrusion detection systems.
28.6. 1990S
145
Publication of a hacking instruction manual for penetrating TRW credit reporting agency by Innite
Possibilities Society (IPS) gets Dr. Ripco, the sysop
of Ripco BBS mentioned in the IPS manual, arrested by the US Secret Service.[20]
28.6.3
The U.S. General Accounting Oce reports that

hackers attempted to break into Defense Department computer les some 250,000 times in 1995
alone. About 65 percent of the attempts were successful, according to the report.
The MP3 format gains popularity in the hacker
world. Many hackers begin setting up sharing sites
via FTP, Hotline, IRC and Usenet.
1993
The rst DEF CON hacking conference takes place

in Las Vegas. The conference is meant to be a one- 28.6.7 1997
time party to say good-bye to BBSs (now replaced
by the Web), but the gathering was so popular it be A 15-year-old Croatian youth penetrates computers
came an annual event.
at a U.S. Air Force base in Guam.[22]
AOL gives its users access to USENET, precipitating Eternal September.
28.6.4
June: Eligible Receiver 97 tests the American governments readiness against cyberattacks.
December: Information Security publishes rst issue.
1994
Summer: Russian crackers siphon $10 million from

Citibank and transfer the money to bank accounts
around the world. Vladimir Levin, the 30-year-old
ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin
stands trial in the United States and is sentenced to
three years in prison. Authorities recover all but
$400,000 of the stolen money.
Hackers adapt to emergence of the World Wide
Web quickly, moving all their how-to information
and hacking programs from the old BBSs to new
hacker Web sites.
First high-prole attacks on Microsofts Windows

NT operating system
In response to the MP3 popularity, the Recording
Industry Association of America begins cracking
down on FTPs . The RIAA begins a campaign of
lawsuits shutting down many of the owners of these
sites including the more popular ripper/distributors
The Maxx (Germany, Age 14), Chapel976 (USA,
Age 15), Bulletboy (UK, Age 16), Sn4rf (Canada,
Age 14) and others in their young teens via their
ISPs. Their houses are raided and their computers
and modems are taken. The RIAA fails to cut o
the head of the MP3 beast and within a year and a
half, Napster is released.
AOHell is released, a freeware application that allows a burgeoning community of unskilled script
kiddies to wreak havoc on America Online. For 28.6.8 1998
days, hundreds of thousands of AOL users nd
January: Yahoo! noties Internet users that anyone
their mailboxes ooded with multi-megabyte email
visiting its site in recent weeks might have downbombs and their chat rooms disrupted with spam
loaded a logic bomb and worm planted by hackers
messages.
claiming a logic bomb will go o if Kevin Mitnick
is not released from prison.
28.6.5
1995
January:
XXXII
The movies The Net and Hackers are released.

February 22: The FBI raids the Phone Masters.
[21]
28.6.6
1996
Hackers alter Web sites of the United States Department of Justice (August), the CIA (October), and
the U.S. Air Force (December).
Canadian hacker group, Brotherhood, breaks into
the Canadian Broadcasting Corporation.
Anti-hacker runs during Super Bowl
February: The Internet Software Consortium proposes the use of DNSSEC (domain-name system security extensions) to secure DNS servers.
May 19: The seven members of the hacker think
tank known as L0pht testies in front of the US
congressional Government Aairs committee on
Weak Computer Security in Government.
June: Information Security publishes its rst annual
Industry Survey, nding that nearly three-quarters
of organizations suered a security incident in the
previous year.
146
October: "U.S. Attorney General Janet Reno announces National Infrastructure Protection Center.
28.7 2000s
28.7.1 2000
28.6.9
1999
Software security goes mainstream In the wake of

Microsofts Windows 98 release, 1999 becomes a
banner year for security (and hacking). Hundreds
of advisories and patches are released in response to
newfound (and widely publicized) bugs in Windows
and other commercial software products. A host of
security software vendors release anti-hacking products for use on home computers.
May: The ILOVEYOU worm, also known as

VBS/Loveletter and Love Bug worm, is a computer
worm written in VBScript. It infected millions of
computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines;
made by an AMA Computer College student for his
thesis.
September: teenage hacker Jonathan James be The Electronic Civil Disobedience project, an oncomes rst juvenile to serve jail time for hacking.
line political performance-art group, attacks the
Pentagon calling it conceptual art and claiming it to
be a protest against the U.S. support of the suppres- 28.7.2 2001
sion of rebels in southern Mexico by the Mexican
government. ECD uses the FloodNet software to
Microsoft becomes the prominent victim of a new
bombard its opponents with access requests.
type of hack that attacks the domain name server. In
these denial-of-service attacks, the DNS paths that
U.S. President Bill Clinton announces a $1.46 biltake
users to Microsofts Web sites are corrupted.
lion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies
and encourage the private sector to do the same.
January 7: an international coalition of hackers
(including CULT OF THE DEAD COW, 2600 's
sta, Phrack's sta, L0pht, and the Chaos Computer Club) issued a joint statement () condemning
the LoUs declaration of war. The LoU responded
by withdrawing its declaration.
A hacker interviewed by Hilly Rose during the Art
Bell Coast-to-Coast Radio Show exposes a plot by
Al-Qaida to derail Amtrak trains. This results in
ALL trains being forcibly stopped over Y2K as a
safety measure.
March: The Melissa worm is released and quickly
becomes the most costly malware outbreak to date.
July: CULT OF THE DEAD COW releases Back
Orice 2000 at DEF CON
February: A Dutch cracker releases the Anna

Kournikova virus, initiating a wave of viruses that
tempts users to open the infected attachment by
promising a sexy picture of the Russian tennis star.
April: FBI agents trick two into coming to the U.S.
and revealing how they were Hacking U.S. banks .
May: Spurred by elevated tensions in SinoAmerican diplomatic relations, U.S. and Chinese
hackers engage in skirmishes of Web defacements
that many dub "The Sixth Cyberwar".
July: Russian programmer Dmitry Sklyarov is arrested at the annual Def Con hacker convention. He
is the rst person criminally charged with violating
the Digital Millennium Copyright Act (DMCA).
August: Code Red worm, infects ts.
August: Kevin Mitnick, the most wanted man in 28.7.3 2002

cyberspace, sentenced to 5 years, of which over 4
January: Bill Gates decrees that Microsoft will
years had already been spent pre-trial including 8
secure its products and services, and kicks o a masmonths solitary connement.
sive internal training and quality control campaign.
September: Level Seven Crew hacks The US Embassy in Chinas Website and places racist, anti May: Klez.H, a variant of the worm discovered in
government slogans on embassy site in regards to
November 2001, becomes the biggest malware out1998 U.S. embassy bombings.
break in terms of machines infected, but causes little
monetary damage.
September 16: The United States Department of
Justice sentences the Phone Masters.[23]
October: American Express introduces the Blue

smart card, the industrys rst chip-based credit card
in the US.
June: The Bush administration les a bill to create the Department of Homeland Security, which,
among other things, will be responsible for protecting the nations critical IT infrastructure.
28.7. 2000S
147
August: Researcher Chris Paget publishes a pa- 28.7.7 2006

per describing "shatter attacks", detailing how Win January: One of the few worms to take after the
dows unauthenticated messaging system can be
old form of malware, destruction of data rather than
used to take over a machine. The paper raises questhe accumulation of zombie networks to launch attions about how securable Windows could ever be.
tacks from, is discovered. It had various names, inIt is however largely derided as irrelevant as the vulcluding Kama Sutra (used by most media reports),
nerabilities it described are caused by vulnerable apBlack Worm, Mywife, Blackmal, Nyxem version D,
plications (placing windows on the desktop with inKapser, KillAV, Grew and CME-24. The worm
appropriate privileges) rather than an inherent aw
would spread through e-mail client address books,
within the Operating System.
and would search for documents and ll them with
garbage, instead of deleting them to confuse the
October: The International Information Systems Seuser. It would also hit a web page counter when
curity Certication Consortium - (ISC) - confers its
it took control, allowing the programmer who cre10,000th CISSP certication.
ated it as well as the world to track the progress of
the worm. It would replace documents with random
garbage on the third of every month. It was hyped by
28.7.4 2003
the media but actually aected relatively few computers, and was not a real threat for most users.
The hacktivist group Anonymous was formed
May: Jeanson James Ancheta receives a 57-month
prison sentence, and is ordered to pay damages
March: CULT OF THE DEAD COW and
amounting to $15,000.00 to the Naval Air Warfare
Hacktivismo are given permission by the United
Center in China Lake and the Defense Information
States Department of Commerce to export software
Systems Agency, for damage done due to DDoS atutilizing strong encryption.
tacks and hacking. Ancheta also had to forfeit his
gains to the government, which include $60,000 in
December 18: Milford Man pleas guilty to hacking.
cash, a BMW, and computer equipment .
28.7.5
2004
March: Myron Tereshchuk is arrested for attempting to extort $17 million from Micropatent.
July: North Korea claims to have trained 500 hackers who successfully crack South Korean, Japanese,
and their allies computer systems.[24]
28.7.6
2005
May: Largest Defacement in Web History, at

that time, is performed by the Turkish hacker
iSKORPiTX who successfully hacked 21,549 websites in one shot.
July: Robert Moore and Edwin Pena featured on
Americas Most Wanted with Kevin Mitnick presenting their case commit the rst VOIP crime ever
seen in the USA. Robert Moore served 2 years in
federal prison with a $152,000.00 restitution while
Edwin Pena was sentenced to 10 years and a $1 million restitution.
September: Viodentia releases FairUse4WM tool
which would remove DRM information o WMA
music downloaded from music services such as Yahoo Unlimited, Napster, Rhapsody Music and Urge.
April 2: Rafael Nez aka RaFa a notorious member of the hacking group World of Hell is arrested
following his arrival at Miami International Airport
for breaking into the Defense Information Systems
Agency computer system on June 2001.[25]
28.7.8
September 13: Cameron Lacroix is sentenced to 11
months for gaining access to T-Mobile USAs network and exploiting Paris Hiltons Sidekick.[26]
November 3: Jeanson James Ancheta, whom prosecutors say was a member of the Botmaster Underground, a group of script kiddies mostly noted for
their excessive use of bot attacks and propagating
vast amounts of spam, was taken into custody after
being lured to FBI oces in Los Angeles.[27]
2007
May 17: Estonia recovers from massive denial-ofservice attack[28]

June 13: FBI Operation Bot Roast nds over 1 million botnet victims[29]
June 21: A spear phishing incident at the Oce
of the Secretary of Defense steals sensitive U.S.
defense information, leading to signicant changes
in identity and message-source verication at
OSD.[30][31]
148
August 11: United Nations website hacked by Turk- 28.8.2 2011

ish Hacker Kerem125[32]
The Hacker group Lulz security is formed
November 29: FBI Operation Bot Roast II: 1 million infected PCs, $20 million in losses and 8
indictments[33]
28.7.9
2008
January 17: Project Chanology; Anonymous attacks

Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet
March 7: Around 20 Chinese hackers claim to have
gained access to the worlds most sensitive sites, including The Pentagon. They operate from a bare
apartment on a Chinese island.[34]
March 14: Trend Micro website successfully hacked
by Turkish hacker Janizary(aka Utku)[35]
April 9: Bank Of America website got hacked by

a Turkish hacker named JeOPaRDY. An estimated
85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank
ocials say no personal customer bank information
is available on that web-page. Investigations are being conducted by the F.B.I to trace down the incriminated hacker.[39]
April 17: An "external intrusion" sends the
PlayStation Network oine, and compromises personally identifying information (possibly including
credit card details) of its 77 million accounts, in
what is claimed to be one of the ve largest data
breaches ever.[40]
Elite hacker sl1nk releases information of his penetration in the servers of the Department of Defense
(DoD), Pentagon, NASA, NSA, US Military, other
UK government websites.[41]
The hacker group LulzRaft is formed
28.7.10
2009
April 4: Concker worm inltrated millions of PCs

worldwide including many government-level topsecurity computer networks[36]
28.8 2010s
28.8.1
2010
January 12: Operation Aurora Google publicly

reveals[37] that it has been on the receiving end of
a highly sophisticated and targeted attack on our
corporate infrastructure originating from China that
resulted in the theft of intellectual property from
Google
September: Bangladeshi hacker TiGER-M@TE

made world record in defacement history by hacking
700,000 websites in one shot.[42]
October 16: The YouTube channel of Sesame Street
was hacked, streaming pornographic content for
about 22 minutes.[43]
November 1: The main phone and Internet networks
of the Palestinian territories sustained a hacker attack from multiple locations worldwide.[44]
November 7: The forums for Valves Steam service were hacked. Redirects for a hacking website,
Fkn0wned, appeared on the Steam Users Forums,
oering hacking tutorials and tools, porn, free giveaways and much more.[45]
December 14: Five members of the Norwegian

June: Stuxnet The Stuxnet worm is found by Virushacker group Noria was arrested, allegedly susBlokAda. Stuxnet was unusual in that while it spread
pected for hacking into the email account of the milvia Windows computers, its payload targeted just
itant extremist Anders Behring Breivik[46]
one specic model and type of SCADA systems.
It slowly became clear that it was a cyber attack on
Irans nuclear facilities - with most experts believing 28.8.3 2012
that Israel[38] was behind it - perhaps with US help.
Saudi hacker, 0xOmar, published over 400,000
December 3: The rst Malware Conference,
credit cards online,[47] and threatened Israel to reMALCON takes place in India. Founded by Ralease 1 million credit cards in the future.[48]
jshekhar Murthy, Malware coders are invited to
In response to that incident, an Israeli
showcase their skills at this annual event supported
hacker published over 200 Saudis credit cards
by the Government of India. An advanced malware
online.[49]
for Symbian OS is released by hacker A0drul3z.
28.9. REFERENCES
January 6: Hacker group The Hacker Encrypters
found and reported an open SQLi exploit on Facebook. The results of the exploit have been posted on
Pastebin.[50]
January 7: Team Appunity, a group of Norwegians
hackers, got arrested for breaking into and publishing the user database of Norways largest prostitution website.[51]
February 3: Marriott was hacked by a new age
ideologist, Attila Nemeth who was resisting against
the New World Order where Corporations Rule the
World. As a response Marriott reported him to the
United States Secret Service.[52]
February 8: Foxconn is hacked by rising hacker
group, Swagg Security, releasing a massive amount
of data including email logins, server logins, and
even more alarming - bank account credentials of
large companies like Apple and Microsoft. Swagg
Security stages the attack just as a Foxconn protest
ignites against terrible working conditions[53]
May 4: A lot of important Turkish Websites
are hacked by F0RTYS3V3N (Turkish Hacker) .
Google, Yandex, Microsoft, Gmail, Msn, Hotmail,
PayPal Turkish representative oces ' s Websites
hacked in one shot.[54]
149
October 27: NSAs website shut down after the inltration of a Japanese elite hacker Daisuke Dan.[60]
28.8.5 2014
February 7: The Bitcoin exchange Mt.Gox led for
bankruptcy after $460 million was apparently stolen
by hackers due to weaknesses in [their] system and
another $27.4 million went missing from its bank
accounts.[61]
October: The White House computer system is
hacked by Russians.
November 28: The website of a major provider
of Telecommunications Services in the Philippines
Globe Telecom usually known as GLOBE was
hacked to acquaint for the poor internet connection
service they are distributing.[62]
28.9 References
[1] Marks, Paul (December 27, 2011). Dot-dash-diss: The
gentleman hackers 1903 lulz. New Scientist. Retrieved
January 11, 2012.
[2] untitled1.html. Retrieved 14 March 2015.
[3] http://osvdb.org/show/osvdb/23257
May 24 WHMCS is hacked by UGNazi, they claim

that the reason for this is because of the illegal sites
that are using their software.
May 31: MyBB is hacked by newly founded hack
group, UGNazi, the website was defaced for about
a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software.
October 7: Farmers Insurance, MasterCard, and
several other high-level government sites are hacked
by Swagg Security. Released is several thousand
usernames and logins, as well as other condential
information.[55]
28.8.4
2013
[4] David Price: Blind Whistling Phreaks and the FBIs Historical Reliance on Phone Tap Criminality CounterPunch,
June 30, 2008
[5] http://archive.wired.com/science/discoveries/news/
2001/02/41630?currentPage=all
[6] Elmer-DeWitt, Philip (August 29, 1983). The 414 Gang
Strikes Again. Time. p. 75.
[7] Beware: Hackers at play. Newsweek. September 5,
1983. pp. 4246, 48.
[8] Timeline: The U.S. Government and Cybersecurity.
Washington Post. May 16, 2003. Retrieved 2006-04-14.
Check date values in: |year= / |date= mismatch (help)
[9] Thompson, Ken (October 1983). Reections on Trusting
Trust (PDF). 1983 Turing Award Lecture. ACM.
[10] 2600: The Hacker Quarterly (Volume 2, Number 8, August 1985)". Retrieved 14 March 2015.
February 18: Burger King's Twitter account

'hacked' with McDonalds logo [56] According to [11] http://nj-statute-info.com/getStatute.php?statute_id=
1618
Anonymous, it was due to the horse meat scandal
in Europe.[57] An account named iThug was re- [12] TUCoPS :: Cyber Law :: psbust.txt. Retrieved 14
sponsible for the hack. As a result, iThugs account
March 2015.
was suspended.[58]
[13] 2600 Article. Retrieved 14 March 2015.
March 2: Two FBI web servers hacked by a

Japanese hacker named Daisuke Dan.[59]
[14] 'Hacking' into Prestel is not a Forgery Act oence (Law

Report), The Times, 21 July 1987.
150
[15] Cli Stoll (1989). The cuckoos egg. New York: Doubleday. ISBN 0-370-31433-6.
[35] Stefanie Homan. Trend Micro Victim Of Malicious

Hack. CRN. Retrieved 14 March 2015.
[16] Burger, R.: Computer viruses - a high tech disease, Abacus/Data Becker GmbH (1988), ISBN 1-55755-043-3
[36] Marko, John (2009-08-26). Defying Experts, Rogue

Computer Code Still Lurks. New York Times. Retrieved
2009-08-27.
[17] Spaord, E.H.: The Internet Worm Program: An Analysis, Purdue Technical Report CSD-TR-823 (undated)
[18] Eichin, M.W. and Rochlis, J.A.: With Microscope and
Tweezers: An Analysis of the Internet Virus of November
1988, MIT(1989)
[19] Bill Apro & Graeme Hammond (2005). Hackers: The
Hunt for Australias Most Infamous Computer Cracker.
Five Mile Press. ISBN 1-74124-722-5.
[20] Esquibel, Bruce (1994-10-08). ""Operation Sundevil is
nally over for Dr. Ripco. Electronic Frontier Foundation. Retrieved 2009-03-08.
[21] Recent Large Name Phreaker Busts by Anonymous.
EmpireTimes. March 11, 1995.
[22] http://www.nap.edu/html/trust/trust-1.htm
[37] A new approach to China. Google Inc. 2010-01-12.

Retrieved 17 January 2010.
[38] Broad, William J.; Sanger, David E. (18 November 2010).
Worm in Iran Can Wreck Nuclear Centrifuges. The
New York Times.
[39] Mohit Kumar (26 March 2011). Thousands of Bank of
America Accounts Hacked !". The Hacker News - Biggest
Information Security Channel. Retrieved 14 March 2015.
[40] Apr 27, 2011 10:56 AM ET (April 27, 2011).
PlayStation data breach deemed in 'top 5 ever' - Business
- CBC News. Cbc.ca. Retrieved 2011-04-29.
[41] Is Department of Defense (DoD), Pentagon, NASA, NSA
secure?, TheHackerNews, May 14, 2011.
[23] U.S. Department of Justice, For Immediate Release,

Dallas, Texas. USDOJ. September 16, 1999.
[42] Eduard Kovacs (26 September 2011). 700,000 InMotion Websites Hacked by TiGER-M@TE. softpedia. Retrieved 14 March 2015.
[24] North Korean hackers sabotage computer networks of

South Korea. Pravda Online. Retrieved 2008-10-14.
[43] John P. Mello Jr. Sesame Street Hacked, Porn Posted.

PC World. Retrieved 2011-10-26.
[25] Rob Lemos. Campaign seeks to defang Rafas hacker

image, Security Focus, April 11, 2005.
[44] Alaa Ashkar. PA Telecommunications minister: Palestinian Internet Under Hacking Attacks. IMEMC. Retrieved 2011-11-02.
[26] Krebs, Brian. Teen Pleads Guilty to Hacking Paris

Hiltons Phone, The Washington Post, September 13,
2005.
[27] Iain Thomson (2005-11-04). FBI sting nets botnet
hacker. vnunet.com. Archived from the original on
2007-12-20. Retrieved 2008-09-26.
[28] Jeremy Kirk (17 May 2007). Estonia recovers from massive denial-of-service attack. Network World. Retrieved
14 March 2015.
[29] Michael Cooney (13 June 2007). FBI: Operation Bot
Roast nds over 1 million botnet victims. Network
World. Retrieved 14 March 2015.
[30] McMillan, Robert (June 21, 2007). Pentagon shuts down
systems after cyberattack. InfoWorld (IDG). Retrieved
2008-03-10.
[31] Aitoro, Jill R. (March 5, 2008). Defense ocials still
concerned about data lost in 2007 network attack. Government Executive (National Journal Group). Retrieved
2008-03-10.
[32] BMnin sitesi hacklendi haberi.
trieved 14 March 2015.
Internethaber.
Re-
[33] Michael Cooney (29 November 2007). FBI Bot Roast

II: 1 million infected PCs, $20 million in losses and 8 indictments. Network World. Retrieved 14 March 2015.
[34] Chinese hackers: No site is safe. CNN. March 7, 2008.
[45] Ashcraft, Brian. Steam Forums Apparently Hacked.

Kotaku.
[46] Jonas Sverrisson Rasch. News article about the arrests of
Noria. Dagbladet. Retrieved 2012-12-14.
[47] Flock, Elizabeth (January 3, 2012). Saudi hackers say
they published Israeli credit card information. The Washington Post.
[48] http://hitechanalogy.com/
saudi-hacker-0xomar-threatens-israel-release-01-million-credit-card-numbe
[49] Israeli hacker retaliates to credit card hacking. BBC
News. January 12, 2012.
[50] Results of the Facebook exploit on pastebin - http://
pastebin.com/z5YgWanz
[51] Kripos.
"(Norwegian) Tre personer siktet for
datainnbrudd. Kripos. Retrieved 2012-04-25.
[52] Marriott,Hack,Extortion, Arrest and important websites
hacked. Feb 3, 2012.
[53] Garside, Juliette (February 9, 2012). Apple supplier
Foxconn hacked in factory conditions protest. The
Guardian (London).
[54] Google,Microsoft,Yandex,Paypal and important websites hacked. May 4, 2012.
[55] USA Gov., Farmers Ins., Mastercard and + Hacked!
Pastebin - http://pastebin.com/AP2M5cDX
[56] BBC
http://www.bbc.co.uk/news/
world-us-india-8533906955
[57] New Times Broward-Palm Beach - http://blogs.
browardpalmbeach.com/pulp/2013/02/anonymous_
hacked_burger_king_horse_meat.php
[58] Gizmodohttp://gizmodo.com/5985385/
jeeps-twitter-account-has-been-hacked
[59] ZATAZ
http://archives.zataz.com/news/23303/
fbi--faille--fuite--data-leak.html
[60] ZATAZ
http://archives.zataz.com/news/23139/
nsa--oD-Defense-Connect-online.html
[61] The Inside Story of Mt. Gox, Bitcoins $460 Million Disaster - WIRED. WIRED. Retrieved 14 March 2015.
[62] http://www.coorms.com/2014/11/
globe-website-was-hacked-by-bloodsec-hackers.html

Allan Lundell (1989). Virus! The secret world of
computer invaders that breed and destroy. Wayne
A. Yacco. ISBN 0-8092-4437-3.
Bill Landreth (1989[1985]). Out of the Inner Circle.
Tempus Books of Microsoft Press. ISBN 1-55615223-X. Check date values in: |date= (help)
Owen Bowcott and Sally Hamilton (1990). Beating
the System: Hackers, phreakers and electronic spies.
Bloomsbury. ISBN 0-7475-0513-6.
Philip Fites, Peter Johnston and Martin Kratz
(1989). The computer virus crisis. Van Nostrand
Reinhold. ISBN 0-442-28532-9.
Bruce Sterling (1992). The Hacker Crackdown:
Law and disorder on the electronic frontier. Penguin.
ISBN 0-14-017734-5.
Steve Gold (1989). Hugo Cornwalls New Hackers
Handbook. London: Century Hutchinson Ltd.
ISBN 0-7126-3454-1.
151
Chapter 29
Trojan horse (computing)

Electronic money theft
For other uses, see Trojan horse (disambiguation).

A Trojan horse, or Trojan, in computing is generally a
non-self-replicating type of malware program containing
malicious code that, when executed, carries out actions
determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The
term is derived from the Ancient Greek story of wooden
horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a form of social
engineering, presenting themselves as routine, useful, or
interesting in order to persuade victims to install them on
their computers.[1][2][3][4][5]
A Trojan often acts as a backdoor, contacting a controller
which can then have unauthorized access to the aected
computer.[6] While Trojans and backdoors are not easily
detectable by themselves, computers may appear to run
slower due to heavy processor or network usage. Malicious programs are classied as Trojans if they do not
attempt to inject themselves into other les (computer
virus) or otherwise propagate themselves (worm).[7] A
computer may host a Trojan via a malicious program that
a user is duped into executing (often an e-mail attachment
disguised to be unsuspicious, e.g., a routine form to be
lled in), or by drive-by download.
Infects entire Network banking information and

other connected devices
Data theft, including condential les, sometimes
for industrial espionage, and information with nancial implications such as passwords and payment
card information
Modication or deletion of les
Downloading or uploading of les for various purposes
Downloading and installing software, including
third-party malware and ransomware
Keystroke logging
Watching the users screen
Viewing the users webcam
Controlling the computer system remotely
Encrypting les; a ransom payment may be demanded for decryption, as with the CryptoLocker
ransomware
System registry modication
29.1 Purpose and uses
Using
computer
cryptocurrencies [8]
A Trojan may give a hacker remote access to a targeted

computer system. Operations that could be performed by
a hacker, or be caused unintentionally by program operation, on a targeted computer system include:
Using the infected computer as proxy for illegal activities and/or attacks on other computers.
resources
for
mining
Trojan horses in this way may require interaction with a

malicious controller (not necessarily distributing the TroCrashing the computer, e.g. with "blue screen of jan horse) to fulll their purpose. It is possible for those
death" (BSOD)
involved with Trojans to scan computers on a network to
locate any with a Trojan horse installed, which the hacker
Data corruption
can then control.[9]
Formatting disks, destroying all contents
Some Trojans take advantage of a security aw in older
Use of the machine as part of a botnet (e.g. to per- versions of Internet Explorer and Google Chrome to use
form automated spamming or to distribute Denial- the host computer as an anonymizer proxy to eectively
of-service attacks)
hide Internet usage,[10] enabling the controller to use the
152
29.4. REFERENCES
153
Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP
address. The hosts computer may or may not show the
internet history of the sites viewed using the computer as
a proxy. The rst generation of anonymizer Trojan horses
tended to leave their tracks in the page view histories of
the host computer. Later generations of the Trojan horse
tend to cover their tracks more eciently. Several versions of Sub7 have been widely circulated in the US and
Europe and became the most widely distributed examples
of this type of Trojan horse.[9]
Remote administration
In German-speaking countries, spyware used or made

by the government is sometimes called govware. Govware is typically a trojan horse software used to intercept
communications from the target computer. Some countries like Switzerland and Germany have a legal framework governing the use of such software.[11][12] Examples of govware trojans include the Swiss MiniPanzer
and MegaPanzer[13] and the German state trojan nicknamed R2D2.[11]
Principle of least privilege
Due to the popularity of botnets among hackers and the

availability of advertising services that permit authors to
violate their users privacy, Trojan horses are becoming more common. According to a survey conducted
by BitDefender from January to June 2009, Trojan-type
malware is on the rise, accounting for 83-percent of the
global malware detected in the world. Trojans have a relationship with worms, as they spread with the help given
by worms and travel across the internet with them.[14]
The anti-virus company BitDefender has stated that approximately 15% of computers are members of a botnet,
usually recruited by a Trojan infection.[15]
29.2 Notable Trojan horses
Remote administration software

Cyber spying
Dancing pigs
Industrial espionage
Malware
Privacy-invasive software
Reverse connection
Rogue security software
Social engineering (security)
Spam
Spyware
Timeline of computer viruses and worms
29.4 References
Carnegie Mellon University (1999): CERT Advisory CA-1999-02 Trojan Horses, Retrieved on
2009-06-10.
[1] Landwehr, C. E; A. R Bull; J. P McDermott; W. S Choi
(1993). A taxonomy of computer program security aws,
with examples. DTIC Document. Retrieved 2012-04-05.
[2] Trojan Horse Denition. Retrieved 2012-04-05.
Netbus Advance System Care(by Carl-Fredrik

Neikter)
[3] Trojan horse. Webopedia. Retrieved 2012-04-05.
Subseven or Sub7(by Mobman)
[4] What is Trojan horse? - Denition from Whatis.com.

Back Orice (Sir Dystic)

Beast
Zeus
Flashback Trojan (Trojan BackDoor.Flashback)
ZeroAccess
Koobface
Vundo
29.3 See also

Computer security
[5] Trojan Horse: [coined By MIT-hacker-turned-NSAspook Dan Edwards] N.. Retrieved 2012-04-05.
[6] What is the dierence between viruses, worms, and Trojans?". Symantec Corporation. Retrieved 2009-01-10.
[7] VIRUS-L/comp.virus Frequently Asked Questions
(FAQ) v2.00 (Question B3: What is a Trojan Horse?)".
9 October 1995. Retrieved 2012-09-13.
[8] Robert McMillan (2013): Trojan Turns Your PC Into Bitcoin Mining Slave, Retrieved on 2015-02-01
[9] Jamie Crapanzano (2003): Deconstructing SubSeven,
the Trojan Horse of Choice, SANS Institute, Retrieved
on 2009-06-11
[10] Vincentas (11 July 2013). Trojan Horse in SpyWareLoop.com. Spyware Loop. Retrieved 28 July 2013.
154
[11] Basil Cupa, Trojan Horse Resurrected: On the Legality of

the Use of Government Spyware (Govware), LISS 2013,
pp. 419-428
[12] http://www.ejpd.admin.ch/content/ejpd/de/home/
themen/sicherheit/ueberwachung_des_post-/faq_vuepf.
faq_3.html
[13] Swiss coder publicises government spy Trojan - Techworld.com. News.techworld.com. Retrieved 2014-0126.
[14] BitDefender.com Malware and Spam Survey
[15] Datta, Ganesh. What are Trojans?". SecurAid.
29.5 External links

Trojan Horses at DMOZ
CHAPTER 29. TROJAN HORSE (COMPUTING)
Chapter 30
In computer security, a vulnerability is a weakness information resources that support the organizations miswhich allows an attacker to reduce a systems information sion[4]
assurance. Vulnerability is the intersection of three eleIETF RFC 2828 dene vulnerability as:[5]
ments: a system susceptibility or aw, attacker access to
the aw, and attacker capability to exploit the aw.[1] To
A aw or weakness in a systems design, impleexploit a vulnerability, an attacker must have at least one
mentation, or operation and management that
applicable tool or technique that can connect to a system
could be exploited to violate the systems secuweakness. In this frame, vulnerability is also known as
rity policy
the attack surface.
Vulnerability management is the cyclical practice of
identifying, classifying, remediating, and mitigating The Committee on National Security Systems of United
vulnerabilities.[2] This practice generally refers to soft- States of America dened vulnerability in CNSS Instruction No. 4009 dated 26 April 2010 National Inforware vulnerabilities in computing systems.
mation Assurance Glossary:[6]
A security risk may be classied as a vulnerability. The
use of vulnerability with the same meaning of risk can
Vulnerability Weakness in an IS, system selead to confusion. The risk is tied to the potential of
curity procedures, internal controls, or implea signicant loss. Then there are vulnerabilities withmentation that could be exploited
out risk: for example when the aected asset has no
value. A vulnerability with one or more known instances
of working and fully implemented attacks is classied as Many NIST publications dene vulnerability in IT con[7]
[8]
an exploitable vulnerability a vulnerability for which test in dierent publications: FISMApedia term pro[9]
vide
a
list.
Between
them
SP
800-30,
give
a
broader
an exploit exists. The window of vulnerability is the
time from when the security hole was introduced or mani- one:
fested in deployed software, to when access was removed,
a security x was available/deployed, or the attacker was
A aw or weakness in system security procedisabledsee zero-day attack.
dures, design, implementation, or internal controls that could be exercised (accidentally trigSecurity bug (security defect) is a narrower concept: there
gered or intentionally exploited) and result in a
are vulnerabilities that are not related to software: hardsecurity breach or a violation of the systems seware, site, personnel vulnerabilities are examples of vulcurity policy.
nerabilities that are not software security bugs.
Constructs in programming languages that are dicult to
use properly can be a large source of vulnerabilities.
ENISA denes vulnerability in[10] as:

The existence of a weakness, design, or implementation error that can lead to an unexpected,
undesirable event [G.11] compromising the security of the computer system, network, application, or protocol involved.(ITSEC)
30.1 Denitions
ISO 27005 denes vulnerability as:[3]
A weakness of an asset or group of assets that
can be exploited by one or more threats
The Open Group denes vulnerability in[11] as:
where an asset is anything that has value to the organization, its business operations and their continuity, including
155
The probability that threat capability exceeds

the ability to resist the threat.
156
CHAPTER 30. VULNERABILITY (COMPUTING)
Factor Analysis of Information Risk (FAIR) denes vulnerability as:[12]

The probability that an asset will be unable to
resist the actions of a threat agent
According FAIR vulnerability is related to Control
Strength, i.e. the strength of a control as compared to a
standard measure of force and the threat Capabilities, i.e.
the probable level of force that a threat agent is capable
of applying against an asset.
ISACA denes vulnerability in Risk It framework as:
A weakness in design, implementation, operation or internal control
Data and Computer Security: Dictionary of standards
concepts and terms, authors Dennis Longley and Michael
Shain, Stockton Press, ISBN 0-935859-17-9, denes vulnerability as:
1) In computer security, a weakness in automated systems security procedures, administrative controls, Internet controls, etc., that could be
exploited by a threat to gain unauthorized access
to information or to disrupt critical processing.
2) In computer security, a weakness in the physical layout, organization, procedures, personnel,
management, administration, hardware or softwarethat may be exploited to cause harm to the
ADP system or activity. 3) In computer security, any weakness or aw existing in a system.
The attack or harmful event, or the opportunity
available to a threat agent to mount that attack.
Matt Bishop and Dave Bailey[13] give the following denition of computer vulnerability:
A computer system is composed of states describing the current conguration of the entities
that make up the computer system. The system
computes through the application of state transitions that change the state of the system. All
states reachable from a given initial state using
a set of state transitions fall into the class of authorized or unauthorized, as dened by a security policy. In this paper, the denitions of these
classes and transitions is considered axiomatic.
A vulnerable state is an authorized state from
which an unauthorized state can be reached using authorized state transitions. A compromised
state is the state so reached. An attack is a sequence of authorized state transitions which end
in a compromised state. By denition, an attack begins in a vulnerable state. A vulnerability is a characterization of a vulnerable state
which distinguishes it from all non-vulnerable
states. If generic, the vulnerability may characterize many vulnerable states; if specic, it may
characterize only one...
National Information Assurance Training and Education
Center denes vulnerability: [14][15]
A weakness in automated system security procedures, administrative controls, internal controls, and so forth, that could be exploited by a
threat to gain unauthorized access to information or disrupt critical processing. 2. A weakness in system security procedures, hardware
design, internal controls, etc. , which could be
exploited to gain unauthorized access to classied or sensitive information. 3. A weakness
in the physical layout, organization, procedures,
personnel, management, administration, hardware, or software that may be exploited to cause
harm to the ADP system or activity. The presence of a vulnerability does not in itself cause
harm; a vulnerability is merely a condition or set
of conditions that may allow the ADP system or
activity to be harmed by an attack. 4. An assertion primarily concerning entities of the internal
environment (assets); we say that an asset (or
class of assets) is vulnerable (in some way, possibly involving an agent or collection of agents);
we write: V(i,e) where: e may be an empty set.
5. Susceptibility to various threats. 6. A set
of properties of a specic internal entity that, in
union with a set of properties of a specic external entity, implies a risk. 7. The characteristics
of a system which cause it to suer a denite
degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of eects in an unnatural (manmade) hostile environment.
30.2 Vulnerability and risk factor

models
A resource (either physical or logical) may have one or
more vulnerabilities that can be exploited by a threat
agent in a threat action. The result can potentially compromise the condentiality, integrity or availability of resources (not necessarily the vulnerable one) belonging
to an organization and/or others parties involved (customers, suppliers).
The so-called CIA triad is the basis of Information Security.
An attack can be active when it attempts to alter system resources or aect their operation, compromising integrity or availability. A "passive attack" attempts to learn
or make use of information from the system but does not
aect system resources, compromising condentiality.[5]
30.5. CAUSES
157
inadequate recruiting process
inadequate security awareness
site
area subject to ood
OWASP: relationship between threat agent and business impact
unreliable power source

organizational
OWASP (see gure) depicts the same phenomenon in

slightly dierent terms: a threat agent through an attack
vector exploits a weakness (vulnerability) of the system
and the related security controls, causing a technical impact on an IT resource (asset) connected to a business
impact.
The overall picture represents the risk factors of the risk
scenario.[16]
30.3 Information security management system

A set of policies concerned with information security
management, the information security management system (ISMS), has been developed to manage, according to
Risk management principles, the countermeasures in order to ensure the security strategy is set up following the
rules and regulations applicable in a country. These countermeasures are also called Security controls, but when
applied to the transmission of information they are called
security services.[17]
30.4 Classication
Vulnerabilities are classied according to the asset class
they are related to:[3]
hardware
susceptibility to humidity
susceptibility to dust
susceptibility to soiling
susceptibility to unprotected storage
software
insucient testing
lack of audit trail
network
unprotected communication lines
insecure network architecture
personnel
lack of regular audits

lack of continuity plans
lack of security
30.5 Causes
Complexity: Large, complex systems increase the
probability of aws and unintended access points[18]
Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases
the probability an attacker has or can nd the knowledge and tools to exploit the aw[19]
Connectivity: More physical connections, privileges, ports, protocols, and services and time each
of those are accessible increase vulnerability[12]
Password management aws: The computer user
uses weak passwords that could be discovered by
brute force. The computer user stores the password on the computer where a program can access
it. Users re-use passwords between many programs
and websites.[18]
Fundamental operating system design aws: The
operating system designer chooses to enforce suboptimal policies on user/program management. For
example operating systems with policies such as
default permit grant every program and every user
full access to the entire computer.[18] This operating
system aw allows viruses and malware to execute
commands on behalf of the administrator.[20]
Internet Website Browsing: Some internet websites
may contain harmful Spyware or Adware that can
be installed automatically on the computer systems.
After visiting those websites, the computer systems
become infected and personal information will be
collected and passed on to third party individuals.[21]
Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an
application.[18]
158
Unchecked user input: The program assumes that
all user input is safe. Programs that do not check
user input can allow unintended direct execution
of commands or SQL statements (known as Buer
overows, SQL injection or other non-validated
inputs).[18]

Some sets of criteria to be satised by a computer, its
operating system and applications in order to meet a good
security level have been developed: ITSEC and Common
criteria are two examples.
30.7 Vulnerability disclosure
Not learning from past mistakes:[22][23] for example most vulnerabilities discovered in IPv4 protocol software were discovered in the new IPv6 Responsible disclosure (many now refer to it as 'coordinated disclosure' because the rst is a biased word) of
implementations.[24]
vulnerabilities is a topic of great debate. As reported by
The research has shown that the most vulnerable point The Tech Herald in August 2010, "Google, Microsoft,
in most information systems is the human user, opera- TippingPoint, and Rapid7 have recently issued guidelines
how they will deal with disclotor, designer, or other human:[25] so humans should be and statements addressing
[27]
sure
going
forward.
considered in their dierent roles as asset, threat, information resources. Social engineering is an increasing security concern.
30.6 Vulnerability consequences
A responsible disclosure rst alerts the aected vendors condentially before alerting CERT two weeks later,
which grants the vendors another 45 day grace period before publishing a security advisory.
Full disclosure is done when all the details of vulnerability

is publicized, perhaps with the intent to put pressure on
The impact of a security breach can be very high. The the software or procedure authors to nd a x urgently.
fact that IT managers, or upper management, can (easWell respected authors have published books on vulnerily) know that IT systems and applications have vulneraabilities and how to exploit them: Hacking: The Art of
bilities and do not perform any action to manage the IT
Exploitation Second Edition is a good example.
risk is seen as a misconduct in most legislations. Privacy
law forces managers to act to reduce the impact or likeli- Security researchers catering to the needs of the
hood of that security risk. Information technology secu- cyberwarfare or cybercrime industry have stated that this
rity audit is a way to let other independent people cer- approach does not provide them with adequate income
tify that the IT environment is managed properly and for their eorts.[28] Instead, they oer their exploits prilessen the responsibilities, at least having demonstrated vately to enable Zero day attacks.
the good faith. Penetration test is a form of verication The never ending eort to nd new vulnerabilities and to
of the weakness and countermeasures adopted by an or- x them is called Computer insecurity.
ganization: a White hat hacker tries to attack an organizations information technology assets, to nd out how In January 2014 when Google revealed a Microsoft vuleasy or dicult it is to compromise the IT security. [26] nerability before Microsoft released a patch to x it, a
The proper way to professionally manage the IT risk is to Microsoft representative called for coordinated practices
[29]
adopt an Information Security Management System, such among software companies in revealing disclosures.
as ISO/IEC 27002 or Risk IT and follow them, according to the security strategy set forth by the upper manage30.7.1 Vulnerability inventory
ment. [17]
One of the key concept of information security is the prin- Mitre Corporation maintains a list of disclosed vulneraciple of defence in depth: i.e. to set up a multilayer de- bilities in a system called Common Vulnerabilities and
fence system that can:
Exposures, where vulnerability are classied (scored) using Common Vulnerability Scoring System (CVSS).
prevent the exploit
OWASP collects a list of potential vulnerabilities in or detect and intercept the attack
nd out the threat agents and prosecute them
der to prevent system designers and programmers from

inserting vulnerabilities into the software.[30]
Intrusion detection system is an example of a class of systems used to detect attacks.
30.8 Vulnerability disclosure date
Physical security is a set of measures to protect physically the information asset: if somebody can get physical
access to the information asset, it is quite easy to make
resources unavailable to its legitimate users.
The time of disclosure of a vulnerability is dened differently in the security community and industry. It is
most commonly referred to as a kind of public disclosure of security information by a certain party. Usually,
30.10. EXAMPLES OF VULNERABILITIES
159
vulnerability information is discussed on a mailing list or

and their combinations.
published on a security web site and results in a security
advisory afterward.
It is evident that a pure technical approach cannot even
The time of disclosure is the rst date a security vul- protect physical assets: one should have administrative
nerability is described on a channel where the disclosed procedure to let maintenance personnel to enter the facilinformation on the vulnerability has to fulll the follow- ities and people with adequate knowledge of the procedures, motivated to follow it with proper care. See Social
ing requirement:
engineering (security).
The information is freely available to the public
The vulnerability information is published by a
trusted and independent channel/source
The vulnerability has undergone analysis by experts
such that risk rating information is included upon
disclosure
30.9 Identifying and removing vulnerabilities
Four examples of vulnerability exploits:

an attacker nds and uses an overow weakness to
install malware to export sensitive data;
an attacker convinces a user to open an email message with attached malware;
an insider copies a hardened, encrypted program
onto a thumb drive and cracks it at home;
a ood damages ones computer systems installed at
ground oor.
Many software tools exist that can aid in the discovery

(and sometimes removal) of vulnerabilities in a computer 30.10.1 Software vulnerabilities
system. Though these tools can provide an auditor with
a good overview of possible vulnerabilities present, they Common types of software aws that lead to vulnerabilcan not replace human judgment. Relying solely on scan- ities include:
ners will yield false positives and a limited-scope view of
the problems present in the system.
Memory safety violations, such as:
Vulnerabilities have been found in every major operating system including Windows, Mac OS, various forms
of Unix and Linux, OpenVMS, and others. The only way
to reduce the chance of a vulnerability being used against
a system is through constant vigilance, including careful system maintenance (e.g. applying software patches),
best practices in deployment (e.g. the use of rewalls and
access controls) and auditing (both during development
and throughout the deployment lifecycle).
30.10 Examples of vulnerabilities

Vulnerabilities are related to:
physical environment of the system
Buer overows and over-reads

Dangling pointers
Input validation errors, such as:
Format string attacks
SQL injection
Code injection
E-mail injection
Directory traversal
Cross-site scripting in web applications
HTTP header injection
HTTP response splitting
Race conditions, such as:
the personnel
Time-of-check-to-time-of-use bugs
management
Symlink races
administration procedures and security measures

within the organization
business operation and service delivery
hardware
Privilege-confusion bugs, such as:

Cross-site request forgery in web applications
Clickjacking
FTP bounce attack
software
Privilege escalation
communication equipment and facilities
User interface failures, such as:
160

Warning fatigue[31] or user conditioning.
Blaming the Victim Prompting a user to make
a security decision without giving the user
enough information to answer it[32]
Race Conditions[33][34]
[13] Matt Bishop and Dave Bailey. A Critical Analysis of

Vulnerability Taxonomies. Technical Report CSE-9611, Department of Computer Science at the University
of California at Davis, September 1996
[14] Schou, Corey (1996). Handbook of INFOSEC Terms,
Version 2.0. CD-ROM (Idaho State University & Information Systems Security Organization)
Some set of coding guidelines have been developed and

a large number of static code analysers has been used to [15] NIATEC Glossary
verify that the code follows the guidelines.
[16] ISACA THE RISK IT FRAMEWORK (registration required)
30.11 See also

Browser security
Computer emergency response team
Information security
Internet security
Mobile security
Vulnerability scanner
30.12 References
[1] The Three Tenets of Cyber Security. U.S. Air Force
Software Protection Initiative. Retrieved 2009-12-15.
[2] Foreman, P: Vulnerability Management, page 1. Taylor &
Francis Group, 2010. ISBN 978-1-4398-0150-5
[3] ISO/IEC, Information technology -- Security techniquesInformation security risk management ISO/IEC FIDIS
27005:2008
[4] British Standard Institute, Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and
models for information and communications technology
security management BS ISO/IEC 13335-1-2004
[5] Internet Engineering Task Force RFC 2828 Internet Security Glossary
[6] CNSS Instruction No. 4009 dated 26 April 2010
[7] FISMApedia. smapedia.org.
[8] "Term:Vulnerability". smapedia.org.
[9] NIST SP 800-30 Risk Management Guide for Information
Technology Systems
[17] Wright, Joe; Harmening, Jim (2009). 15. In Vacca,

John. Computer and Information Security Handbook.
Morgan Kaufmann Publications. Elsevier Inc. p. 257.
ISBN 978-0-12-374354-1.
[18] Kakareka, Almantas (2009). 23. In Vacca, John. Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 393. ISBN 978-012-374354-1.
[19] Krsul, Ivan (April 15, 1997). Technical Report CSDTR-97-026. The COAST Laboratory Department of
Computer Sciences, Purdue University. CiteSeerX:
10.1.1.26.5435.
[20] The Six Dumbest Ideas in Computer Security.
ranum.com.
[21] The Web Application Security Consortium / Web Application Security Statistics. webappsec.org.
[22] Ross Anderson. Why Cryptosystems Fail. Technical report, University Computer Laboratory, Cam- bridge, January 1994.
[23] Neil Schlager. When Technology Fails: Signicant Technological Disasters, Accidents, and Failures of the Twentieth Century. Gale Research Inc., 1994.
[24] Hacking: The Art of Exploitation Second Edition
[25] Kiountouzis, E. A.; Kokolakis, S. A. Information systems
security: facing the information society of the 21st century.
London: Chapman & Hall, Ltd. ISBN 0-412-78120-4.
[26] Bavisi, Sanjay (2009). 22. In Vacca, John. Computer
and Information Security Handbook. Morgan Kaufmann
Publications. Elsevier Inc. p. 375. ISBN 978-0-12374354-1.
[27] The new era of vulnerability disclosure - a brief chat with
HD Moore. The Tech Herald.
[28] Browse - Content - SecurityStreet. rapid7.com.
[29] Betz, Chris (11 Jan 2015). A Call for Better Coordinated
Vulnerability Disclosure - MSRC - Site Home - TechNet
Blogs. blogs.technet.com. Retrieved 12 January 2015.
[10] Glossary. europa.eu.
[30] "Category:Vulnerability". owasp.org.
[11] Technical Standard Risk Taxonomy ISBN 1-931624-77-1

Document Number: C081 Published by The Open Group,
January 2009.
[31] Warning Fatigue. freedom-to-tinker.com.
[12] An Introduction to Factor Analysis of Information Risk

(FAIR)", Risk Management Insight LLC, November
2006;
[32]
[33] Jesse Ruderman Race conditions in security dialogs.
squarefree.com.
[34] lcamtufs blog. lcamtuf.blogspot.com.

Security advisories links from the Open Directory http://www.dmoz.org/Computers/Security/
Advisories_and_Patches/
161
Chapter 31
White hat (computer security)

The term "white hat" in Internet slang refers to an eth- with a great amount of media attention around the world
ical computer hacker, or a computer security expert, in 1992.[4]
who specializes in penetration testing and in other testing
methodologies to ensure the security of an organizations
information systems.[1] Ethical hacking is a term coined 31.2 Tactics
by IBM meant to imply a broader category than just penetration testing.[2] White-hat hackers may also work in
While penetration testing concentrates on attacking softteams called "sneakers",[3] red teams, or tiger teams.[4]
ware and computer systems from the start scanning
ports, examining known defects and patch installations,
for example ethical hacking, which will likely include
such things, is under no limitations when asked for by
31.1 History
stake holders in the company. A full blown ethical hack
might include emailing sta to ask for password deOne of the rst instances of an ethical hack being used tails, rummaging through executives dustbins and usually
was a security evaluation conducted by the United breaking and entering all, of course, with NO knowlStates Air Force of the Multics operating systems for edge and consent of the targets. ONLY the owners,
potential use as a two-level (secret/top secret) system. CEOs and Board Members (stake holders) whom asked
Their evaluation found that while Multics was signi- for such a security review of this magnitude are aware.
cantly better than other conventional systems, it also had A complete understanding, and sometimes if allowed by
"... vulnerabilities in hardware security, software secu- those stake holders, a complete non-understanding of
rity and procedural security that could be uncovered with the hack attempt is allowed to test penetration points.
a relatively low level of eort. The authors performed To try to replicate some of the destructive techniques a
their tests under a guideline of realism, so that their re- real attack might employ, ethical hackers may arrange
sults would accurately represent the kinds of access that for cloned test systems, or organize a hack late at night
an intruder could potentially achieve. They performed while systems are less critical.[2] In most recent cases
tests that were simple information-gathering exercises, as these hacks perpetuate for the long term con, (days, if
well as other tests that were outright attacks upon the sys- not weeks, of long term human inltration into an orgatem that might damage its integrity. Clearly, their audi- nization). Some examples include leaving USB/ash key
ence wanted to know both results. There are several other drives with hidden auto-start software in a public area, as
now unclassied reports that describe ethical hacking ac- if someone lost the small drive and an unsuspecting emtivities within the U.S. military.[4] The idea to bring this ployee found it and took it.
tactic of ethical hacking to assess security of systems was
formulated by Dan Farmer and Wietse Venema. With the Some other methods of carrying out these include:
goal of raising the overall level of security on the Internet
and intranets, they proceeded to describe how they were
DoS attacks
able to gather enough information about their targets to
Social engineering tactics
have been able to compromise security if they had chosen to do so. They provided several specic examples of
Security scanners such as:
how this information could be gathered and exploited to
gain control of the target, and how such an attack could
W3af
be prevented. They gathered up all the tools that they had
Nessus
used during their work, packaged them in a single, easyto-use application, and gave it away to anyone who chose
Nexpose
to download it. Their program, called Security Administrator Tool for Analyzing Networks, or SATAN, was met
Frameworks such as:
162
31.6. REFERENCES
Metasploit
Such methods identify and exploit known vulnerabilities,
and attempt to evade security to gain entry into secured
areas. They are able to do this by hiding software and
system 'back-doors that could be used as a link to the
information or access the non-ethical hacker, also known
as 'black-hat' or 'grey-hat', may want to reach.
31.3 Legality in the UK

Struan Robertson, legal director at Pinsent Masons LLP,
and editor of OUT-LAW.com, says Broadly speaking,
if the access to a system is authorized, the hacking is
ethical and legal. If it isn't, theres an oence under the
Computer Misuse Act. The unauthorized access oence
covers everything from guessing the password, to accessing someones webmail account, to cracking the security
of a bank. The maximum penalty for unauthorized access
to a computer is two years in prison and a ne. There are
higher penalties up to 10 years in prison when the
hacker also modies data. Unauthorized access even to
expose vulnerabilities for the benet of many is not legal, says Robertson. Theres no defense in our hacking
laws that your behavior is for the greater good. Even if
its what you believe.[2]
31.4 Employment
The United States National Security Agency oers certications such as the CNSS 4011. Such a certication covers orderly, ethical hacking techniques and teammanagement. Aggressor teams are called red teams.
Defender teams are called blue teams.[3]
31.4.1
List of prominent white hat hackers
Eric Corley
Przemysaw Frasunek
Raphael Gray
Barnaby Jack
Kevin Mitnick
Robert Tappan Morris
Kevin Poulsen
31.5 See also

Certied Ethical Hacker
Computer hacking (category)
163
IT risk
Wireless identity theft
31.6 References
[1] What is white hat? - a denition from Whatis.com.
Searchsecurity.techtarget.com. Retrieved 2012-06-06.
[2] Knight, William (16 October 2009).
License to
Hack. InfoSecurity 6 (6): 3841. doi:10.1016/s17426847(09)70019-9.
[3] What is a White Hat?". Secpoint.com. 2012-03-20. Retrieved 2012-06-06.
[4] Palmer, C.C. (2001). Ethical Hacking (PDF). IBM Systems Journal 40 (3): 769. doi:10.1147/sj.403.0769.
Chapter 32

Hacker subculture redirects here. For other hacker
subcultures, see Hacker (subculture).
32.1 Denition
The Jargon File, an inuential but not universally accepted compendium of hacker slang, denes hacker as
A person who enjoys exploring the details of programmable systems and stretching their capabilities, as
opposed to most users, who prefer to learn only the minimum necessary.[8] The Request for Comments (RFC)
1392, the Internet Users Glossary, amplies this meanA hacker is one who enjoys the intellectual challenge
ing as A person who delights in having an intimate unof creatively overcoming and circumventing limitations
derstanding of the internal workings of a system, comof programming systems and who tries to extend their
puters and computer networks in particular.[9]
capabilities.[3] The act of engaging in activities (such as
programming or other media[4] ) in a spirit of playfulness As documented in the Jargon File, these hackers are disand exploration is termed hacking. However the dening appointed by the mass media and general publics usage
characteristic of a hacker is not the activities performed of the word hacker to refer to security breakers, callthemselves (e.g. programming), but the manner in which ing them crackers instead. This includes both good
it is done: Hacking entails some form of excellence, crackers ("white hat hackers") who use their computer
for example exploring the limits of what is possible,[5] security related skills and knowledge to learn more about
thereby doing something exciting and meaningful.[4] Ac- how systems and networks work and to help to discover
tivities of playful cleverness can be said to have hack and x security holes, as well as those more evil crackvalue and are termed hacks[5] (examples include pranks ers ("black hat hackers") who use the same skills to author
at MIT intended to demonstrate technical aptitude and harmful software (like viruses, trojans, etc.) and illegally
inltrate secure systems with the intention of doing harm
cleverness).
to the system.[10] The programmer subculture of hackers,
Richard Stallman explains about hackers who program:
in contrast to the cracker community, generally sees computer security related activities as contrary to the ideals of
the original and true meaning of the hacker term that inWhat they had in common was mainly love
stead related to playful cleverness.[10]
of excellence and programming. They wanted
to make their programs that they used be as
good as they could. They also wanted to make
32.2 History
them do neat things. They wanted to be able
to do something in a more exciting way than
The word hacker derives from the seventeenth century
anyone believed possible and show Look how
word of a lusty laborer who harvested elds by dogged
wonderful this is. I bet you didn't believe this
and rough swings of his hoe. Although the idea of hackcould be done.[6]
ing has existed long before the term hackerwith the
most notable example of Lightning Ellsworth, it was not
Hackers from this subculture tend to emphatically dif- a word that the rst programmers used to describe themferentiate themselves from what they pejoratively call selves. In fact, many of the rst programmers were often"crackers"; those who are generally referred to by me- times from the engineering or physics background. But
dia and members of the general public using the term from about 1945 onward (and especially during the crehacker, and whose primary focusbe it to malign or ation of the rst ENIAC computer) some programmers
benevolent purposeslies in exploiting weaknesses in realized that their expertise in computer software and
computer security.[7]
technology had evolved not just into a profession, but into
A hacker is an adherent of the subculture that originally emerged in academia in the 1960s, around the
Massachusetts Institute of Technology (MIT)'s Tech
Model Railroad Club (TMRC)[1] and MIT Articial Intelligence Laboratory.[2]
164
32.3. ETHICS AND PRINCIPLES
165
a passion (46).[3]
It was not until the 1960s that the term hackers began
to be used to describe procient computer programmers.
Therefore, the fundamental characteristic that links all
who identify themselves as hackers are ones who enjoy "the intellectual challenge of creatively overcoming
and circumventing limitations of programming systems
and who tries to extend their capabilities (47).[3] With
this denition in mind, it can be clear where the negative
implications of the word hacker and the subculture of
hackers came from.
Some common nicknames among this culture include
crackers who are unskilled thieves who mainly rely on
luck. Others include phreakwhich refers to a type of
skilled crackers and warez d00dzwhich is a kind of
cracker that acquires reproductions of copyrighted software. Within all hackers are tiers of hackers such as
the samurai who are hackers that hire themselves out
for legal electronic locksmith work. Furthermore, there The Glider, proposed as an emblem of the hacker community
by Eric S. Raymond.
are other hackers that are hired to test security which are
called sneakers or tiger teams.
Before communications between computers and computer users were as networked as they are now, there were
multiple independent and parallel hacker subcultures, often unaware or only partially aware of each others existence. All of these had certain important traits in common:
increasing adoption of common slang and a shared view

of history, similar to the way in which other occupational
groups have professionalized themselves but without the
formal credentialing process characteristic of most professional groups.
Over time, the academic hacker subculture has tended

to become more conscious, more cohesive, and better
Creating software and sharing it with each other
organized. The most important consciousness-raising
moments have included the composition of the rst
Placing a high value on freedom of inquiry
Jargon File in 1973, the promulgation of the GNU Manifesto in 1985, and the publication of Eric Raymond's
Hostility to secrecy
The Cathedral and the Bazaar in 1997. Correlated
Information-sharing as both an ideal and a practical with this has been the gradual recognition of a set of
strategy
shared culture heroes, including: Bill Joy, Donald Knuth,
Dennis Ritchie, Paul Graham, Alan Kay, Ken ThompUpholding the right to fork
son, Richard M. Stallman, Linus Torvalds, Larry Wall,
and Guido Van Rossum.
Emphasis on rationality
The concentration of academic hacker subculture has paralleled and partly been driven by the commoditization
Playful cleverness, taking the serious humorously of computer and networking technology, and has in turn
accelerated that process. In 1975, hackerdom was scatand the humor seriously
tered across several dierent families of operating systems and disparate networks; today it is largely a Unix and
These sorts of subcultures were commonly found at
TCP/IP phenomenon, and is concentrated around variacademic settings such as college campuses. The MIT
ous operating systems based on free software and openArticial Intelligence Laboratory, the University of Calsource software development.
ifornia, Berkeley and Carnegie Mellon University were
particularly well-known hotbeds of early hacker culture.
They evolved in parallel, and largely unconsciously, until
the Internet, where a legendary PDP-10 machine at MIT, 32.3 Ethics and principles
called AI, that was running ITS, provided an early meeting point of the hacker community. This and other developments such as the rise of the free software movement Main article: Hacker ethic
and community drew together a critically large population
and encouraged the spread of a conscious, common, and Many of the values and tenets of the free and open source
systematic ethos. Symptomatic of this evolution were an software movement stem from the hacker ethics that orig Distaste for authority
166
CHAPTER 32. HACKER (PROGRAMMER SUBCULTURE)
inated at MIT[11] and at the Homebrew Computer Club. 32.5 Hack value
The hacker ethics were chronicled by Steven Levy in
Hackers: Heroes of the Computer Revolution[12] and in Hack value is the notion used by hackers to express that
other texts in which Levy formulates and summarizes something is worth doing or is interesting.[15] This is
general hacker attitudes:
something that hackers often feel intuitively about a problem or solution.
Access to computers-and anything that might teach An aspect of hack value is performing feats for the sake
you something about the way the world works- of showing that they can be done, even if others think it
should be unlimited and total.
is dicult. Using things in a unique way outside their intended purpose is often perceived as having hack value.
All information should be free.
Examples are using a dot matrix impact printer to produce musical notes, using a atbed scanner to take ultra Hackers should be judged by their hacking, not bo- high-resolution photographs or using an optical mouse as
barcode reader.
gus criteria such as degrees, age, race, or position.
A solution or feat has hack value if it is done in a way
that has nesse, cleverness or brilliance, which makes
creativity an essential part of the meaning. For exam Computers can change your life for the better.
ple, picking a dicult lock has hack value; smashing a
lock does not. As another example, proving Fermats last
theorem by linking together most of modern mathematHacker ethics are concerned primarily with sharing,
ics has hack value; solving a combinatorial problem by
openness, collaboration, and engaging in the hands-on
exhaustively trying all possibilities does not. Hacking is
imperative.[12]
not using process of elimination to nd a solution; its the
Linus Torvalds, one of the leaders of the open source process of nding a clever solution to a problem.
movement (known primarily for developing the Linux
kernel), has noted in the book The Hacker Ethic[13] that
these principles have evolved from the known Protestant
32.6 See also
ethics and incorporates the spirits of capitalism, as introduced in the early 20th century by Max Weber.
Cowboy coding: software development without the
use of strict software development methodologies
You can create art and beauty on a computer.
32.4 Use outside of computing

While using hacker to refer to someone who enjoys playful cleverness is most often applied to computer programmers, it is sometimes used for people who apply the same
attitude to other elds.[7] For example, Richard Stallman describes the silent composition 433 by John Cage
and the 14th century palindromic three-part piece Ma
Fin Est Mon Commencement by Guillaume de Machaut
as hacks.[14] According to the Jargon File,[8] the word
hacker was used in a similar sense among radio amateurs
in the 1950s, predating the software hacking community.
The book Inside Narcotics, a semi-clandestine work appearing in 1990 and in its fth English edition as of 2007
which is a compendium of scientic, historical, and cultural information about the opiates and related drugs and
includes historical and scientic research on more than
150 drugs of this type, includes a discussion of the term in
its Introduction. After making the above-mentioned distinction betwixt crackers and hackers (a hacker is simply
an autodidact, someone who doesn't feel satised with the
information spoon-fed to the masses by the grey forces of
mediocrity...) it goes on to say it is therefore possible to
be a phone hacker [ phreaker ], music hacker, sex hacker,
drugs hacker, politics hacker, religion hacker...
Demoscene
History of free software
Unix philosophy
32.7 References
[1] TMRC - Hackers
[2] Words to Avoid (or Use with Care) Because They Are
Loaded or Confusing (gnu.org)
[3] Gehring, Verna (2004). The Internet In Public Life. Maryland: Rowman & Littleeld Publishers. pp. 4356. ISBN
0742542335.
[4] The Hacker Community and Ethics: An Interview with
Richard M. Stallman, 2002 (gnu.org)
[5] On Hacking (stallman.org)
[6] Richard Stallman: interview as shown in Hackers Wizards of the Electronic Age
[7] Raymond, Eric (2008-01-08). How To Become A
Hacker. Thyrsus Enterprises. Retrieved 2008-03-16.
[8] Raymond, Eric, ed. (2003-12-29). hacker. Jargon File

(version 4.4.7 ed.). Retrieved 2008-03-02.
[9] Internet Users Glossary (Request for Comments 1392),
January 1993
[10] Denition of Cracker in the Jargon File
[11] The Hackers Ethics. Retrieved 31 August 2011.
[12] Levy, S: Hackers: Heroes of the Computer Revolution,
Anchor Press/Doubleday, 1984. ISBN 0-385-19195-2
[13] Himanen, Pekka; Linus Torvalds, and Manuel Castells
(2001). The Hacker Ethic. Secker & Warburg. ISBN
0-436-20550-5.
[14] Stallman, Richard (2002). On Hacking. Retrieved
2008-03-16.
[15] Denition of 'hack value' in the Jargon File

The Jargon File has had a role in acculturating hackers
since its origins in 1975. These academic and literary
works helped shape the academic hacker subculture:
Abelson, Hal; Sussman, Gerald Jay. Structure and
Interpretation of Computer Programs. London: MIT
Press. ISBN 9780070004849.
Aho; Sethi; Ullman. Compilers: Principles, Techniques, and Tools. Reading, MA: Addison-Wesley.
ISBN 9780201100884.
Bourne, Stephen R.. The Unix System. Reading,
MA: Addison-Wesley. ISBN 9780201137910.
Brooks, Fred. The Mythical Man-Month. Reading,
MA: Addison-Wesley. ISBN 9780201006506.
Graham, Paul. Hackers & Painters. Sebastopol, CA:
O'Reilly Media. ISBN 9780596006624.
Hoftstadter, Douglas. Gdel, Escher, Bach. New
York, NY: Basic Books. ISBN 9780465026852.
James, Georey. The Tao of Programming. Santa
Monica, CA: InfoBooks. ISBN 9780931137075.
Kernighan, Brian W.; Ritchie, Dennis. The C
Programming Language. Englewood Clis, NJ:
Prentice Hall. ISBN 9780131103702.
Kidder, Tracy. The Soul of a New Machine.
Boston, MA: Little, Brown and Company. ISBN
9780316491709.
Knuth, Donald. The Art of Computer Programming. Reading, MA: Addison-Wesley. ISBN
9780201038019.
167
Levy, Steven. Hackers: Heroes of the Computer
Revolution. Garden City, NY: Anchor Press /
Doubleday. ISBN 9780385191951.
Raymond, Eric S..
The Cathedral and the
Bazaar. Cambridge, MA: O'Reilly Media. ISBN
9781565927247.
Stoll, Cli. The Cuckoos Egg. New York, NY:
Doubleday. ISBN 9780385249461.
32.9 External links

A Brief History of Hackerdom
Hack, Hackers, and Hacking (see Appendix A)
Gabriella Coleman: The Anthropology of Hackers.
The Atlantic, 2010.
Chapter 33
Hacker ethic
For the book, see The Hacker Ethic. For uses in com- The free software movement was born in the early 1980s
puter security hacking, see Hacker (computer security), from followers of the hacker ethic. Its founder, Richard
Hacker Manifesto, and White hat (computer security)
Stallman, is referred to by Steven Levy as the last true
hacker.[3] Modern hackers who hold true to the hacker
Hacker ethic is a term for the moral values and philos- ethicsespecially the Hands-On Imperativeare usually
ophy that are common in the hacker community. The supporters of free and open source software. This is beearly hacker culture and resulting philosophy originated cause free and open source software allows hackers to get
at the Massachusetts Institute of Technology (MIT) in the access to the source code used to create the software, to
1950s and 1960s. The term hacker ethic is attributed to allow it to be improved or reused in other projects.
journalist Steven Levy as described in his 1984 book ti- Richard Stallman describes:
tled Hackers: Heroes of the Computer Revolution. The key
points within this ethic are access, freedom of informaThe hacker ethic refers to the feelings of
tion, and improvement to quality of life.
right and wrong, to the ethical ideas this community of people hadthat knowledge should
While some tenets of hacker ethic were described in other
be shared with other people who can benet
texts like Computer Lib/Dream Machines (1974) by Ted
from it, and that important resources should be
Nelson, Levy appears to have been the rst to document
utilized rather than wasted.[4]
both the philosophy and the founders of the philosophy.
Levy explains that MIT housed an early IBM 704
computer inside the Electronic Accounting Machinery and states more precisely that hacking (which Stallman
(EAM) room in 1959. This room became the staging denes as playful cleverness) and ethics are two separate
grounds for early hackers, as MIT students from the Tech issues:
Model Railroad Club sneaked inside the EAM room afJust because someone enjoys hacking does
ter hours to attempt programming the 30-ton, 9-foot-tall
not mean he has an ethical commitment to
(2.7 m) computer.
treating other people properly. Some hackers
The MIT group dened a hack as a project undertaken or
care about ethicsI do, for instancebut that
a product built to fulll some constructive goal, but also
is not part of being a hacker, it is a separate
[1]
with some wild pleasure taken in mere involvement.
trait. [...] Hacking is not primarily about an
The term hack arose from MIT lingo, as the word had
ethical issue.
long been used to describe college pranks that MIT stu[...] hacking tends to lead a signicant number
dents would regularly devise. However, Levys hacker
of hackers to think about ethical questions in
ethic also has often been quoted out of context and misa certain way. I would not want to completely
understood to refer to hacking as in breaking into comdeny all connection between hacking and views
puters, and so many sources incorrectly imply that it is deon ethics.[5]
scribing the ideals of white-hat hackers. However, what
Levy is talking about does not necessarily have anything
particular to do with computer security, but addresses
33.1 The hacker ethics
broader issues.
The hacker ethic was described as a new way of life,
with a philosophy, an ethic and a dream. However, the As Levy summarized in the preface of Hackers,[6]the genelements of the hacker ethic were not openly debated eral tenets or principles of hacker ethic include:
and discussed; rather they were implicitly accepted and
Sharing
silently agreed upon.[2]
Openness
168
33.1. THE HACKER ETHICS

Decentralization
Free access to computers
World Improvement
169
tasks with few instructions.[15] A programs code
was considered to hold a beauty of its own, having
been carefully composed and artfully arranged.[16]
Learning to create programs which used the least
amount of space almost became a game between
the early hackers.[13]
In addition to those principles, Levy also described more

specic hacker ethics and beliefs in chapter 2, The Hacker Computers can change your life for the better
Ethic:[7] The ethics he described in chapter 2 are:
Hackers felt that computers had enriched their
lives, given their lives focus, and made their lives
Access to computersand anything which might
adventurous.
Hackers regarded computers as
teach you something about the way the world works
Aladdins lamps that they could control.[17] They
should be unlimited and total. Always yield to the
believed that everyone in society could benet from
Hands-On Imperative!
experiencing such power and that if everyone could
Levy is recounting hackers abilities to learn and
interact with computers in the way that hackers
build upon pre-existing ideas and systems. He
did, then the hacker ethic might spread through
believes that access gives hackers the opportunity
society and computers would improve the world.[18]
to take things apart, x, or improve upon them and
The hacker succeeded in turning dreams of endless
to learn and understand how they work. This gives
possibilities into realities. The hackers primary
them the knowledge to create new and even more
object was to teach society that the world opened
interesting things.[8][9] Access aids the expansion of
up by the computer was a limitless one (Levy
technology.
230:1984)[13]
All information should be free Linking directly with
the principle of access, information needs to be free
for hackers to x, improve, and reinvent systems. A 33.1.1 Sharing
free exchange of information allows for greater overall creativity.[10] In the hacker viewpoint, any system From the early days of modern computing through to the
could benet from an easy ow of information,[11] 1970s, it was far more common for computer users to
a concept known as transparency in the social sci- have the freedoms that are provided by an ethic of open
ences. As Stallman notes, free refers to unre- sharing and collaboration. Software, including source
code, was commonly shared by individuals who used
stricted access; it does not refer to price.[12]
computers. Most companies had a business model based
Mistrust authoritypromote decentralization
on hardware sales, and provided or bundled the associThe best way to promote the free exchange of ated software free of charge. According to Levys acinformation is to have an open system that presents count, sharing was the norm and expected within the
no boundaries between a hacker and a piece of non-corporate hacker culture. The principle of sharing
information or an item of equipment that he needs stemmed from the open atmosphere and informal access
in his quest for knowledge, improvement, and time to resources at MIT. During the early days of computers
on-line.[11] Hackers believe that bureaucracies, and programming, the hackers at MIT would develop a
whether corporate, government, or university, are program and share it with other computer users.
awed systems.
If the hack was deemed particularly good, then the proHackers should be judged by their hacking, not cri- gram might be posted on a board somewhere near one
teria such as degrees, age, race, sex, or position
of the computers. Other programs that could be built
Inherent in the hacker ethic is a meritocratic system upon it and improved it were saved to tapes and added to
where superciality is disregarded in esteem of skill. a drawer of programs, readily accessible to all the other
Levy articulates that criteria such as age, sex, race, hackers. At any time, a fellow hacker might reach into
position, and qualication are deemed irrelevant the drawer, pick out the program, and begin adding to
within the hacker community.[13] Hacker skill is the it or bumming it to make it better. Bumming referred
ultimate determinant of acceptance. Such a code to the process of making the code more concise so that
within the hacker community fosters the advance of more can be done in fewer instructions, saving precious
hacking and software development. In an example memory for further enhancements.
of the hacker ethic of equal opportunity,[14] L Peter
Deutsch, a twelve-year-old hacker, was accepted in In the second generation of hackers, sharing was about
the TX-0 community, though he was not recognized sharing with the general public in addition to sharing with
other hackers. A particular organization of hackers that
by non-hacker graduate students.
was concerned with sharing computers with the general
You can create art and beauty on a computer
public was a group called Community Memory. This
Hackers deeply appreciate innovative techniques group of hackers and idealists put computers in public
which allow programs to perform complicated places for anyone to use. The rst community computer
170
CHAPTER 33. HACKER ETHIC
was placed outside of Leopolds Records in Berkeley, Homebrew Computer Club and the Peoples Computer
California.
Company helped hackers network, collaborate, and share
Another sharing of resources occurred when Bob Al- their work.
brecht provided considerable resources for a non-prot
organization called the Peoples Computer Company
(PCC). PCC opened a computer center where anyone
could use the computers there for fty cents per hour.
The concept of community and collaboration is still relevant today, although hackers are no longer limited to
collaboration in geographic regions. Now collaboration
takes place via the Internet. Eric S. Raymond identies
This second generation practice of sharing contributed and explains[22]this conceptual shift in The Cathedral and
to the battles of free and open software. In fact, when the Bazaar:
Bill Gates' version of BASIC for the Altair was shared
Before cheap Internet, there were some geamong the hacker community, Gates claimed to have lost
ographically
compact communities where the
a considerable sum of money because few users paid for
culture
encouraged
Weinbergs egoless prothe software. As a result, Gates wrote an Open Letter
gramming,
and
a
developer
could easily attract
[19][20]
to Hobbyists.
This letter was published by several
a
lot
of
skilled
kibitzers
and
co-developers.
computer magazines and newsletters, most notably that of
Bell
Labs,
the
MIT
AI
and
LCS
labs, UC
the Homebrew Computer Club where much of the sharBerkeley:
these
became
the
home
of
innovaing occurred.
tions that are legendary and still potent.
Raymond also notes that the success of Linux coincided
with the wide availability of the World Wide Web. The
Many of the principles and tenets of hacker ethic con- value of community is still in high practice and use today.
tribute to a common goal: the Hands-On Imperative. As
Levy described in Chapter 2, Hackers believe that essential lessons can be learned about the systemsabout the 33.2 Levys true hackers
worldfrom taking things apart, seeing how they work,
and using this knowledge to create new and more inter- Levy identies several true hackers who signicantly
esting things.[21]
inuenced the hacker ethic. Some well-known true
Employing the Hands-On Imperative requires free ac- hackers include:
cess, open information, and the sharing of knowledge. To
John McCarthy: Co-founder of the MIT Articial
a true hacker, if the Hands-On Imperative is restricted,
Intelligence Lab and Stanford AI Laboratory
then the ends justify the means to make it unrestricted
so that improvements can be made. When these princi Bill Gosper: Mathematician and hacker
ples are not present, hackers tend to work around them.
Richard Greenblatt: Programmer and early designer
For example, when the computers at MIT were protected
of LISP machines
either by physical locks or login programs, the hackers
there systematically worked around them in order to have
Richard Stallman: Programmer and political activist
access to the machines. Hackers assumed a willful blindwho is well known for GNU, Emacs and the Free
[10]
ness in the pursuit of perfection.
Software Movement
This behavior was not malicious in nature: the MIT hackers did not seek to harm the systems or their users. This Levy also identied the hardware hackers (the secdeeply contrasts with the modern, media-encouraged im- ond generation, mostly centered in Silicon Valley) and
age of hackers who crack secure systems in order to steal the game hackers (or the third generation). All three
information or complete an act of cyber-vandalism.
generations of hackers, according to Levy, embodied the
principles of the hacker ethic. Some of Levys secondgeneration hackers include:
33.1.2
Hands-On Imperative
33.1.3
Community and collaboration
Throughout writings about hackers and their work processes, a common value of community and collaboration
is present. For example, in Levys Hackers, each generation of hackers had geographically based communities where collaboration and sharing occurred. For the
hackers at MIT, it was the labs where the computers
were running. For the hardware hackers (second generation) and the game hackers (third generation) the geographic area was centered in Silicon Valley where the
Steve Wozniak: One of the founders of Apple Computer

Bob Marsh: A designer of the Sol-20 computer
Fred Moore: Activist and founder of the Homebrew
Computer Club
Steve Dompier: Homebrew Computer Club member and hacker who worked with the early Altair
8800
33.5. FOOTNOTES
Lee Felsenstein: A hardware hacker and co-founder
of Community Memory and Homebrew Computer
Club; a designer of the Sol-20 computer
John Draper: A legendary gure in the computer
programming world. He wrote EasyWriter, the rst
word processor.
171
Free software movement
Free software philosophy
33.5 Footnotes
[1] Hackers. pg 9
Levys third generation practitioners of hacker ethic include:

John Harris: One of the rst programmers hired at
On-Line Systems (which later became Sierra Entertainment)
Ken Williams: Along with wife Roberta, founded
On-Line Systems after working at IBM
[2] Hackers. pg. 26

[3] See the title and content of the Epilogue to Hackers:
Heroes of the Computer Revolution
[4] MEME 2.04 (1996)
[5] The Hacker Community and Ethics: An Interview with
Richard M. Stallman, 2002
[6] Hackers, page ix.
33.3 Other descriptions
[7] Hackers, pages 2636.

[8] Hackers, p. 226
In 2001, Finnish philosopher Pekka Himanen promoted [9] Hackers, pp 3-36

the hacker ethic in opposition to the Protestant work
ethic. In Himanens opinion, the hacker ethic is more [10] Hackers. pg 27
closely related to the virtue ethics found in the writings
[11] Hackers. pg 28
of Plato and of Aristotle. Himanen explained these ideas
in a book, The Hacker Ethic and the Spirit of the Informa- [12] http://faculty.nps.edu/dedennin/publications/
tion Age, with a prologue contributed by Linus Torvalds
ConcerningHackers-NCSC.txt
and an epilogue by Manuel Castells.
In this manifesto, the authors wrote about a hacker ethic
centering around passion, hard work, creativity and joy in
creating software. Both Himanen and Torvalds were inspired by the Sampo in Finnish mythology. The Sampo,
described in the Kalevala saga, was a magical artifact constructed by Ilmarinen, the blacksmith god, that brought
good fortune to its holder; nobody knows exactly what it
was supposed to be. The Sampo has been interpreted in
many ways: a world pillar or world tree, a compass or
astrolabe, a chest containing a treasure, a Byzantine coin
die, a decorated Vendel period shield, a Christian relic,
etc. Kalevala saga compiler Lnnrot interpreted it to be
a quern or mill of some sort that made our, salt, and
gold out of thin air.
[13] Hackers, pp 336
[14] http://gabriellacoleman.org/biella/
Coleman-Golub-Hacker-Practice.pdf
[15] Hackers. pg 31
[16] Hackers. pg 3031
[17] Hackers. pg 33
[18] Hackers. pg 36
[19] Charles Leadbetter (2008). We-Think. Prole Books.
[20] Fiona Macdonald (12 March 2008). Get a fair share of
creativity. Metro.
[21] Hackers, pages 2736.
The hacker ethic and its wider context can be associated

with liberalism and anarchism.
[22] The Social Context of Open-Source Software.
Catb.org. Retrieved 2011-07-01.
33.4 See also

Hacks at the Massachusetts Institute of Technology
Hacker (term)
Tech Model Railroad Club
The Cathedral and the Bazaar
33.6 References
Himanen, Pekka (2001). The Hacker Ethic and the
Spirit of the Information Age. New York: Random
House. ISBN 0375505660. OCLC 45393052.
Levy, Steven (2001). Hackers: Heroes of the Computer Revolution (updated ed.). New York: Penguin
Books. ISBN 0141000511. OCLC 47216793.
172

Weinberg, Gerald M. (19982001). The psychology of computer programming (Silver anniversary
ed.). New York: Dorset House Publ. ISBN 9780-932633-42-2.
33.8 External links

Gabriella Coleman, an anthropologist at McGill
University, studies hacker cultures and has written
extensively on the hacker ethic and culture
Tom Chances essay on The Hacker Ethic and Meaningful Work
Hacker ethic from the Jargon le
Directory of free software
ITERATIVE DISCOURSE AND THE FORMATION OF NEW SUBCULTURES by Steve
Mizrach describes the hacker terminology, including the term cracker.
Richard Stallmans Personal Website
Is there a Hacker Ethic for 90s Hackers? by Steven
Mizrach
The Hackers Ethics by the Cyberpunk Project
33.9. TEXT AND IMAGE SOURCES, CONTRIBUTORS, AND LICENSES
173
33.9 Text and image sources, contributors, and licenses

33.9.1
Text
Antivirus software Source: http://en.wikipedia.org/wiki/Antivirus%20software?oldid=661991271 Contributors: Bryan Derksen, Zundark, Danny, Fubar Obfusco, William Avery, DennisDaniels, Edward, Pnm, Tannin, Tgeorgescu, Minesweeper, CesarB, Ronz, Yaronf,
Rlandmann, Whkoh, Stefan-S, Nikai, IMSoP, RickK, Pedant17, Furrykef, Tempshill, Omegatron, Pakaran, Shantavira, Robbot, Chealer,
Boy b, Calimero, RedWolf, Altenmann, KellyCoinGuy, Iaen, Delpino, Lzur, David Gerard, Fabiform, Graeme Bartlett, Laudaka, Eran,
Noone~enwiki, Rick Block, AlistairMcMillan, Solipsist, Wmahan, Utcursch, SoWhy, Beland, Piotrus, Cynical, Gscshoyru, TonyW, Hobart, Eisnel, Discospinster, Rich Farmbrough, ESkog, JoeSmack, Evice, Aecis, Chungy, PhilHibbs, Sietse Snel, Femto, Perfecto, Stesmo,
Longhair, Orbst, Richi, TheProject, Troels Nybo~enwiki, Timsheridan, Hagerman, Alansohn, CyberSkull, Conan, PatrickFisher, Babajobu, Stephen Turner, Snowolf, Wtmitchell, Downlode, Rotring, Nightstallion, Umapathy, Woohookitty, Mindmatrix, Armando, Robwingeld, Pol098, Urod, Isnow, Kralizec!, Pictureuploader, Palica, Matturn, Cuvtixo, Kbdank71, Yurik, Ryan Norton, Rjwilmsi, DirkvdM,
RainR, FlaBot, JiFish, RexNL, Gurch, DavideAndrea, ChongDae, Born2cycle, Melancholie, Ahunt, Peterl, Gwernol, YurikBot, Wavelength, Borgx, Grizzly37, Wfried, Arado, TheDoober, Piet Delport, SpuriousQ, Akhristov, Claunia, NawlinWiki, Hm2k, Badagnani, Arichnad, Vlad, Bota47, Bokonon~enwiki, BazookaJoe, GraemeL, Peter, Fourohfour, Hirebrand, Jaysbro, Eptin,
robot, Dunxd, Cumbiagermen, Firewall-guy, SmackBot, Although, JurgenHadley, J7, Dxco, Relaxing, Easygoeasycome, Gilliam, JorgePeixoto, Lakshmin,
Gary09202000, Chris the speller, Egladkih, Morte, EncMstr, Jerome Charles Potts, Bigs slb, DHN-bot~enwiki, Uniwares, Darth Panda,
Frap, JonHarder, Korinkami, 03vaseyj, SundarBot, Cybercobra, Valenciano, Mwtoews, Ihatetoregister, Oo7jeep, Gobonobo, Capmo,
NongBot~enwiki, 16@r, Erotml, Beetstra, Doczilla, Qu4rk, Caiaa, Hu12, DabMachine, SimonD, Phantomnecro, UncleDouggie, CapitalR, Kirill Chiryasov, Courcelles, Tawkerbot2, FleetCommand, CmdrObot, BENNYSOFT, Jesse Viviano, NaBUru38, Chrisahn, Cydebot,
Gogo Dodo, Xxhopingtearsxx, AcceleratorX, Tawkerbot4, Khattab01~enwiki, Ohadgliksman, The Mad Bomber, SpK, Neustradamus,
Mikewax, TAG.Odessa, Dimo414, Thijs!bot, Jdivakarla, Leedeth, LemonMan, Saibo, Dalahst, TurboForce, Dawnseeker2000, Mentisto, AntiVandalBot, Sjconrad-mchedrawe, Gkhan, Serpents Choice, JAnDbot, Meinsla, MER-C, Tushard mwti, .anacondabot, Raanoo,
Penubag, Bongwarrior, Lotusv82, Proland, The Kinslayer, JohnLai, Gomm, Xeolyte, Chris G, DerHexer, Hdt83, MartinBot, STBot, CliC,
FDD, Icenine378, CommonsDelinker, Emilinho~enwiki, J.delanoy, Pharaoh of the Wizards, Dinoguy1000, Public Menace, Jesant13, Turbulencepb, Neon white, Ripdog2121, Tokyogirl79, 5theye, Patrickjk, AntiSpamBot, Dougmarlowe, DadaNeem, Pandawelch, White 720,
Jamesontai, Idioma-bot, Javeed Safai, Melovfemale, VolkovBot, AlnoktaBOT, Philip Trueman, DoorsAjar, TXiKiBoT, Emedlin1, Mujdat61, Vipinhari, Technopat, Anonymous Dissident, Qxz, Corvus cornix, LeaveSleaves, Natg 19, Tmalcomv, Haseo9999, C45207, Ngantengyuen, LittleBenW, Fredtheyingfrog, Lonwolve, Wrldwzrd89, Sahilm, Derekcslater, Newspartnergroup, Swaq, Sephiroth storm, Yintan, Miremare, Mothmolevna, Jerryobject, Flyer22, PolarBot, Nosferatus2007, Askild, Topicle, OKBot, Plati, Samker, PrimeYoshi, Escape
Orbit, Arnos78, Martarius, Tanvir Ahmmed, Leahtwosaints, ClueBot, Kl4m, The Thing That Should Not Be, IceUnshattered, Trotline,
Spuernase, Mild Bill Hiccup, Ka vijay, LizardJr8, ChandlerMapBot, Georgest23, Rockfang, DragonBot, Excirial, Socrates2008, Pavix,
Tyler, Pladook, Jotterbot, JamieS93, ChrisHodgesUK, DanielPharos, Versus22, Johnuniq, SoxBot III, SF007, Sensiblekid, XLinkBot,
Rror, Mavenkatesh, Svarya, HexaChord, Addbot, Xp54321, Wizho, Mortense, Nuno Brito, Softfreak, Sergey AMTL, Vatrena ptica, CanadianLinuxUser, Fluernutter, Ankitguptajaipur, Kueensrche, NjardarBot, WorldlyWebster, MrOllie, CarsracBot, FluyWhiteCat, Womanitoba, ChenzwBot, Jasper Deng, Mike A Quinn, Tide rolls, Luckas Blade, Teles, Luckas-bot, Yobot, THEN WHO WAS PHONE?,
Wonder, AnomieBOT, Jim1138, DMWuCg, Roastingpan, Bluerasberry, Materialscientist, Police267, Kalamkaar, Eumolpo, Cameron
Scott, Misi91, Avun, XZeroBot, Rwmoekoe, S0aasdf2sf, Frosted14, SassoBot, ReformatMe, Mathonius, VB.NETLover, TheRyan95,
Shadowjams, Diablosblizz, Samwb123, G7yunghi, FrescoBot, GunAlchemist, WPANI, Yuyujoke, Mi8ka, HJ Mitchell, Craig Pemberton,
Franklin.online2006, Expertour, HamburgerRadio, Redrose64, SuperAntivirus, Marnegro, Pinethicket, HRoestBot, Skyerise, Paulsterne,
A8UDI, Ma2001, Kostes32, One666, Seam123, AntonST, , Meaghan, Salvidrim!, Ravensburg13, Cnwilliams, Trappist the monk, Lamarmote, Miiszmylove, LogAntiLog, Lotje, Wikipandaeng, Vrenator, TBloemink, Neshemah, Diannaa, Hornlitz, Execter, Teenboi001, Mean
as custard, RjwilmsiBot, Ripchip Bot, Panda Madrid, Enauspeaker, DASHBot, EmausBot, John of Reading, WikitanvirBot, Immunize,
Philtweir, Heracles31, Dinhtuydzao, Ibbn, Ryanxo, Tommy2010, Emenid, Elison2007, F, Mats131, ElationAviation, Makecat, Skyinfo,
Yabba67, Rickraptor707, Diame, ChuispastonBot, Pastore Italy, EdoBot, Kandr8, Petrb, ClueBot NG, Lzeltser, TheKaneDestroyer, Jack
Greenmaven, Satellizer, LK20, Dfarrell07, Multiwikiswat, Piyush1992, JuventiniFan, Malijinx, Widr, Hsinghsarao, Joseph843, Helpful
Pixie Bot, Dwe0008, HMSSolent, Krenair, Jeza87, Janendra, Arthurnyc, AvocatoBot, Thekillerpenguin, Teksquisite, Irfanshaharuddin,
TheMw2Genius, Kremnin, Newmen1020304050, BattyBot, Justincheng12345-bot, JC.Torpey, Divonnais, Farqad, IddiKlu, Nisha1987,
Rohaneknathshinde459, Garamond Lethe, JYBot, Dark Silver Crow, Codename Lisa, Cryptodd, Pcguru66, K1ngXSp3c1al, Lugia2453,
Kumarworld2, Sourov0000, Seo100, M.R.V model, Gautamcool12, Faizan, I am One of Many, Ryan889, Matt.Sharp98, Jakec, Eddymck1,
Ashajose0002, Assumelation, Ginsuloft, Quenhitran, Dannyruthe, MetalFusion81, Robevans123, Monkbot, TerryAlex, Xpasindu123,
Thetechgirl, Williamahendric, Jacbizer, Pue7275, Deanwalt123, Rom broke, Drop knowhow, Seanpatrickgray and Anonymous: 645
Application security Source: http://en.wikipedia.org/wiki/Application%20security?oldid=654320542 Contributors: SimonP, Charles
Matthews, Psychonaut, DavidCary, Kravietz, Hillel, AliveFreeHappy, Discospinster, Rhobite, Enric Naval, JYolkowski, Bobrayner,
OwenX, Mindmatrix, Halovivek, Vegaswikian, Pseudomonas, Welsh, Tjarrett, Slicing, NielsenGW, Rwwww, Algae, Tyler Oderkirk,
SmackBot, Ohnoitsjamie, Frap, JonHarder, IronGargoyle, Iridescent, Sander Sde, Tedmarynicz, OnPatrol, Blackjackmagic, Njan,
Aarnold200, Dawnseeker2000, Obiwankenobi, Dman727, Robina Fox, Toutoune25, JLEM, Grabon~enwiki, IronAlloy, JEMLA,
DatabACE, Maurice Carbonaro, Maxgleeson, Alanfeld, Philip Trueman, Felmon, Pryderi100, NEUrOO, M4gnum0n, Friendlydata, Dosco,
Swtechwr, Wiscoplay, Dcunited, Raysecurity, Paulmnguyen, Dthomsen8, Mitch Ames, Ha runner, Bookbrad, Eheitzman, Jnarvey, Yobot,
Fraggle81, Nickbell79, AnomieBOT, Fhuonder, Stationcall, Mwd, FrescoBot, Nageh, Geofhill, Amey.anekar, Hnguyen322, Trappist the
monk, Vrenator, Mr.moyal, Super n1c, We hope, ClueBot NG, Widr, RachidBM, BG19bot, MatthewJPJohnson, Swameticul, Xena77,
Mdann52, Tohimanshu, Triomio, Isoron27000, Roberto Bagnara, Truehorizon, Securechecker1, Jpickel, MuscleheadNev, Chrisdmiller5,
Greenmow and Anonymous: 73
Backdoor (computing) Source: http://en.wikipedia.org/wiki/Backdoor%20(computing)?oldid=662411634 Contributors: Damian Yerrick, The Anome, Arvindn, Dwheeler, Wshun, Voidvector, Pnm, Ixfd64, (, Iluvcapra, Ronz, Jebba, Nikai, Ww, Furrykef, Thue, Khym
Chanur, Movermover, RedWolf, Lowellian, Danutz, KellyCoinGuy, Tobias Bergemann, David Gerard, Graeme Bartlett, Gtrmp, Fennec,
Mintleaf~enwiki, Tom harrison, Leonard G., Kravietz, AlistairMcMillan, Eckhart Wrner~enwiki, LiDaobing, Robert Brockway, Am088,
Icairns, Ojw, Monkeyman, GoodStu~enwiki, Rich Farmbrough, FT2, MCBastos, Smyth, CanisRufus, Sietse Snel, Euyyn, Smalljim,
Ral315, Kdau, Woohookitty, RHaworth, Flamingspinach, Stefanomione, Scratchy, Marudubshinki, BD2412, Rjwilmsi, Commander, Allynfolksjr, RainR, Flarn2006, FlaBot, JiFish, Quuxplusone, Daev, YurikBot, Borgx, Cybercat, Hairy Dude, Gene.arboit, Stephenb, Bullzeye, Wiki alf, Matir, Fabulous Creature, Anetode, Vlad, Bota47, Arthur Rubin, Urchin, RealityCheck, Luk, SmackBot, Mmernex,
174
Ultramandk, KelleyCook, Xaosux, Nbarth, Lmsilva~enwiki, Bisected8, Wonderstruck, The undertow, SashatoBot, Harryboyles, Xandi,
Lee Carre, Doceddi, CWY2190, Tim1988, DumbBOT, Thijs!bot, Oerjan, KeithPenguin, Gioto, Widefox, JAnDbot, V. Szabolcs, VoABot
II, Gwern, CliC, RP88, Axlq, Maurice Carbonaro, Milo03, Daedalus CA, Katalaveno, Berserkerz Crit, KCinDC, Mike V, Bonadea,
Ale2006, TXiKiBoT, Baumfreund-FFM, Rei-bot, FironDraak, Xeno8, Rep07, Jroptimus, SieBot, Sephiroth storm, Jojalozzo, Soulweaver,
Geo Plourde, ClueBot, Excirial, Socrates2008, Christopherlmarshall, Zac439, RaceGT, Rhododendrites, DanielPharos, Rror, BlackDeath3, Stemaboatlion, Addbot, TIAA Is An Acronym, SDJ, ZX81, Yobot, THEN WHO WAS PHONE?, AnomieBOT, Materialscientist,
Jerey Mall, Censorship Workaround, A Quest For Knowledge, Aldebrn, FrescoBot, Sanaskar, HamburgerRadio, I dream of horses,
Calmer Waters, Full-date unlinking bot, Cnwilliams, Trappist the monk, Rooseycheeksdrown, Reaper Eternal, RjwilmsiBot, Dewritech,
Erianna, Schnoatbrax, Nhero2006, ClueBot NG, LeoVeo, Dipankan001, Phoenixia1177, Garamond Lethe, Codename Lisa, Hmainsbot1,
Openmikenite, Dr Dinosaur IV, Comp.arch, JadeGuardian, Tqe1999, Monkbot, Hannasnow, Marty-the-Bluetooth, CaseyMillerWiki and
Anonymous: 141
Black hat Source: http://en.wikipedia.org/wiki/Black%20hat?oldid=662699710 Contributors: Berek, Stevertigo, Pnm, Delirium,
DropDeadGorgias, Hectorthebat, Dfeuer, Furrykef, Jerzy, PuzzletChung, Chealer, Altenmann, Merovingian, Michael Snow, Pengo, Tobias Bergemann, Aomarks, SWAdair, Golbez, Neilc, R. end, Quarl, Kiteinthewind, Cynical, Adashiel, Zaf, Mike Rosoft, Sysy, FT2,
KevinBot, JoeSmack, FirstPrinciples, Mairi, Bobo192, Army1987, NetBot, John Vandenberg, Flxmghvgvk, BrokenSegue, Adrian~enwiki,
Urthogie, Tonei, Mattl, Krellis, Alansohn, SpaceFalcon2001, InShaneee, Cdc, Erik II, Keepsleeping, PMD~enwiki, Jheald, Dominic,
H2g2bob, Axeman89, Kaerondaes, Kelly Martin, Simetrical, Mindmatrix, Andrev, Gerbrant, Marudubshinki, Deltabeignet, Dave Cohoe,
Vegaswikian, Mycro, Ver, Chobot, David91, YurikBot, Borgx, Retodon8, Kerowren, Stephenb, Wimt, Anomalocaris, Shreshth91, DragonHawk, ONEder Boy, RazorICE, Abb3w, OliverSeal, Treevillan, Rsriprac, Mateo LeFou, Dcb1995, Kungfuadam, Kf4bdy, Pandemic,
Veinor, SmackBot, Rtc, David.Mestel, NickShaforosto, CapitalSasha, Sam Pointon, Gilliam, Ohnoitsjamie, Chris the speller, JordeeBec,
Ittaskforce, Thumperward, Deli nk, A. B., Chameleons84, Can't sleep, clown will eat me, Frap, Tim Pierce, NaeRey, Shdwfeather, LtPowers, Soap, Coastergeekperson04, Robosh, Ironwater, Woer$, Man pl, Chrisch, Beetstra, Peyre, Atakdoug, Emx~enwiki, Colonel Warden,
Tar7arus, Dragon Hilord, Fordmadoxfraud, Dept of Alchemy, Mblumber, Abeg92, Lesqual, Dangermus, Editor at Large, Omicronpersei8, Maziotis, Thijs!bot, Coelacan, Headbomb, NorwegianBlue, Dfrg.msc, AntiVandalBot, Widefox, Dylan Lake, Cowb0y, JAnDbot,
Harryzilber, NapoliRoma, Cyberhacker665, Tqbf, Mjhmach5, Penubag, VoABot II, Mbc362, Cyktsui, Japo, $yD!, M8v5, Edward321,
MartinBot, Fragment1618, Slash, Huzzlet the bot, Jilsi, Weefun, Katalaveno, Ncmvocalist, DarkBlackHat, SJP, MarzaTax, Dog777, AlnoktaBOT, Bovineboy2008, TXiKiBoT, Asabbagh, Seraphim, Wikiisawesome, VARGUX, Doug, Staka, Longobord, Monty845, Steven
Weston, Darkieboy236, SieBot, Whitehatnetizen, One more night, Dawn Bard, Chiroz, Sephiroth storm, Bentogoa, Jc-S0CO, Oxymoron83, MarkMLl, ClueBot, Engelalber, X3vious, WDavis1911, XsilentforestX, Hafspajen, Otolemur crassicaudatus, Trivialist, Excirial, Igorberger, Niteshift36, DamageW, Andrew81446, BOTarate, DanielPharos, Certes, Outkastz, Apparition11, Sensiblekid, Silentpistol, DumZiBoT, Neuralwarp, Codenaur, Ost316, Addbot, Micahmedia, Iaent, Fluernutter, Reaper240sx, Jtermaat, Buddha24, Tide
rolls, TaBOT-zerem, JamesWallisHunt, Martin-vogel, Ian Kelling, Galoubet, Seoschrijver, ImperatorExercitus, ArthurBot, Ched, Mlpearc, Pigby, Pradameinho, Amaury, Brazilian83, Surv1v4l1st, Durval.menezes, ClickRick, Iamrwc, MastiBot, Turian, Reaper Eternal,
EmausBot, Imperial Monarch, Staszek Lem, Quantumor, ClueBot NG, , Satellizer, Brettq42, Mrn5-NJITWILL, MerlIwBot,
Jack1565, Bigdnn, Johngot and Anonymous: 289
Black Hat Briengs Source: http://en.wikipedia.org/wiki/Black%20Hat%20Briefings?oldid=644352806 Contributors: Pnm, Julesd, Aomarks, Sempf, Vsmith, Grifter, Dalm, Kenyon, Woohookitty, Mindmatrix, Myleslong, Vegaswikian, YurikBot, RussBot, Hydrargyrum,
Raistolo, Arthur Rubin, Janizary, SmackBot, Haymaker, Deli nk, Cybercobra, Pissant, JoshuaZ, Aeternus, CmdrObot, Angryredplanet,
Cydebot, MarS, DumbBOT, SusanLesch, Widefox, Sandwiches99, Wanders1, Dman727, Dricherby, Tqbf, Philip Trueman, Sephiroth
storm, Martarius, Trivialist, DanielPharos, XLinkBot, Addbot, Lightbot, Yobot, PimRijkee, Xanablaka, BenzolBot, OMGWEEGEE2,
Mean as custard, RjwilmsiBot, Leendert123, Pastore Italy, Morgi669, Twillisjr, BG19bot, And Adoil Descended, Kangaroopower, Mark
Arsten, UltimateSupreme, Hypothetical questions, Hackerwithin, Randomname3234234, Deskshasty, XWillZer0x, Macofe, 555Jos, JessicaHofmann, Steveschain, Mike Kabinsky, PosTech and Anonymous: 29
Botnet Source: http://en.wikipedia.org/wiki/Botnet?oldid=659017039 Contributors: The Anome, Fubar Obfusco, Jtk, DonDaMon, Edward, Pnm, Baylink, Plop, Dean p foster, Julesd, Dynabee, Kaihsu, Pedant17, Furrykef, Tbutzon, Walloon, Alerante, Gtrmp, Rick
Block, Gracefool, Khalid hassani, Alvestrand, Ianneub, Moxfyre, Slavik0329, Freakofnurture, Bender235, Dewet, RJHall, Tjic, Bobo192,
Jjmerelo~enwiki, Kjkolb, Krellis, Hooperbloob, ClementSeveillac, Joolz, BodyTag, InShaneee, Juhtolv, Kusma, BDD, Bsdlogical, Yurivict, Feezo, Simetrical, Woohookitty, Mindmatrix, Carlos Porto, Shello, Mihai Damian, Pol098, CiTrusD, JediKnyghte, Josh Parris,
Rjwilmsi, PHenry, Yamamoto Ichiro, FlaBot, Latka, Gurch, Intgr, Zebediah49, Benlisquare, Dadu~enwiki, YurikBot, Wavelength, Kollision, StuOfInterest, The Literate Engineer, NawlinWiki, Mosquitopsu, Scs, Flipjargendy, Romal, Abune, Rurik, Fsiler, Katieh5584,
One, SmackBot, Narson, McGeddon, Brick Thrower, KelleyCook, Eiler7, Mcld, Gilliam, Ohnoitsjamie, Chris the speller, Kurykh, TimBentley, Jcc1, Sinicixp, DHN-bot~enwiki, Emurphy42, Jmax-, Can't sleep, clown will eat me, Trinite, Blah2, Mitsuhirato, Frap, JonHarder, Hitoride~enwiki, Luno.org, Rockpocket, Kuru, Euchiasmus, Ivucica, Ehheh, Ttul, Dl2000, Hu12, DabMachine, HisSpaceResearch, Iridescent, Winkydink, KimChee, Powerslide, DavidTangye, Kylu, Dgw, Jesse Viviano, Hserus, RagingR2, Abdullahazzam, Grahamrichter, Mzima, Mato, Gogo Dodo, DumbBOT, Optimist on the run, Zokum, Kozuch, Tobias382, Ferris37, Mbell, Ckhung, Aiko,
Bobblehead, OrenBochman, Binarybits, Sidasta, Luna Santin, Tohnayy, Luxomni, Lfstevens, Mscullin, SemperSecurus, Husond, Sheitan,
Struthious Bandersnatch, Andreas Toth, Magioladitis, VoABot II, Nyttend, Upholder, Boob, Daniel.birket, Ryan1918, Forensicsguy, MartinBot, SasaMaker, LittleOldMe old, Boston, J.delanoy, EscapingLife, Skiidoo, Eliz81, Milo03, Mtxf, Buhadram, Fomalhaut71, Crakkpot,
Jwh335, STBotD, Sbanker, VolkovBot, LokiClock, Franck Dernoncourt, Philip Trueman, TXiKiBoT, Stagefrog2, Brian Helsinki, Lambyte, Calculuslover800, Ephix, InFAN1ty, C45207, Michael Frind, Logan, Derekcslater, Sephiroth storm, Yintan, Android Mouse, Exert,
KoshVorlon, Lightmouse, Dracker, Denisarona, Escape Orbit, The sunder king, Jaimee212, Church, ClueBot, GorillaWarfare, Abhinav,
Vacio, Ravivr, Lawrence Cohen, Konsumkind, Pwitham, Paul Abrahams, Mild Bill Hiccup, DnetSvg, Dante brevity, Rprpr, Julesbarbie, Excirial, Gulmammad, Dralokyn, Rhododendrites, SchreiberBike, DanielPharos, D.Cedric, BlueDevil, Herunar, XLinkBot, Dark
Mage, Stickee, Little Mountain 5, WikHead, Jadtnr1, A little mollusk, Addbot, Ramu50, A.qarta, Burkestar, Enkrona, Zellfaze, Tothwolf, Linktopast30, Scientus, MrOllie, Danpoulton, Hintss, Jarble, Luckas-bot, Yobot, Ptbotgourou, AnomieBOT, Jim1138, Yachtsman1,
Materialscientist, Hcps-spottsgr, LykMurph, ArthurBot, Quebec99, Xqbot, THWoodman, DataWraith, BebyB, S0aasdf2sf, GrouchoBot,
Kyng, Chaheel Riens, W Nowicki, HamburgerRadio, 10metreh, Skyerise, Bugsguy, Pastafarian32, GlowBee, Fishsicles, Stdundon, Lotje,
Dragan2~enwiki, Tbhotch, Jfmantis, Onel5969, Liamzebedee, Ripchip Bot, EmausBot, Jackson McArthur, Cmartincaj, Heracles31, ScottyBerg, JohnValeron, RenamedUser01302013, K6ka, Marshviperx, Martinibra, Daonguyen95, A930913, H3llBot, Ivhtbr, Erianna, Staszek
Lem, TyA, The guy on da moon, Cyberdog958, Schnoatbrax, Shrigley, TravisMunson1993, Whoop whoop pull up, Mjbmrbot, ClueBot
NG, Magicman3894, MelbourneStar, Satellizer, Abecedarius, Guive37, Twillisjr, Mgnicholas, Mesoderm, O.Koslowski, Helpful Pixie Bot,
Harley16ss, TRANA1-NJITWILL, Lifemaestro, Hewhoamareismyself, Fredo699, Vagobot, DaveB549, Paulbeeb, ElphiBot, MusikAnimal, Socal212, Ananti3, Szary89, Zune0112, Jbarre10, Gyvachius, Tetraexagon, Haleycat, Deimos747, Faisal ALbarrak, Oknitram,
175
Chengshuotian, Padenton, Superkc, Waqob, Oneplusnine, Agent766, Axesrotoor, Jakedtc, FrB.TG, Herpingdo, JaconaFrere, Impsswoon,
TheEpTic, Jamesmarkchan, AnonArme, Fl4meb0tnet, Professornova, Anotherdaylate, Spagheti and Anonymous: 451
Computer crime Source: http://en.wikipedia.org/wiki/Computer%20crime?oldid=662636846 Contributors: Damian Yerrick, Frecklefoot, Edward, D, Ixfd64, Sannse, Dori, Ihcoyc, Ronz, Jebba, Darkwind, Andrewa, Julesd, Andres, Kaihsu, GCarty, Ww, Greenrd, Zoicon5,
Katana0182, Robbot, ZimZalaBim, Lowellian, Desmay, UtherSRG, Alan Liefting, Everyking, Edcolins, Utcursch, Antandrus, Jorm, Beland, Joyous!, Ta bu shi da yu, DanielCD, Discospinster, Rich Farmbrough, ArnoldReinhold, Atchom, MarkS, Elwikipedista~enwiki, Narcisse, Cmdrjameson, Elipongo, Vishnu vijay, Timmywimmy, ADM, Zachlipton, Alansohn, Arthena, Snowolf, Wtmitchell, L33th4x0rguy,
TaintedMustard, Harej, RainbowOfLight, H2g2bob, BlastOButter42, Y0u, Woohookitty, Wikiklrsc, Prashanthns, BD2412, Galwhaa,
Josh Parris, Rjwilmsi, Bill37212, Bruce1ee, Bhadani, Amelio Vzquez, Rabreu, Nivix, Gurch, Tieno007~enwiki, Czar, Alphachimp,
David91, Bgwhite, Wavelength, Phantomsteve, SpuriousQ, IanManka, Akamad, Stephenb, Markjx, NawlinWiki, Welsh, Renata3, FoolsWar, Lippard, Zzuuzz, Gtdp, Rurik, CWenger, Tom Morris, Sardanaphalus, Crystallina, SmackBot, Reedy, Stie, Canthusus, Nil Einne,
Gilliam, Skizzik, Jrkagan, Kurykh, JDCMAN, Dimonicquo, Silly rabbit, Octahedron80, Mihairad, Tim Pierce, ConMan, Expugilist, Savidan, RolandR, FlyHigh, Prehistoricmaster2, Kuru, Ocee, Shadowlynk, Joelo, Kirkoconnell, Barrycarlyon, Beetstra, Invisifan, Hu12,
MikeWazowski, Iridescent, Kencf0618, CapitalR, Sim8183, Tawkerbot2, Dlohcierekim, CmdrObot, Ale jrb, JohnCD, Penbat, MrFish,
Equendil, Anthonyhcole, DumbBOT, ErrantX, Heathniederee, Epbr123, Mojo Hand, Vertium, Esemono, The Legendary Ranger, Dzubint, I already forgot, AntiVandalBot, Oducado, QuiteUnusual, Paste, Joe Schmedley, Oddity-, Wayiran, Gilliantayloryoung, JAnDbot,
Dustin gayler, Levitica, SiobhanHansa, VoABot II, Maheshkumaryadav, Joellee, Kiwimandy, Edper castro, DerHexer, JaGa, Mahnol, Cocytus, MartinBot, Lordmyx, Jeannealcid, Jim.henderson, Rhlitonjua, Psychoair, Jerry teps, Bemsor, Nixonmahilum, Tgeairn, JonBurrows,
Jmm6f488, Kemiv, Semaja, Reno911, Boxmoor, Neon white, NYCRuss, Vanillagorillas, Tokyogirl79, Turner70, HiLo48, DadaNeem,
Olegwiki, Druss666uk, Ja 62, Funandtrvl, Metallicaguy007, VolkovBot, Philip Trueman, MissionInn.Jim, Technopat, Sparkzy, Helpper, Jose gueredo, Sankalpdravid, Qxz, Anna Lincoln, The3stars, Tpk5010, Snowbot, Jlhw, Milan Kerlger, Billinghurst, Enigmaman,
Falcon8765, Justmeherenow, Noncompliant one, Cool110110, DeanC81, Yintan, LeadSongDog, Flyer22, Jojalozzo, Iestynpugh, Oxymoron83, Harry~enwiki, Techman224, Manway, Millstream3, AMbot, Mr. Stradivarius, Barry Jameson, Denisarona, Jons63, Elassint,
ClueBot, Kai-Hendrik, Binksternet, The Thing That Should Not Be, Jotag14, Taroaldo, Tomas e, Chris.tripledot, CounterVandalismBot,
Niceguyedc, Trivialist, PMDrive1061, Chaserx7, Canis Lupus, Rhododendrites, Imaximax1, Vivon1, Jmaio2, Aleksd, Light show, Agilentis, Thingg, PCHS-NJROTC, Aronzak, Johnuniq, MBK-iPhone, BarretB, XLinkBot, Roxy the dog, Gonzonoir, Afpre, Charco2006,
Bamford, Addbot, Some jerk on the Internet, Gpershing, MrOllie, Jgkjfdlsgkjd, Fatboy500, PranksterTurtle, Debresser, Favonian, Jaydec, 5 albert square, Tide rolls, Bultro, Jarble, HerculeBot, Matt.T, Albeiror24, Jackelve, Ben Ben, Kurtis, Publicly Visible, Luckas-bot,
Yobot, Legobot II, II MusLiM HyBRiD II, Mdolphy, KamikazeBot, JackCoke, Lessandmore, IW.HG, Ircpresident, Vrs, Backslash Forwardslash, AnomieBOT, DemocraticLuntz, Kerfuer, Jim1138, IRP, Darkblazikenex2, NickK, Materialscientist, ArthurBot, Quebec99,
Justwiki, Xqbot, JimVC3, Capricorn42, RoodyAlien, Mrc1028, Srich32977, Pradameinho, Wikieditor1988, Tankrider, Lior1075, Shadowjams, FrescoBot, Weyesr1, Yashansi, YOKOTA Kuniteru, Blockyeyes, Ka4, Buchana4, Dejan33, Sfanski, Bobmack89x, Pinethicket,
I dream of horses, Gajic32, Professional7, MJ94, Serols, Mentmic, Full-date unlinking bot, Merlion444, FoxBot, Lotje, Callanecc, Vrenator, Aoidh, Reaper Eternal, ThinkEnemies, Reach Out to the Truth, Minimac, DARTH SIDIOUS 2, Fred11111111, RjwilmsiBot,
VernoWhitney, Agent Smith (The Matrix), Becritical, EmausBot, John of Reading, Immunize, Sophie, Angrytoast, Katherine, Dewritech,
Minimacs Clone, RenamedUser01302013, Tommy2010, Wikipelli, Dcirovic, Ida Shaw, Pragnesh89, Josve05a, Michael Essmeyer, Empty
Buer, Forgottenking, Bustermythmonger, EneMsty12, Christina Silverman, Kjg0972, Erianna, Umni2, Donner60, Yulli67, ChuispastonBot, Trickmind, Petrb, ClueBot NG, Mechanical digger, Sagaa2010, Gareth Grith-Jones, AznBurger, Catlemur, 6ii9, Hiral NJITWILL,
Widr, Leeaaro4, Helpful Pixie Bot, Aigendon, HMSSolent, Nightenbelle, Markthing Inc., Titodutta, KLBot2, BG19bot, VasundraTaneja,
Jhanov1999, Ramesh Ramaiah, FxHVC, Najma El Shelhi, Frze, AvocatoBot, SusanBREN, Metricopolus, Mark Arsten, Lochfyneman,
Dainomite, Harizotoh9, MrBill3, Glacialfox, Klilidiplomus, Yasht101, Aisteco, CrimeWeb, Fylbecatulous, Agent 78787, Darylgolden,
Riley Huntley, Iristotle, Pratyya Ghosh, Padenton, Khazar2, Abowker, Bamachick20, HelicopterLlama, Lugia2453, Frosty, Metalytics,
FrostieFrost, Mason Doering, PinkAmpersand, Greengreengreenred, Dddege, LectriceDuSoir, Reziebear, Glaisher, Bullblade, EdynBliss,
Ginsuloft, Quenhitran, Cindy123456, Jnguyenx3, Keatonhouse, M3osol1301, JaconaFrere, Skr15081997, Kacyoconnor14, Lordangel101,
Altaythegooner, AKS.9955, Cybersecurity101, Pinklights2323, S166865h, StaceyHutter, Johnc123456, Willhesucceed, Vanyaxd, Julietdeltalima, Hellys320, Destor918, Lymaniy, Rishab Elangovan, Guegreen, FormerPatchEditor, Erosen15, Drdebaratiwiki, Dmonshaugen,
Airplane Maniac, DebaratiH and Anonymous: 654
Computer security Source: http://en.wikipedia.org/wiki/Computer%20security?oldid=662104568 Contributors: Tobias Hoevekamp,
Derek Ross, Tuxisuau, Brion VIBBER, Eloquence, Zardoz, Mav, Robert Merkel, The Anome, Stephen Gilbert, Taw, Arcade~enwiki, Graham Chapman, Dachshund, Arvindn, PierreAbbat, Fubar Obfusco, SimonP, Ben-Zin~enwiki, Ant, Ark~enwiki, Heron, Dwheeler, Chuq,
Iorek~enwiki, Frecklefoot, Edward, Michael Hardy, Pnm, Kku, Ixfd64, Dcljr, Dori, Arpingstone, CesarB, Haakon, Ronz, Snoyes, Yaronf,
Nikai, Smay, Qwert, Mydogategodshat, Jengod, JidGom, Aarontay, Gingekerr, Taxman, Joy, Vaceituno, Khym Chanur, Pakaran, Robbot, Yas~enwiki, Fredrik, ZimZalaBim, Rursus, Texture, KellyCoinGuy, 2501~enwiki, Hadal, Tobias Bergemann, David Gerard, Honta,
Wolf530, Tom harrison, Dratman, Mike40033, Siroxo, C17GMaster, Matt Crypto, SWAdair, Bobblewik, Wmahan, Mu, Geni, Antandrus, Beland, Mako098765, CSTAR, GeoGreg, Marc Mongenet, Gscshoyru, Joyous!, Bluefoxicy, Squash, Strbenjr, Mike Rosoft, Kmccoy,
Monkeyman, Pyrop, Rich Farmbrough, Rhobite, Leibniz, FT2, Jesper Laisen, ArnoldReinhold, YUL89YYZ, Zarutian, MeltBanana, Sperling, Bender235, ZeroOne, Moa3333, JoeSmack, Danakil, Omnifarious, Jensbn, El C, Joanjoc~enwiki, Marcok, Perspective, Spearhead,
EurekaLott, Nigelj, Stesmo, Smalljim, Rvera~enwiki, Myria, Adrian~enwiki, Boredzo, ClementSeveillac, JohnyDog, Poweroid, Alansohn,
Quiggles, Arthena, Lightdarkness, Cdc, Mrholybrain, Caesura, Gbeeker, Raraoul, Filx, Proton, M3tainfo, Suruena, HenkvD, 2mcm, Wikicaz, H2g2bob, Condor33~enwiki, Bsdlogical, Johntex, Dan100, Woohookitty, Daira Hopwood, Al E., Prashanthns, Zhen-Xjell, Palica,
Kesla, Vininim, Graham87, Clapaucius, Icey, Sjakkalle, Rjwilmsi, Seidenstud, Koavf, Guyd, DeadlyAssassin, Dookie~enwiki, Edggar,
Oblivious, QuickFox, Kazrak, Ddawson, Ligulem, Smtully, Aapo Laitinen, Ground Zero, RexNL, Alvin-cs, BMF81, JonathanFreed, Jmorgan, J.Ammon, Hall Monitor, Digitalme, Gwernol, FrankTobia, Elfguy, Wavelength, NTBot~enwiki, Alan216, StuOfInterest, Foxxygirltamara, Stephenb, Gaius Cornelius, Ptomes, Morphh, Salsb, Wimt, Bachrach44, AlMac, Irishguy, Albedo, Rmky87, Amcfreely, Romal,
Peter Schmiedeskamp, Zzuuzz, Gorgonzilla, Papergrl, Arthur Rubin, Ka-Ping Yee, Juliano, GraemeL, Rlove, JoanneB, Whouk, NeilN,
SkerHawx, SmackBot, Mmernex, Tripletmot, Reedy, KnowledgeOfSelf, TestPilot, Kosik, McGeddon, Stretch 135, Ccalvin, Manjunathbhatt, Gilliam, Ohnoitsjamie, Skizzik, Lakshmin, Kurykh, Autarch, Snori, Miquonranger03, Deli nk, Jenny MacKinnon, Kungming2,
Jonasyorg, Timothy Clemans, Frap, Ponnampalam, Nixeagle, KevM, JonHarder, Wine Guy, Cpt~enwiki, Krich, Bslede, Richard001,
Stor stark7, Newtonlee, Doug Bell, Harryboyles, Kuru, Geoinline, Disavian, Robosh, Joelo, Kwestin, Mr. Lefty, Beetstra, Jadams76,
Ehheh, Boxux, Kvng, Chadnibal, Wfgiuliano, Dthvt, IvanLanin, DavidHOzAu, Lcamtuf, CmdrObot, Tional, ShelfSkewed, Michael B.
Trausch, Phatom87, Cydebot, Mblumber, Future Perfect at Sunrise, Blackjackmagic, UncleBubba, Gogo Dodo, Anonymi, Anthonyhcole,
GRevolution824, Clovis Sangrail, SpK, Njan, Ebyabe, Thijs!bot, Epbr123, The Punk, Kpavery, Wistless, Oarchimondeo, RichardVeryard,
EdJohnston, Druiloor, SusanLesch, I already forgot, Sheridbm, AntiVandalBot, Obiwankenobi, Shirt58, Marokwitz, Khhodges, Ellenaz,
176
Manionc, Chill doubt, Dmerrill, SecurityGuy, JAnDbot, Jimothytrotter, Barek, MER-C, The Transhumanist, Technologyvoices, Tqbf,
Dave Nelson, Acroterion, Raanoo, VoABot II, Ukuser, JNW, Michi.bo, Szh~enwiki, Hubbardaie, Arctic, Froid, JXS, AlephGamma,
Rohasnagpal, Catgut, WhatamIdoing, Marzooq, Gerrardperrett, Thireus, Devmem, DerHexer, JaGa, Rcseacord, XandroZ, Gwern, SolitaryWolf, CliC, =JeH, Sjjupadhyay~enwiki, Bertix, Booker.ercu, J.delanoy, Gam2121, Maurice Carbonaro, Public Menace, Jesant13,
Jreferee, JA.Davidson, Katalaveno, Touisiau, Ansh1979, Toon05, Mufka, Largoplazo, Dubhe.sk, YoavD, Bonadea, Red Thrush, RJASE1,
Cralar, Javeed Safai, ABF, Wiki-ay, Davidwr, Zifert, Crazypete101, Dictouray, Shanata, Haseo9999, Falcon8765, Pctechbytes, Sapphic,
Donnymo, FutureDomain, Smith bruce, Kbrose, JonnyJD, Lxicm, Whitehatnetizen, Jargonexpert, SecurInfos~enwiki, Ml-crest, Immzw4,
Sephiroth storm, Graceup, Yuxin19, Agilmore, JohnManuel, Flyer22, Jojalozzo, Riya.agarwal, Corp Vision, Lightmouse, KathrynLybarger, Mscwriter, Soloxide, StaticGull, Capitalismojo, PabloStraub, Rinconsoleao, Denisarona, White Stealth, Ishisaka, WikipedianMarlith, Sfan00 IMG, Elassint, ClueBot, Shonharris, PipepBot, TransporterMan, Supertouch, Add32, Emantras, Tanglewood4, Niceguyedc,
Dkontyko, Trivialist, Gordon Ecker, DragonBot, Dwcmsc, Excirial, Socrates2008, Dcampbell30, Moomoo987, Dr-Mx, Rbilesky, DanielPharos, Versus22, HarrivBOT, Fathisules, Raysecurity, XLinkBot, BodhisattvaBot, Solinym, Skarebo, Wingfamily, WikiDao, MystBot,
Dsimic, JimWalker67, Addbot, Cst17, MrOllie, Passport90, Favonian, AgadaUrbanit, Tassedethe, Jarble, Ben Ben, Tartarus, Luckasbot, Yobot, OrgasGirl, The Grumpy Hacker, Librsh, Cyanoa Crylate, Grammaton, THEN WHO WAS PHONE?, Dr Roots, Sweerek,
AnomieBOT, JDavis680, Jim1138, Galoubet, Dwayne, Piano non troppo, AdjustShift, Rwhalb, Quantumseven, HRV, Vijay Varadharajan, Materialscientist, Aneah, Stationcall, ArthurBot, Cameron Scott, Intelati, Securitywiki, Hi878, Coolkidmoa, Zarcillo, Mark Schierbecker, Pradameinho, Amaury, George1997, Architectchamp, =Josh.Harris, Shadowjams, President of hittin' that ass, FrescoBot, Bingo101a, Nageh, Ionutzmovie, Cudwin, Expertour, Intelligentsium, Pinethicket, I dream of horses, Edderso, Access-bb, Yahia.barie, RedBot, MastiBot, Wlalng123, Mentmic, Dac04, Banej, Codemaster32, Tjmannos, Nitesh13579, Lotje, Sumone10154, Arkelweis, Ntlhui,
Aoidh, Endpointsecurity, Tbhotch, Jesse V., DARTH SIDIOUS 2, Ripchip Bot, Panda Madrid, DASHBot, Julie188, EmausBot, Timtempleton, Dewritech, Active Banana, P@ddington, Susfele, Dolovis, Cosmoskramer, Alxndrpaz, AvicAWB, Bar-abban, Ocaasi, Solipsys,
Tolly4bolly, Sharpie66, DennisIsMe, Veryfoolish, Geohac, ChuispastonBot, Pastore Italy, Tentontunic, Sepersann, Gadgad1973, Rocketrod1960, Jramio, ClueBot NG, AAriel42, Enfcer, Iliketurtlesmeow, Widr, Helpful Pixie Bot, TechGeek70, Curb Chain, Calabe1992,
BG19bot, Mollsiebee, M0rphzone, Rubmum, Mohilekedar, Karlomagnus, IraChestereld, Sburkeel, Zune0112, Venera Seyranyan, Wondervoll, Mihai.scridonesi, Jtlopez, Nrdosian, Alessandra Napolitano, Wannabemodel, Keeper03, BattyBot, Popescucalin, Arr4, Mrt3366,
Khazar2, Peter A. Wol, Soulparadox, Ilker Savas, BIG ISSUE LADY, Saturdayswiki, Dexbot, Jmitola, Mogism, Pete Mahen, Lugia2453,
Doopbridge, Sbhalotra, SFK2, Arjungiri, Jamesx12345, ElinaSy, Patna01, Dr Dinosaur IV, Pdecalculus, Mbmexpress, Idavies007, RaheemaHussain, Cyberlawjustin, Rkocher, MoHafesji, ResearcherQ, Westonbowden, Peter303x, Karinera, OccultZone, Robevans123,
Chima4mani, ClyderRakker46, Jonathan lampe, Jppcap, Leejjung86, Azulqar, IrvingCarR, Nyashinski, Monkbot, Nitzy99, Carpalclip3,
RicardoBanchez, Owais Khursheed, Oushee, 405Duke, BrettofMoore, Gr3yHatf00l, Thetechgirl, Fimatic, Hchaudh3, AndrewKin, JRPolicy, Pacguy, HVanIderstine, Leeemily, FormerPatchEditor, Pixelized frog, Johngot, Bmore84, Informationsystemgeeks and Anonymous:
674
Computer worm Source: http://en.wikipedia.org/wiki/Computer%20worm?oldid=661819683 Contributors: LC~enwiki, Brion VIBBER,
Mav, The Anome, Stephen Gilbert, Koyaanis Qatsi, Malcolm Farmer, PierreAbbat, Daniel Mahu, Paul~enwiki, Fubar Obfusco, Patrick,
Nixdorf, Pnm, Wwwwolf, CesarB, Ahoerstemeier, Cyp, Jebba, Jdforrester, UserGoogol, Andres, Evercat, GCarty, Gamma~enwiki, Dj
ansi, Hashar, Agtx, Ww, Dysprosia, Fuzheado, WhisperToMe, Wik, Zoicon5, Furrykef, Dcsohl, Wilinckx~enwiki, Robbot, Naddy, Yosri,
Jondel, Seth Ilys, Tobias Bergemann, David Gerard, Alerante, Fennec, Akadruid, Jtg, Noone~enwiki, Eequor, Fanf, Matt Crypto, Just Another Dan, Maximaximax, Gscshoyru, Trafton, Grunt, Monkeyman, Discospinster, Rich Farmbrough, Rhobite, KneeLess, YUL89YYZ,
Bender235, ESkog, JoeSmack, RJHall, PhilHibbs, Sietse Snel, DavidSky, Smalljim, MITalum, Sam Korn, Nsaa, Alansohn, Andrewpmk, Jonathanriley, Staeiou, Bsadowski1, Pauli133, Bobrayner, Newnoise~enwiki, Roboshed, Woohookitty, Mindmatrix, Camw, Guy
M, TomTheHand, Isnow, Kralizec!, Palica, SqueakBox, Jclemens, Rjwilmsi, Matt.whitby, Syndicate, Mcmvanbree, Nguyen Thanh Quang,
RainR, Jwkpiano1, Dan Guan, JiFish, RexNL, Ewlyahoocom, King of Hearts, Pstevens, Daev, Chobot, AFA, Bornhj, DVdm, Mogh, YurikBot, Borgx, Kerowren, Barefootguru, Wimt, Wiki alf, Misza13, DeadEyeArrow, Bota47, Jkelly, WAS 4.250, Dspradau, Rs232, Kungfuadam, GrinBot~enwiki, Asterion, DVD R W, Rahul s55, SmackBot, Mmernex, Aim Here, Gamerzworld, David.Mestel, KelleyCook, Object01, Gilliam, Ohnoitsjamie, Martial Law, Biblioteqa, Bluebot, Snori, Miquonranger03, Pomegranite, DHN-bot~enwiki, Firetrap9254,
Anabus, Tsca.bot, NYKevin, Can't sleep, clown will eat me, Yidisheryid, Rrburke, Addshore, Celarnor, Jaimie Henry, James McNally,
Richard001, Wirbelwind, Weregerbil, SashatoBot, Ian Dalziel, Nic tan33, Ehheh, Optakeover, Waggers, Vernalex, Woodroar, Iridescent,
Jason.grossman, Joseph Solis in Australia, Aeons, Mzub, Tawkerbot2, Dlohcierekim, Chetvorno, Makeemlighter, GHe, Jesse Viviano, Augrunt, Oden, Slazenger, Gogo Dodo, ST47, Luckyherb, Thijs!bot, Epbr123, Luigifan, Powellatlaw, Dawnseeker2000, Mentisto, AntiVandalBot, Seaphoto, Oducado, Waerloeg, Jenny Wong, Clharker, JAnDbot, Leuko, MER-C, PubliusFL, Coopercmu, Superjag, SteveSims,
Yixin1996, Bongwarrior, Rami R, Alekjds, Adrian J. Hunter, DerHexer, Shuini, Pikolas, S3000, MartinBot, STBot, Ghatziki, Poeloq, Lilac
Soul, Bitethesilverbullet, Herbythyme, Imfo, Uncle Dick, Yonidebot, Milo03, Crimson Instigator, Barts1a, Ignatzmice, Demizh, DJ1AM,
Juliancolton, Beezhive, CardinalDan, Idioma-bot, Lights, Deor, Hersfold, Je G., Philip Trueman, Dindon~enwiki, Zifert, Technopat,
Zman2000, Oxfordwang, LeaveSleaves, Tpk5010, BigDunc, RandomXYZb, MDfoo, Falcon8765, Enviroboy, Burntsauce, EJF, Barkeep,
SieBot, BotMultichill, Itsme2000, DarkreInferno, Sephiroth storm, Sat84, Happysailor, Mszegedy, Very cheap, Smaug123, Hello71,
Miniapolis, Macy, OKBot, Amrishdubey2005, StaticGull, Mygerardromance, Hamiltondaniel, GioCM, Cellorelio, Minimosher, ClueBot,
Traveler100, The Thing That Should Not Be, Lawrence Cohen, Fenwayguy, CrazyChemGuy, Eeekster, Rhododendrites, WalterGR, Dekisugi, DanielPharos, Thingg, Aitias, VIKIPEDIA IS AN ANUS!, XXXSuperSnakeXXX, SoxBot III, Sensiblekid, DumZiBoT, XLinkBot,
Skarebo, WikHead, PL290, Noctibus, ZooFari, Jabberwoch, Wnzrf, Addbot, Amanda2423, A.qarta, Fieldday-sunday, Leszek Jaczuk,
CactusWriter, MrOllie, Protonk, Chzz, Favonian, Comphelper12, Jasper Deng, Yyakaj;fasd;kdfjk, Numbo3-bot, Craigsjones, Tide rolls,
Yobot, Amirobot, Nallimbot, Gunnar Hendrich, Tempodivalse, Souch3, A More Perfect Onion, Jim1138, Piano non troppo, Meatabex, Materialscientist, Neurolysis, ArthurBot, MauritsBot, Xqbot, Useingwere, Capricorn42, Avastik, Frosted14, RibotBOT, Ulm, AlanNShapiro,
Crackitcert, WPANI, Rossd2oo5, DylanBigbear, HamburgerRadio, Uberian22, Intelligentsium, Pinethicket, I dream of horses, Adlerbot,
Subzerobubbles, Lotje, Fox Wilson, Vrenator, Wiwiwiwiwiwiwiwiwiwi, Nattippy99, Adi4094, Reach Out to the Truth, DARTH SIDIOUS 2, Hajatvrc, DASHBot, EmausBot, Orphan Wiki, Gfoley4, Bexz2000, Wikipelli, F, Kalin.KOZHUHAROV, A930913, Tolly4bolly,
W163, MonoAV, DennisIsMe, ChuispastonBot, Ziyad en, ClueBot NG, Henry Stanley, Borkicator, O.Koslowski, Widr, Helpful Pixie
Bot, TheTrainEnthusiast, Tobias B. Besemer, Toccata quarta, Mantovanifabiomarco, Glacialfox, Derschueler, Anbu121, BattyBot, Johnthehero, ChrisGualtieri, EagerToddler39, Dexbot, Lal Thangzom, Codename Lisa, Webclient101, Djairhorn, Lugia2453, Jamesx12345,
Rossumund, Muhammadbabarzaman, Smilieyss, Ginsuloft, Dannyruthe, JaconaFrere, Satyajeet vit, Gautamnarayan and Anonymous: 497
Crimeware Source: http://en.wikipedia.org/wiki/Crimeware?oldid=653231321 Contributors: Paul~enwiki, EpiVictor, Niteowlneils,
Necrothesp, Trevor MacInnis, Canterbury Tail, MeltBanana, Nabla, Sietse Snel, Saxifrage, Rocastelo, Bluemoose, MarSch, FlaBot, Nihiltres, Common Man, Ali Karbassi, Closedmouth, Alex Ruddick, Katieh5584, Liujiang, SmackBot, BranStark, Poweron, Random name,
Cydebot, MarshBot, Lfstevens, Blahbleh, Leuko, Epeeeche, Rmeniko, GermanX, Tiangua1830, Rhododendrites, DanielPharos, Addbot,
177
AnomieBOT, IRP, Nosperantos, Cantons-de-l'Est, Pradameinho, WPANI, Oldgrowyoung, K6ka, Djr2468, Codename Lisa, Seankclark
and Anonymous: 31
Cryptovirology Source: http://en.wikipedia.org/wiki/Cryptovirology?oldid=654334826 Contributors: Fubar Obfusco, Edward, Ahoerstemeier, Julesd, Bogdangiusca, Palfrey, Ww, Pengo, Matt Crypto, JoeSmack, TheParanoidOne, Riana, Uncle G, Ner102, Rjwilmsi, Ligulem,
Quuxplusone, RussBot, Bachrach44, Thiseye, THB, Guinness man, SmackBot, KelleyCook, Ohnoitsjamie, Sspecter, Ligulembot, Waggers,
Jesse Viviano, Underpants, Vonbraun~enwiki, Seaphoto, GiM, JAnDbot, Cyda, David Eppstein, Parthasarathy.kr, TreasuryTag, TXiKiBoT, Logan, Adamlucasyoung, Fratrep, Rhododendrites, DanielPharos, Jack Bauer00, MensaDropout, Addbot, Yobot, Citation bot, HamburgerRadio, RjwilmsiBot, ZroBot, Benjabean1, Daicarus, Iwebsurfer, Hannasnow and Anonymous: 33
DEF CON Source: http://en.wikipedia.org/wiki/DEF%20CON?oldid=662154207 Contributors: Dreamyshade, Arvindn, Mrwojo, Pnm,
Breakpoint, Julesd, Reddi, WhisperToMe, Jose Ramos, Jeq, TexasDex, Graeme Bartlett, BenFrantzDale, Tom-, Academician, Tim Pritlove, Rdsmith4, Zondor, Eep, Spiko-carpediem~enwiki, ElTyrant, Alexkon, R.123, Bender235, Zscout370, Rcsheets, Evolauxia, BrokenSegue, Johnteslade, Elipongo, Adrian~enwiki, Tygerdsebat, Alyeska, Grifter, Sligocki, Ynhockey, InShaneee, Tom12519, Musicscene,
Wtmitchell, Saga City, Guthrie, Kelly Martin, Dalmoz~enwiki, Thivierr, Myleslong, SJanssen, Tabletop, Senda, Marudubshinki, Stromcarlson, Search4Lancer, Rjwilmsi, Vegaswikian, Flydpnkrtn, Eldred, Czar, Daev, Chobot, RussBot, Hydrargyrum, Mipadi, Madcoverboy,
Santaduck, Pegship, Raistolo, Arthur Rubin, JQF, Hobx, KnightRider~enwiki, SmackBot, McGeddon, Alex mayorga, InGearX, MJBurrage, , Cybercobra, CypherXero, Digital Avatar, Marcus Brute, Gloriamarie, Aboutblank, 293.xx.xxx.xx, JoeBot, Cheschire, Wafulz,
Neelix, Cydebot, Samuell, MarS, Mmmpie, Themantoblame, Coyets, Credema, Dman727, JAnDbot, Davewho2, Prosavage2600, Elinruby, Vahokif, Dspencer, Johnpacklambert, Emersoneells, Athaenara, Beet, Joshua Issac, Whiteandnerdy52, Praesidium~enwiki, Malik Shabazz, UnicornTapestry, Katydidit, SteveClement, Theamk, UnitedStatesian, Blurpeace, Brianga, Truthanado, SecretaryNotSure,
BobDoleFan999, PeterCanthropus, WTucker, Sephiroth storm, CoryWright, Dillard421, Faulknerfan, Cap'n Walker, Startswithj, WurmWoode, Hidro, Dr. Skullthumper, DumZiBoT, Addbot, M.nelson, Buddha24, SpBot, Lightbot, 55, Vegaswikian1, VengeancePrime,
AnomieBOT, Lennykaufman, LilHelpa, Tollsjo, Keastes, Brutaldeluxe, FrescoBot, LittleWink, 11hpr01, Kurtalden, LoStrangolatore, GoingBatty, Jegus, Monterey Bay, Erianna, Leendert123, Kranix, Cuddles 2.0, ClueBot NG, HectorAE, Trunks ishida, Moving Chicane,
MusikAnimal, Mdy66, Billie usagi, Zordsthrone, Monkbot, Agent0047, TrumpetPlayer1234567890, Karthik koppolu, Augenblink and
Anonymous: 118
Exploit (computer security) Source: http://en.wikipedia.org/wiki/Exploit%20(computer%20security)?oldid=656732816 Contributors:
AxelBoldt, Mav, Aldie, SimonP, Stevertigo, Michael Hardy, TakuyaMurata, Karada, Ronz, Nikai, Smay, Rl, Enigmasoldier, Altenmann, Pengo, Alerante, SWAdair, Utcursch, Bluefoxicy, Discospinster, Rich Farmbrough, Pie4all88, Syp, El C, Matteh, Bobo192, La
goutte de pluie, Ramsey, Walter Grlitz, Adequate~enwiki, Ringbang, Nuno Tavares, Mindmatrix, Georgia guy, Apokrif, Vargc0, Mindfuq, RainR, FlaBot, Ground Zero, Latka, Arunkoshy, Chobot, KDK, YurikBot, Hydrargyrum, Stephenb, Pseudomonas, Dpakoha, Irishguy,
Ugnius, Zwobot, Yudiweb, Raistolo, Papergrl, SmackBot, Pgk, Bomac, BiT, Jerome Charles Potts, Abaddon314159, JonHarder, Sloverlord, Nakon, Tompsci, Pilotguy, Lambiam, Putnamehere3145, LebanonChild, Ehheh, Dreftymac, SkyWalker, Fabio-cots, Skittleys, Omicronpersei8, Ebraminio, Dreaded Walrus, PC Master, Zorro CX, Ghostwo, SpigotMap, Crakkpot, TXiKiBoT, Wolfrock, Jamespolco,
Irsdl, Swwiki, PeterCanthropus, PabloStraub, ClueBot, Excirial, SchreiberBike, DanielPharos, Fathisules, SkyLined, GD 6041, Legobot,
Luckas-bot, Amirobot, Nallimbot, Galoubet, ExploITSolutions, ArthurBot, Sionus, Boyrussia, Waterloox, Weltersmith, Pradameinho,
Erik9, Erik9bot, HamburgerRadio, Guriue, Guriaz, PleaseStand, EmausBot, WikitanvirBot, Dewritech, ZroBot, IGeMiNix, Pastore Italy,
ClueBot NG, Neynt, BG19bot, Who.was.phone, Compfreak7, T2kien, Kelly McDaniel, Shellcode 64, Favone, In Harry Potter We Trust,
TragicEnergy, FoxStudios, Pkutuzov314, Potayto, S166865h and Anonymous: 132
Firewall (computing) Source: http://en.wikipedia.org/wiki/Firewall%20(computing)?oldid=662294626 Contributors: Paul~enwiki,
Nealmcb, Michael Hardy, Pnm, Egil, Ahoerstemeier, Copsewood, Haakon, Jebba, Rl, Dcoetzee, Jay, DJ Clayworth, Taxman, Bevo, Topbanana, Joy, Khym Chanur, Robbot, ZimZalaBim, Danutz, Auric, Jondel, Hadal, Diberri, Tobias Bergemann, Pabouk, Giftlite, Yama, Everyking, Rchandra, AlistairMcMillan, Eequor, Matthus Wander, Wiki Wikardo, DemonThing, Wmahan, Stevietheman, ConradPino, Antandrus, Ricky~enwiki, Mitaphane, Biot, Deewiant, Joyous!, Hax0rw4ng, Asqueella, Mernen, Grand Edgemaster, Monkeyman, Discospinster, Fabioj, Wk muriithi, EliasAlucard, Smyth, YUL89YYZ, Deelkar, DonDiego, Pmetzger, El C, Mwanner, Dols, Spearhead, Linkoman,
RoyBoy, Femto, Jpgordon, Bobo192, Smalljim, Enric Naval, Viriditas, Giraedata, Danski14, Alansohn, Anthony Appleyard, Interiot,
Malo, Wtmitchell, Velella, L33th4x0rguy, Rick Sidwell, IMeowbot, Henry W. Schmitt, TheCoee, DSatz, Kenyon, Brookie, Zntrip,
Andem, Nuno Tavares, Angr, OwenX, Woohookitty, Karnesky, Mindmatrix, Dzordzm, Bazsi~enwiki, Kralizec!, Prashanthns, DESiegel,
Turnstep, Ashmoo, Graham87, Chun-hian, Kbdank71, FreplySpang, Jclemens, Rjwilmsi, OneWeirdDude, Eptalon, NeonMerlin, ElKevbo,
Sferrier, Dmccreary, Gurch, DevastatorIIC, Intgr, Alphachimp, OpenToppedBus, Ahunt, Marcuswittig, DVdm, FeldBum, Bgwhite, Theymos, YurikBot, Wavelength, Borgx, TexasAndroid, Quentin X, Sceptre, Alan216, MMuzammils, RussBot, Mattgibson, Lincolnite, Piet
Delport, Stephenb, Manop, Rsrikanth05, Wimt, Capi, NawlinWiki, ENeville, Trevor1, Rebel, Mortein, Cryptosmith, Jpbowen, Voidxor,
Bkil, Zwobot, Bucketsofg, Black Falcon, Mcicogni, CraigB, Nlu, Wknight94, Rwxrwxrwx, Dse, JonnyJinx, Closedmouth, E Wing, Pb30,
ILRainyday, Chriswaterguy, Talyian, Crost, Anclation~enwiki, Maxamegalon2000, Bswilson, A13ean, SmackBot, Unschool, Rbmcnutt,
KnowledgeOfSelf, C.Fred, Od Mishehu, Eskimbot, Vilerage, Info lover, Xaosux, Gilliam, Ohnoitsjamie, Lakshmin, Bluebot, DStoykov,
Jprg1966, Thumperward, Mcj220, Oli Filth, Prasan21, Lubos, Elagatis, DavidChipman, DHN-bot~enwiki, Da Vynci, Anabus, Suicidalhamster, Abaddon314159, Can't sleep, clown will eat me, Frap, Chlewbot, JonHarder, Yorick8080, Fynali, Celarnor, Meandtheshell,
Ntolkin, Aldaron, Nachico, Elcasc, HarisM, Skrewz~enwiki, Phoenix314, LeoNomis, FerzenR, Andrei Stroe, Ugur Basak Bot~enwiki,
The undertow, Harryboyles, Eldraco, Mattloaf1, Melody Concerto, Beetstra, Boomshadow, Feureau, Peyre, Hu12, Hetar, BranStark,
BananaFiend, Jhi247, Robbie Cook, Newone, GDallimore, Pmattos~enwiki, Tawkerbot2, Chetvorno, SkyWalker, JForget, FleetCommand, Ale jrb, Megaboz, JohnCD, Topspinslams, Kgentryjr, Random name, Lazulilasher, WeggeBot, Josemi, Nnp, Equendil, Phatom87,
Cydebot, T Houdijk, Mashby, UncleBubba, Gogo Dodo, Tbird1965, Hamzanaqvi, Guitardemon666, rate, Omicronpersei8, Thijs!bot,
Danhm, Epbr123, Barticus88, Kubanczyk, Dschrader, Pajz, Randilyn, Simeon H, Marek69, SGGH, Chrisdab, CharlotteWebb, Wai Wai,
AntiVandalBot, RoMo37, Davido, Purpleslog, Isilanes, Vendettax, LegitimateAndEvenCompelling, Dougher, ShyShocker, DoogieConverted, Dman727, Deadbeef, Acrosser, JAnDbot, Sheridp, MER-C, Seddon, Lucy1981, Tushard mwti, Kjwu, Jahoe, Raanoo, VoABot
II, Maheshkumaryadav, Swpb, Djdancy, Hps@hps, Cellspark, Twsx, Dean14, AlephGamma, Gstroot, LeinaD natipaC, Hans Persson,
Nposs, Greg Grahame, Just James, DerHexer, Rtouret, Hbent, Jalara, XandroZ, Seba5618, Tommysander, MartinBot, CliC, LeonTang,
R'n'B, Ash, PrestonH, Tgeairn, J.delanoy, NightFalcon90909, Shawniverson, Ans-mo, Jigesh, L'Aquatique, !Darkre!6'28'14, Molly-in-md,
KCinDC, STBotD, Equazcion, Red Thrush, Beezhive, Halmstad, SoCalSuperEagle, Idioma-bot, Zeroshell, Jramsey, Timotab, VolkovBot,
Mike.batters, Je G., Indubitably, AlnoktaBOT, VasilievVV, Venom8599, Philip Trueman, Apy886, Jackrockstar, Cedric dlb, Ulrichlang,
OlavN, Anna Lincoln, Corvus cornix, David.bar, Sanfranman59, Justin20, LeaveSleaves, Seb az86556, Lolsalad, Yk Yk Yk, Phirenzic,
Why Not A Duck, Brianga, MrChupon, JasonTWL, EmxBot, Hoods11, SieBot, EQ5afN2M, Jchandlerhall, YonaBot, Sephiroth storm,
Yintan, Miremare, Calabraxthis, Milan Kerslager, Android Mouse, Hokiehead, JSpung, Hazawazawaza, Goodyhusband, Doctoruy, Oxy-
178
moron83, Nuttycoconut, Tombomp, C'est moi, Mygerardromance, Altzinn, WikiLaurent, Bryon575, Ilpostinouno, Berford, Escape Orbit,
Loren.wilton, ClueBot, Rumping, Snigbrook, CorenSearchBot, The Thing That Should Not Be, Jan1nad, SecPHD, Arakunem, Jobeard,
Njmanson, Blanchardb, Harland1, ChandlerMapBot, Bencejoful, Jusdafax, Tim874536, Dcampbell30, Estirabot, Shiro jdn, Aurora2698,
Peter.C, Mxbuck, Creed1928, ChrisHodgesUK, BOTarate, La Pianista, 9Nak, Aitias, Apparition11, Vanished user uih38riiw4hjlsd, Sensiblekid, DumZiBoT, BarretB, Wordwizz, Gnowor, Booster4324, Gonzonoir, Rror, NellieBly, Badgernet, Alexius08, Noctibus, WikiDao,
Thatguyint, Osarius, Wyatt915, Addbot, Wikialoft, RPHv, Some jerk on the Internet, Captain-tucker, Otisjimmy1, Crazysane, TutterMouse, Lets Enjoy Life, Vishnava, CanadianLinuxUser, Leszek Jaczuk, Sysy909, Cst17, MrOllie, Roseurey, Emailtonaved, Chzz, Debresser, Muheer, LinkFA-Bot, Tide rolls, Lightbot, OlEnglish, Krano, Iune, Bluebusy, WikiDreamer Bot, Shawnj99, Luckas-bot, Yobot,
Terronis, Fraggle81, Amirobot, Fightingirishfan, AnomieBOT, JDavis680, Jlavepoze, Tcosta, Killiondude, Jim1138, Gascreed, Piano non
troppo, Elieb001, Gc9580, Fahadsadah, Kyleaherty, Flewis, Materialscientist, Citation bot, Aneah, Neurolysis, Obersachsebot, Xqbot,
TheAMmollusc, Duesseljan, Addihockey10, JimVC3, Capricorn42, CoolingGibbon, 4twenty42o, Jmprtice, Ched, GrouchoBot, Backpackadam, Prunesqualer, RibotBOT, SassoBot, EddieNiedzwiecki, Thearcher4, Doulos Christos, =Josh.Harris, Gnuish, Chaheel Riens, Jaraics,
Dan6hell66, G7yunghi, Prari, FrescoBot, Nageh, WPANI, Kamathvasudev, Galorr, Smile4ever, Expertour, Lukevenegas, DivineAlpha,
Grapht, Pinethicket, I dream of horses, HRoestBot, Meaghan, Richard, MrBenCai, December21st2012Freak, Cougar w, Weylinp, Danshelb, TobeBot, WilliamSun, FunkyBike1, Vrenator, Clarkcj12, Stephenman882, Bangowiki, Mwalsh34, Eponymosity, Tbhotch, Gaiterin,
DARTH SIDIOUS 2, Hugger and kisser, Dbrooksgta, Teenboi001, Aviv007, Regancy42, VernoWhitney, DASHBot, Chuck369, EmausBot, WikitanvirBot, Timtempleton, Super48paul, Solarra, Winner 42, K6ka, Aejr120, Shuipzv3, Athn, Ebrambot, Kandarp.pande.kandy,
Sg313d, Cit helper, IntelligentComputer, Rawiki, OisinisiO, NTox, Cubbyhouse, Zabanio, DASHBotAV, Sepersann, 28bot, Socialservice, ClueBot NG, AAriel42, Lord Roem, Vakanuvis789, 123Hedgehog456, Vlhsrp, Widr, Debby5.0, HMSSolent, Titodutta, Kanwar47, Wbm1058, Wiki13, Silvrous, Dentalplanlisa, Zune0112, Paulwray97, Nperrakis, Klilidiplomus, Sk8erPrince, Cimorcus, Fastcatz,
CGuerrero-NJITWILL, Cvarta, PhilipFoulkes, Dexbot, Sendar, SimonWiseman, Codename Lisa, Avinash7075, Pete Mahen, CaSJer,
Jamesx12345, Rob.bosch, VikiED, Palmbeachguy, Epicgenius, Camayoc, Melonkelon, Anupasinha.20, Praemonitus, SamoaBot, EvergreenFir, Indiesingh, Ginsuloft, ScotXW, Harshad1310, Nyashinski, Monkbot, Darshansham, Williamahendric, Jeremy.8910, Kenkutengu,
AMLIMSON, Miraclexix and Anonymous: 955
Grey hat Source: http://en.wikipedia.org/wiki/Grey%20hat?oldid=660988969 Contributors: Nealmcb, Pnm, Samw, Furrykef, Jerzy, Altenmann, Pengo, Tieno, Mboverload, Neilc, Adambondy, KevinBot, NetBot, BrokenSegue, Urthogie, Tonei, NicM, Brookie, Hq3473,
Mindmatrix, Stephanspencer, Jannetta, Reisio, Rjwilmsi, Vary, X1011, Greyhat, RussBot, Kerowren, Hydrargyrum, Cryptic, Korny
O'Near, Voidxor, Alex43223, Ninly, Mateo LeFou, Rtc, Aurista25, Cronium, Ohnoitsjamie, Skizzik, Cybercobra, Blaush, Deepred6502,
InedibleHulk, Ojan, Dariusofthedark, Amalas, Ilikefood, Smably, Redlock, Neelix, Mato, Alucard (Dr.), Omicronpersei8, Superstuntguy, Gogogoat, AGrobler, Escarbot, Exeltica, Daniel Verity O'Connor, MER-C, PhilKnight, Acroterion, Mjhmach5, Penubag, DerHexer,
R'n'B, AlexiusHoratius, J.delanoy, Ian.thomson, BlueGuy213, Znx, Dog777, Speciate, Philip Trueman, Mosmof, Woodsstock, Seraphim,
Mcclarke, Michaeldsuarez, Varinyc1, Roxya, Ethyr, Schnurrbart, Sephiroth storm, Flyer22, MinorContributor, Jojalozzo, Martinlc, Gahenton, JohnnyMrNinja, Shonharris, IceUnshattered, Drmies, Blackvenomx, Plasynins, Andrew81446, Dmyersturnbull, Holothurion, Apparition11, Bearsona, Neuralwarp, The Internet Murderer, Delicious carbuncle, MensaDropout, Addbot, Justallofthem, Mtndew9191,
OlEnglish, Yobot, Bathysphere, Kaljtgg, AnomieBOT, ArthurBot, Pradameinho, FrescoBot, Amirhmoin, Pinethicket, Jonesey95, Rushbugled13, SiPlus, Steveninspokane, Lotje, Aoidh, Qrsdogg, Wikipelli, Mumbojumbo 101, 413X4ND3R, , Ocaasi, Avelino
Houed, Cymbelmineer, Bomazi, JohnnyLurg, ClueBot NG, Vacation9, MixwellUSA, Whitehatpeople, Hz.tiang, Mark Arsten, Player017,
Xcyss, Unocialeditor, Blindedhall, Innitematter, PinkAmpersand, Spacepenguin79102, Whiteneues, Akshay0000, Hhhhherd, Seosolver, Djaussiekid, Usernamebox, Thetechgirl, Dasingamaroos, Sonora Carlos and Anonymous: 117
Hacker Source: http://en.wikipedia.org/wiki/Hacker?oldid=661021102 Contributors: Damian Yerrick, Lee Daniel Crocker, Bryan Derksen, The Anome, M~enwiki, Frecklefoot, Pnm, GTBacchus, Delirium, Dori, Eric119, Ahoerstemeier, CatherineMunro, Rl, Furrykef,
RadicalBender, Friedo, PBS, ZimZalaBim, Altenmann, Pengo, Wiglaf, Pne, Beland, Khaosworks, Plasma east, Bodnotbod, Ojw, RandalSchwartz, Strbenjr, Gazpacho, Mindspillage, Discospinster, Vsmith, Paul August, Night Gyr, ESkog, Jnestorius, Bobo192, Army1987,
Longhair, Smalljim, Alansohn, Anthony Appleyard, Andrewpmk, Lectonar, Bart133, Snowolf, Zsero, Wtmitchell, Velella, Dominic,
Bsadowski1, Reaverdrop, Redvers, Djsasso, Mindmatrix, David Haslam, ^demon, The Wordsmith, Lkjhgfdsa, Tabletop, Kralizec!,
Prashanthns, GSlicer, Mandarax, Graham87, BD2412, Bikeable, Zoz, Sj, Jake Wartenberg, Alex Nisnevich, Quiddity, PHiZ, MZMcBride, Jehochman, Nandesuka, Ucucha, RLent, D.brodale, Butros, King of Hearts, Chobot, DVdm, Cornellrockey, MishaDynin, Sceptre, Akamad, NawlinWiki, Ejdzej, Irishguy, Fantusta, Abb3w, Mikeblas, Leontes, Figaro, Darkfred, Hosterweis, Closedmouth, KGasso,
DGaw, KristoerLunden, Wainstead, Katieh5584, DesignExplosion, DVD R W, Pandemic, Mmernex, Rtc, Freekee, Davewild, WookieInHeat, Canthusus, Yamaguchi , Gilliam, Ohnoitsjamie, Richfe, Rmosler2100, Sviemeister, Chris the speller, CISSP Researcher,
Persian Poet Gal, Thumperward, SchftyThree, Deli nk, Nazgjunk, Shalom Yechiel, Onorem, Lobner, Adamantios, Khoikhoi, COMPFUNK2, Jmlk17, MatthewDaly, Al Fecund, Cybercobra, Blake-, Shadow1, Derek R Bullamore, The PIPE, DMacks, Copysan, Madeleine
Price Ball, Cast, ArglebargleIV, Dwpaul, Dark Formal, Viciousalloy, IronGargoyle, 16@r, Loadmaster, Waggers, Anonymous anonymous, Iridescent, Colonel Warden, Shoeofdeath, Majora4, Lazeo, Tawkerbot2, Joshuagross, Owen214, INkubusse, BeenAroundAWhile,
Lentower, T23c, Neelix, Montanabw, Sebastian789, Cahk, Mato, SyntaxError55, Gogo Dodo, Travelbird, Foosh, Wo0t, Christian75,
DumbBOT, Njan, Btharper1221, ForbiddenWord, TheHumanhalo, Thijs!bot, Epbr123, Daa89563, Marek69, James086, Chet nc, Lithpiperpilot, SusanLesch, Cyclonenim, Luna Santin, Seaphoto, Quintote, LDGE, Xenix~enwiki, Coyets, Vivek singh1200, Farosdaughter,
Daniel Verity O'Connor, Manishf1, Res2216restar, MER-C, Robina Fox, Acroterion, Bongwarrior, VoABot II, Utilly, Froid, Avicennasis, MGD11, Testla, Cpl Syx, DerHexer, Esanchez7587, L3th4l, ZOMG Zombies, S3000, AVRS, Meamvagabond, CliC, Anaxial,
R'n'B, EdBever, J.delanoy, Pharaoh of the Wizards, Timmccloud, Uncle Dick, Extransit, Jerry, Zg, MakotoSaruwatari, Katalaveno, SHTR,
LordAnubisBOT, Ncmvocalist, NewEnglandYankee, Zerokitsune, SJP, Bonadea, Funandtrvl, Xnuala, Wikieditor06, VolkovBot, CWii,
Irene Ringworm, Leebo, Boris242, Indubitably, Thenthornthing, Philip Trueman, Dchmelik, TXiKiBoT, Technopat, Someguy1221, Tobyreynolds, Lradrama, BotKung, Maxim, VARGUX, Enigmaman, Haseo9999, Wolfrock, Loznjes, Tomaxer, Sylent, Vchimpanzee, HiDrNick, Hazel77, NHRHS2010, Sayosayo~enwiki, EJF, Ttony21, Tresiden, Tiddly Tom, Caulde, AlphaPyro, Jauerback, Dawn Bard, Caltas, Sephiroth storm, Falcore, Bentogoa, Happysailor, Radon210, Oda Mari, Oxymoron83, Lisatwo, Bandi669, Kgkian, WordsExpert,
Denisarona, Escape Orbit, Faithlessthewonderboy, ClueBot, Smart Viral, Deviator13, GorillaWarfare, The Thing That Should Not Be,
Rjd0060, Mild Bill Hiccup, LukeShu, SuperHamster, Boing! said Zebedee, Blanchardb, Neverquick, Auntof6, Alan dx, Adrian lopez,
OneCoolKid, Excirial, PixelBot, Eeekster, Abrech, GreenGourd, Willdgiles, Andrew81446, Skytreader, CowboySpartan, Xxyt4n2, Mormon17, Troelssj, La Pianista, Cold Phoenix, Jpearson72, Versus22, Gooey0037, Johnuniq, NeVic1, XLinkBot, Rror, Hackersmalta, Mitch
Ames, Skarebo, PL290, Alexius08, RyanCross, HexaChord, AlioTheFool, Addbot, Goon111113, Bubbaraid, Jojhutton, Tcncv, Tpjarman,
Doesthiscount, TutterMouse, Abhay1120, OO0saj0Oo, CanadianLinuxUser, Cst17, MrOllie, Glane23, Ld100, Debresser, Roux, Favonian, Bgalla01, Tassedethe, Tide rolls, Krano, Jarble, N0ths, Frehley, Yobot, Tohd8BohaithuGh1, Hacker11012929348, Bigtophat, THEN
WHO WAS PHONE?, InvestExp, Jim1138, IRP, Kingpin13, Wikipeeeeedia, Materialscientist, Pipolol, Waterjuice, GB fan, Quebec99,
179
Haxyourmom, Capricorn42, Hakcers r us, Jerey Mall, HavikRyan, FuturePrefect, Sagber, Leagirl95, GrouchoBot, Amaury, Der Falke,
Shadowjams, AnDixx, Grinofwales, Who then was a gentleman?, Custoo, FrescoBot, Liquidluck, Caveman101, Destroyerman22, Recognizance, Wizer121, Alxeedo, Jpistofast, Finalius, Mikemaximum33, Dethcircle, Norsehorse89, Srijan89, Pinethicket, Jschnur, Serols,
Pwnmonster, Ansarkp123, Wadders199, ShowEXP, Yunshui, Codylonsdale, LogAntiLog, Slumvillage13, Lotje, Gdi2290, Vrenator, Nhybgtvfrcdexswzaq, Specs112, Fastilysock, DARTH SIDIOUS 2, Mean as custard, The Utahraptor, Bento00, NerdyScienceDude, Vinnyzz,
Petux7, Katherine, Nailer111, Wikipelli, K6ka, ZroBot, Bollyje, 5rdx6tfc, AndrewN, Wayne Slam, OnePt618, L Kensington, Kishee4,
MaGa, Ferhatcitil, Donner60, Mcis101, Forever Dusk, DASHBotAV, 28bot, Rocketrod1960, Ben is a fail, Petrb, ClueBot NG, Chetrasho,
MelbourneStar, This lousy T-shirt, Alexajju, Kro-Kite, Satellizer, RadaVarshavskaya, Lukeno94, Cntras, Muon, EditAce, Widr, Electriccatsh2, 2001:db8, WNYY98, Eeik5150, Zhaynes123, Ocial Spokesman, Mark Arsten, Rashin3132, AnonyDentied, Altar, Mottengott,
Dllecter, Snow Blizzard, Camarones12, Jpw177, Fluxboy6789, MarkHennessy, Mewhho18, Calebcrusco, Buechlein, Klilidiplomus, Iloveyoubuhh, Abgelcartel, Tutelary, Pratyya Ghosh, Arr4, Imamurdera, Mediran, MadGuy7023, Aditya sain, Hackstorix1000, Webclient101,
VampireProject23, Neoheurist, Frosty, Jamesx12345, Hungrypillow, Zdarm, Hnurgds, Lego99, Red-eyed demon, Giansol, Qiyue2001,
Cadab321, Eyesnore, Tentinator, Yuvanselva, Zhir Slemany, Lee Tru., Zangraravi, DJ TUeRIO SET, Babitaarora, Camo335XD, HackersExposed, Ginsuloft, Manul, Techi 2013, Abdale Mohamed, VeryCrocker, Thomas22865, Crow, Tyty505, Hosen1991, Vieque, Sherlock502, NATHANWASHERE2014, Bckingofkings, Biblioworm, 65440ahq7, Ghamnadaram, Dracomalfoy3, Idospa, Yxcker, Mushqa
Ayesha, SEZDRX, Deanthomps, Suryansh gr, Khem kd, Sandra zavala, AmandaWhyte99, Xtreme PJ, Swiftor says stab, RubaZatar, Deunanknute, VenturesClassic, REPTILE HT, I like porto, PokemonMaster48, Malic0usploit9011, Aziz142036, The Arfmeow, Cool10299,
Abrahem.alobra, Deadsec333 and Anonymous: 641
Hacker (computer security) Source: http://en.wikipedia.org/wiki/Hacker%20(computer%20security)?oldid=657126582 Contributors:
The Anome, Deb, Fred Bauder, Pnm, HarmonicSphere, Ronz, Jebba, Darkwind, Charles Matthews, Andrewman327, Topbanana, Chuunen Baka, ZimZalaBim, Academic Challenger, Michael Snow, Pengo, Marcika, Tieno, Mckaysalisbury, OverlordQ, DragonySixtyseven,
AndrewKeenanRichardson, CesarFelipe, Joyous!, Mike Rosoft, Freakofnurture, Discospinster, Rich Farmbrough, Qutezuce, Thedangerouskitchen, ESkog, MisterSheik, MBisanz, Aude, Adambro, Bobo192, Army1987, Smalljim, Duk, Adrian~enwiki, Wrs1864, Storm Rider,
Alansohn, Tek022, Arthena, Diego Moya, Howrealisreal, Mysdaao, Zsero, Wtmitchell, Velella, Crystalllized, H2g2bob, BlastOButter42,
Mahanga, Kelly Martin, Woohookitty, Mindmatrix, TigerShark, Unixer, NeoChaosX, WadeSimMiser, Tckma, MONGO, Waldir, Xiong
Chiamiov, SqueakBox, Graham87, Jclemens, Icey, Ketiltrout, Rjwilmsi, ElKevbo, Jehochman, Ghepeu, The wub, DoubleBlue, FayssalF,
RexNL, Intgr, SpectrumDT, Coolhawks88, Celebere, David91, DVdm, Gwernol, YurikBot, Wavelength, RussBot, TheDoober, SpuriousQ, Hydrargyrum, Gaius Cornelius, Rsrikanth05, Pseudomonas, NawlinWiki, Xkeeper, Bachrach44, Grafen, Deskana, DarthVader,
Ejdzej, Thiseye, Irishguy, Abb3w, RUL3R, Gigor, Nate1481, Bucketsofg, DeadEyeArrow, Kewp, Kakero, Alpha 4615, Intershark, Zzuuzz, Arthur Rubin, Josh3580, Dspradau, Dcb1995, Whaa?, Tall Midget, SmackBot, Rtc, Maelwys, Hydrogen Iodide, Jacek Kendysz, Davewild, KVDP, KelleyCook, AnOddName, Bburton, Edgar181, Yamaguchi , Zvonsully, Gilliam, Hmains, Oscarthecat, Rmosler2100,
Tytrain, Chris the speller, Bluebot, Kurykh, MK8, Droll, Gutworth, Swiftdr, Mark7-2, Kungming2, Farry, Yunax, Wisden17, Butterboy, Pegua, Tsca.bot, SheeEttin, Onorem, JonHarder, Mos4567, Addshore, Khoikhoi, Fuhghettaboutit, Cybercobra, Nakon, Weregerbil,
WikiMASTA, Antipode, Ligulembot, Vic93, Rory096, Zymurgy, Harryboyles, Microchip08, Acidburn24m, Grimhim, Gobonobo, Erhik,
Mgiganteus1, Ben Moore, A. Parrot, Othtim, Slakr, Ehheh, Hu12, Swotboy2000, BananaFiend, Iridescent, Twas Now, Nfutvol, Igoldste,
Beno1000, Sbbp, Courcelles, Tawkerbot2, CYRAX, TheHorseCollector, JForget, GeneralIroh, Paulmlieberman, Tanthalas39, Randhirreddy, Sir Vicious, Taimy, Neelix, Fordmadoxfraud, Unmitigated Success, Nauticashades, Mblumber, Ryan, Anthony62490, Gogo
Dodo, Anthonyhcole, ST47, Brianpie, Ameliorate!, Njan, Omicronpersei8, Kokey, Maziotis, Pipatron, Click23, Thijs!bot, Alexmunroe,
Epbr123, Kubanczyk, Ishdarian, PierceG, Marek69, NorwegianBlue, Cdf333fad3a, Pogogunner, Nick Number, Porqin, KrakatoaKatie,
AntiVandalBot, BokicaK, Luna Santin, Seaphoto, Nickrj, QuiteUnusual, Jj137, Deadbeef, Leuko, MER-C, Skomorokh, CosineKitty,
Davman1510, Hexatron2006, Tqbf, Acroterion, Propaniac, Meeples, Pigmietheclub, Hroulf, Bongwarrior, VoABot II, JamesBWatson,
Wikichesswoman, Digital Pyro, Jvhertum, Evaunit666, Animum, Mukesh2006, Allstarecho, JonWinge, DerHexer, Atulsnischal, MartinBot, Comperr, R'n'B, Brothejr, Terafox, ArcAngel, Ash, Tgeairn, Manticore, J.delanoy, Pharaoh of the Wizards, Trusilver, Grim Revenant,
Rekrutacja, Bogey97, Tikiwont, Adamryanlee, Vanished user 342562, Footballfan42892, Kudpung, Dipu2susant, Katalaveno, Crakkpot,
Xython, SJP, Touch Of Light, Toon05, KylieTastic, Juliancolton, Cometstyles, Atsinganoi, Rising*From*Ashes, Bonadea, Useight, JohnDoe0007, SoCalSuperEagle, Dark-Dragon847, Funandtrvl, Hchoe, Je G., Indubitably, Robertobaroni, Danbloch, Delivi, Philip Trueman,
Fran Rogers, Tense, Technopat, MrFirewall, KillerBl8, Someguy1221, Nicopresto, Lradrama, Zimbardo Cookie Experiment, Martin451,
Slysplace, PaulTanenbaum, Seb az86556, Snowbot, Roo556, Benedictaddis, Doug, Haseo9999, Staka, Meters, Qlid, Turgan, Indexum,
PokeYourHeadO, Howlingmadhowie, Horrorlemon, Jwray, Work permit, Scarian, Dawn Bard, Caltas, SecurInfos~enwiki, Triwbe, Mnbitar, Ml-crest, Sephiroth storm, Yintan, JoeMaster, Quest for Truth, Flyer22, Jasgrider, Bdorsett, Redmarkviolinist, Oxymoron83, Faradayplank, Nuttycoconut, Jameshacksu, Poindexter Propellerhead, Hobartimus, Aiden Fisher, Ustad24, Denisarona, Darkspin, Nokeyplc,
Loren.wilton, Martarius, Elassint, ClueBot, WilliamRoper, Jackollie, The Thing That Should Not Be, T.Neo, Ndenison, Taroaldo, Adrianwn, TheOldJacobite, Boing! said Zebedee, Hafspajen, Halod~enwiki, Krazekidder, Blanchardb, Ottawahitech, Stayman Apple, Sv1xv,
Kitsunegami, Excirial, Bedwanimas214, Encyclopedia77, BigChris044, AWoodland, KnowledgeBased, SpikeToronto, Rhododendrites,
AndyFielding, Morel, SchreiberBike, Knowz, Ottawa4ever, Thehelpfulone, DanielPharos, Thingg, Error 128, Andponomarev, Aitias,
Versus22, Hans Kamp, SoxBot III, Egmontaz, Apparition11, SF007, Glacier Wolf, DumZiBoT, Lolimahaxu, BarretB, AlanM1, Angelarstone, XLinkBot, Armeyno, Rayzoy, Fastily, RebirthThom, Xena-mil, Avoided, Mitch Ames, Condra, PL290, Badgernet, Noctibus,
Speddie2, Ipwnz, Mounlolol, Hannibal14, RyanCross, Nolan130323, Bookbrad, Fat4lerr0r, Creepymortal, Zeeshaanmohd, Landon1980,
Nallen20, Tpjarman, IXavier, Grandscribe, Vatrena ptica, Jncraton, Mr. Wheely Guy, Computerhackr, A1b1c1d1e1, CanadianLinuxUser,
Fluernutter, Asphatasawhale, MrOllie, Mentisock, Proxima Centauri, FerrousTigrus, Vonvin, Freqsh0, Dan Brown456, Glane23, Danbrown666, FCSundae, Favonian, 5 albert square, Tyw7, Japonca, Imanoob69, Im anoob68, Hudy23, Tide rolls, OlEnglish, RaidX, ",
Khawar.nehal, CRYSIS UK, Jarble, Ladanme, Lolhaxxzor, Frehley, Ben Ben, Publicly Visible, HTS3000, Yobot, WikiDan61, Aubwie, Fraggle81, Sdtte345, Doctor who9393, THEN WHO WAS PHONE?, Hackistory, Br33z3r, UncleanSpirit, 007exterminator, Daniel
1992, Evilmindwizard, Tempodivalse, Surya.4me, Retro00064, AnomieBOT, Andrewrp, Holyjoely, DemocraticLuntz, Noq, Jim1138,
Gyakusatsu99, AdjustShift, Kingpin13, Ulric1313, RandomAct, Materialscientist, Limideen, ImperatorExercitus, DogPog1, Danno uk,
Citation bot, Aneah, Object404, Waterjuice, GB fan, Ammubhave, Xf21, JimVC3, Capricorn42, Nivekcizia, Delmundo.averganzado,
Jmundo, Mzinzi, Martychamberlain, Raganaut, Steaphan Greene, Mccleskeygenius10, Abce2, Frosted14, VanHelsing23, 7OA, Pradameinho, Mathonius, Raptor1135, Alex60466176, Shadowjams, Axonizer, Erik9, A.amitkumar, Voatsap, Haxor000, Satanthemodier, K-lhc,
Ravyr, FrescoBot, Amirhmoin, Michael93555, Recognizance, XxtofreashxX, Jersey92, Dejan33, Cannolis, Killian441, ChadWardenz,
I dream of horses, HRoestBot, Spidey104, MHPSM, Achraf52, Sweetpaseo, Nickgonzo23, SpaceFlight89, Yutsi, , Cathy Richards,
IAnalyst, KayinDawg, White Shadows, Winsock, Jaybhanderi, Chris5858, SchreyP, Strobelight Seduction, Slumvillage13, Searine, Lotje,
Callanecc, Fox Wilson, Vrenator, Yong, Bluest, Allen4names, Aoidh, Reaper Eternal, Acatyes, Specs112, Lilnik96, Tbhotch, Reach Out to
the Truth, Minimac, DARTH SIDIOUS 2, Jfmantis, Mean as custard, RjwilmsiBot, Mrdierentadams, Agent Smith (The Matrix), Skame-
180
crazy123, Rollins83, DASHBot, Koppapa, EmausBot, John of Reading, Orphan Wiki, JCRules, Dewritech, GoingBatty, RA0808, RenamedUser01302013, Computerwizkid991, Iamahaxor, Tommy2010, Elvenmuse, Wikipelli, K6ka, Thecheesykid, AvicBot, Tranhungnghiep,
F, Josve05a, Mr.honwer, , A930913, Script-wolfey, Mukslove, H3llBot, Wikfr, Cymru.lass, Robotdantheman, XeroJavelin,
Aviator702-njitwill, DarkFalcon04, Gray eyes, Sayros, Deutschgirl, Donner60, Pre101, Ranga42, Wipsenade, Bomazi, Mcc1789, Craxmilian, Hmcc10, GrayFullbuster, Sven Manguard, Rmashhadi, Rocketrod1960, Akasosetutza, Whoop whoop pull up, Socialservice, Vanished
user ij3rnfkmclk3tkj4ncknefkjnadmcnbgrju, ClueBot NG, Smtchahal, WIERDGREENMAN, Headchopperz, Bigfatradish, WEBHTW,
Je Song, MelbourneStar, Kro-Kite, A520, Decepticon1, Ezzk, Narracan3824, Tonersa, Afpropm, Frietjes, Mrn5-NJITWILL, Muon,
Mesoderm, Widr, Argionember, , Helpful Pixie Bot, Augiecalisi, Bigwalter54, HMSSolent, The Elven Shadow, Cas CS, Whitehatpeople, Lowercase sigmabot, BG19bot, FAROOQBUTT2015, Sharkselva, Bausshackerhf, Sibidharan, Kennydo, MadHaTTer666,
Rsotillo, Mybenyboy, Ajith P V, ExdeathSoul, Paganinip, Mourt1234, AwamerT, Mark Arsten, Khaosfarrow, Xcyss, Royalle, Sandmanchang, General lee awesome, Savrose, Mrk28-NJITWILL, Zdrft, Sachinaditya5, Kizar, Insidiae, Pkbaughman, Cbellalmr, Achowat, Hackerxz13, Guanaco55, Abgelcartel, Codenamezuck, 2EChO, IamkenIT, Mala maju, Malqbi, Nohus, Hibye12345678910, Mediran, Gagan
sedulity, Kaeza, Jacobsipod, Jon.weldon, Austin170, Pincode84, Zak123456789, To-man, Stefano Vincenzi, AutomaticStrikeout, EagerToddler39, Danishfareed, Codename Lisa, Webclient101, Lorenzozandoli98, RazrRekr201, K8steve, Faceashbook, Knuckles352, Ejoe91,
SaltyKrackafag, Cubita linda, WikiEXBOB, Innitematter, Nazanin8804023, Ydnom89, Numbermaniac, Bathtub41, Frosty, Little green
rosetta, 93, Piyushratnu, Superboy 1989, Max Stardust, Telfordbuck, St.andrewstroll, Dnasux, SmartyPantsKid, Zdarm, Ashikali1607,
Esmael001, Crydizzy, ProtossPylon, Risraelo, Tentinator, Anonyseb13, Lolnoiedit, Geforsen, Arun vasan, Cfr robot, Ozuru, Balles2601,
Jenselby, Crou, Hippiman36, Ginsuloft, Hacker Exploits, S Kaushik wiki, Simius narrans, MrLinkinPark333, Manul, Techi 2013, Dhhacks,
Nickturner A$AP, WikiJuggernaut, Crenshawblackhat, KodojoDragon, Bshupe626, Vahidxaker, Akshay0000, Tathavms, Ethically Yours,
Thrasherrdesigns, Hack3rzgethacked, Adeemjan666, Chimpgod, Monkbot, MightyHypnoToad, Magicwalrus69, Adogake, VACyber,
BethNaught, Ipsdix, Person1928, Josephchenlin, NJMcrp1990, Isaiahs825, Nikhitagupta415, Mo5254, Ranjeet.yadav8563, Amortias,
Dracomalfoy3, ROMAN JERRY, EDITOR2003, Ayush dhiman 272, SEZDRX, Jezzardloer24, HexOp, UnpredictablePrashant, Momin
Sohail, Therealinfosystir, XXGerry AdamsXx, Nikigreen02, Bhuwnesh.joshi2014, NAVNEET AGRAWAL GORAI, Esquivalience,
Anonymous6767, ShpetimRacaj, Gs5star, Pyrotle, W33svm, Miguel ATW, ParadoxLuLz, Shin0bih4x0r, Dawave0, Johngot and Anonymous: 1256
Hacker (term) Source: http://en.wikipedia.org/wiki/Hacker%20(term)?oldid=662648558 Contributors: Damian Yerrick, TwoOneTwo,
The Cunctator, Derek Ross, LC~enwiki, Brion VIBBER, Mav, Timo Honkasalo, The Anome, Taw, Jzcool, Rjstott, Ed Poor, Wayne Hardman, Enchanter, Little guru, Ortolan88, Merphant, TomCerul, Arj, Ryguasu, B4hand, Erwan~enwiki, Modemac, Gpietsch, Elian, Edward,
Ghyll~enwiki, PhilipMW, Michael Hardy, Modster, Cprompt, Voidvector, Blueshade, Pnm, Kpearce, MartinHarper, Wapcaplet, Ixfd64,
Eurleif, GTBacchus, Dori, (, CesarB, Ams80, Ahoerstemeier, Ronz, Nanshu, Docu, William M. Connolley, Baylink, Snoyes, Angela,
Jebba, Kingturtle, Salsa Shark, Bogdangiusca, Cyan, Kirun, Cimon Avaro, Med, Rob Hooft, KayEss, Schneelocke, Samnse, Ehn, Ylbissop,
Hashar, PatriceNe, Timwi, Pti, Malcohol, Fuzheado, Will, Pocopoco, Markhurd, HappyDog, Kaare, Jake Nelson, Jerey Smith, Furrykef, Saltine, Jnc, Bevo, Betterworld, Tjdw, Stormie, Dpbsmith, Olathe, Wetman, Pakaran, Jerzy, Flexure, Hajor, Jeq, Lumos3, JessPKC,
Denelson83, Aluion, Phil Boswell, Gromlakh, AlexPlank, Robbot, Noldoaran, Sander123, Astronautics~enwiki, Fredrik, Chris 73, Vespristiano, RedWolf, Covracer, Altenmann, Netizen, Romanm, Chris Roy, Tim Ivorson, Dersonlwd, Texture, Meelar, Zidane2k1, Faught, Italo,
Hadal, HyLander42, Mushroom, Plotinuz, Cyrius, Pengo, Per Abrahamsen, GreatWhiteNortherner, Dina, Stetic, Decumanus, Matt Gies,
Centrx, TimGrin, Fennec, Eric S. Raymond, Cokoli, Kim Bruning, Massysett, Nadavspi, Kenny sh, Itsnotvalid, Wiglaf, Brian Kendig,
HangingCurve, Leyman, Ds13, Average Earthman, Everyking, Anville, Curps, Frencheigh, Beta m, Quamaretto, Mboverload, Ezod,
Jds, Xorx77, Rchandra, AlistairMcMillan, Matt Crypto, Jaan513, SWAdair, AdamJacobMuller, Jrdioko, Wmahan, Rheun, Neilc, Ato,
Auximines, Mackeriv, Utcursch, Shibboleth, Workman161, Yath, Long John Silver~enwiki, Antandrus, Loremaster, Apotheon, Wikimol,
Epalm, ArcRiley, Rdsmith4, DragonySixtyseven, Fratley, Sam Hocevar, Nickptar, Sillydragon, Neutrality, Micpp, Strbenjr, Grstain, Mike
Rosoft, Mernen, Mormegil, Freakofnurture, Mindspillage, Nerf, Discospinster, Solitude, Rich Farmbrough, Guanabot, Leibniz, Rama,
Ponder, Lorn, Demitsu, Paul August, Gronky, Speedysnail, Calamarain, Jnestorius, AdmN, AndrewM1, Evice, Dataphile, CanisRufus,
Kop, MBisanz, EDGE, Sietse Snel, RoyBoy, Leif, Orlady, Pikesta, Bobo192, Army1987, Func, BrokenSegue, Viriditas, StoatBringer,
Cmdrjameson, MITalum, Wisdom89, Njyoder, Matt Britt, Cohesion, Adrian~enwiki, Redquark, Blotwell, Coopdot~enwiki, The Recycling Troll, Physicistjedi, Minghong, Idleguy, MPerel, DanBUK, Bandaidman, Conny, Drangon, Jumbuck, Tra, Storm Rider, Gcbirzan,
Rernst, Alansohn, Golgo13, Richard Harvey, Polarscribe, Jamyskis, Achitnis, ThePedanticPrick, Neonumbers, Andrewpmk, HoratioHuxham, Echuck215, Blic~enwiki, Mysdaao, EdRich, Katefan0, Snowolf, Velella, Here, Mfecane, Keepsleeping, Garzo, Evil Monkey,
WolFStaR, Guthrie, H2g2bob, Bsdlogical, Redvers, HGB, Recury, Ceyockey, Keithius, Dismas, Hq3473, OleMaster, Boothy443, Kelly
Martin, Jak86, Mel Etitis, Woohookitty, Mindmatrix, TigerShark, Camw, DoctorWho42, Percy Snoodle, Myleslong, Kzollman, JeremyA,
Brentdax, Mms, The Wordsmith, KymFarnik, MONGO, Schzmo, Grika, Bbatsell, Davidfstr, Terence, Adam Field, Bluemoose, Ralpedia,
Kralizec!,
, Prashanthns, Essjay, Alan Canon, MarcoTolo, Dave Murphy, Marudubshinki, Dysepsion, Kesla, Graham87, Magister
Mathematicae, Kbdank71, RxS, Jdoty, Binary Truth, Josh Parris, Ryan Norton, Rjwilmsi, Koavf, Panoptical, Vary, Dcavell, Bill37212,
T0ny, Tangotango, MZMcBride, Oblivious, Ligulem, Sigmalmtd, ElKevbo, CalPaterson, Ghepeu, Afterwriting, ThePoorGuy, The wub,
Bhadani, Ggfevans, Nandesuka, DickClarkMises, THE KING, GregAsche, Sango123, Mycro, Yamamoto Ichiro, Fish and karate, Alejos,
Titoxd, Sgkay, Mirror Vax, RobertG, Musical Linguist, Doc glasgow, Nihiltres, Josh~enwiki, Harmil, RexNL, Gurch, Mike Van Emmerik,
Alexjohnc3, TheDJ, Quuxplusone, Brendan Moody, Tylerttts, Alphachimp, Marlow4, Phoenix2~enwiki, Psantora, Chobot, Daekharel,
David91, Korg, Stephen Compall, Bgwhite, Cactus.man, GroupOne, Jernejl, Borgx, Antichris, Extraordinary Machine, Splintercellguy,
Sceptre, Hairy Dude, Family Guy Guy, Jetheji, Crazytales, Dili, SpuriousQ, Hydrargyrum, Akamad, Stephenb, CambridgeBayWeather, Cpuwhiz11, Wimt, RadioKirk, NawlinWiki, Wiki alf, BigCow, Bachrach44, Grafen, NickBush24, Ejdzej, Maverick Leonhart,
Robchurch, Irishguy, Retired username, Mortein, Anetode, DAJF, Abb3w, Leontes, KarlHeg, Brat32, Karl Meier, DeadEyeArrow, Psy
guy, Jeremy Visser, Tachyon01, Phenz, Nick123, Max Schwarz, Googl, Theda, Denisutku, Mastercampbell, ArielGold, Yaco, Katieh5584,
Kungfuadam, Bsod2, Paul Erik, DVD R W, Bibliomaniac15, Rykotsusei, A3ulaa, Luk, Yvwv, SmackBot, Mmernex, Monkeyblue, Moeron, Bobet, Estoy Aqu, Rtc, Reedy, KnowledgeOfSelf, Primetime, Pgk, C.Fred, 6Akira7, Ccreitz, Davewild, Agentbla, Edgar181, Yamaguchi , Unforgettableid, Gilliam, Ohnoitsjamie, Irbobo, FakeHarajukuKid, Scaife, Chris the speller, Master Jay, Xchrisblackx, CISSP
Researcher, MK8, Donbas, Thumperward, Edward H, Oli Filth, HartzR, Fluri, MidgleyDJ, Deli nk, Ikiroid, Yunax, DHN-bot~enwiki,
Antonrojo, Janipewter, A. B., Rlevse, Audriusa, Zsinj, Dethme0w, Tsca.bot, Can't sleep, clown will eat me, Timothy Clemans, Mulder416,
OrphanBot, Dushman, Tim Pierce, Sommers, Darthgriz98, Matthew, TheKMan, QubitOtaku, Xmastree, Lesnail, Pevarnj, Addshore,
Edivorce, DGerman, Cpt~enwiki, Huon, COMPFUNK2, Jmlk17, Aldaron, Hackmiester, Cybercobra, Nakon, Jiddisch~enwiki, MichaelBillington, Weregerbil, Philpraxis~enwiki, Only, Filpaul, WikiMASTA, Sigma 7, Negator989, Jordanl122, Pilotguy, Kukini, Masterpjz9,
TenPoundHammer, The undertow, Technocratic, Rory096, Robomaeyhem, Swatjester, Rklawton, Kuru, AmiDaniel, Demicx, Scientizzle, Colak, Soumyasch, Jasonious, NongBot~enwiki, Metavalent, Loadmaster, Andypandy.UK, Mr Stephen, Stikonas, Jon186, Waggers,
Anonymous anonymous, Ralf Loire, Voshika, Klohunt, EEPROM Eagle, Caiaa, GorillazFanAdam, Lord-Bren, Fan-1967, Iridescent,
181
RaiderTarheel, Colonel Warden, Wjejskenewr, Twas Now, Mikeandikes, DeathToAll, Linkspamremover, Tawkerbot2, Pi, Kingoomieiii,
Paulmlieberman, Ahy1, CmdrObot, Tobes00, Corporal79, Dycedarg, Iced Kola, SupaStarGirl, KnightLago, Lentower, Neelix, Pro bug
catcher, MrFish, Luther Brefo, TJDay, Jac16888, Mblumber, Dennette, MC10, Mualphachi, Steel, Michaelas10, Gogo Dodo, Corpx,
ST47, Chingang2006, Elustran, Roymstat, Tawkerbot4, Codetiger, DumbBOT, SpamBilly, Chrislk02, Coder.keitaro, Dtwhitney, Editor
at Large, TheJC, Omicronpersei8, Kokey, Gassaver, Aljo, Thijs!bot, Epbr123, Skreyola, Coelacan, Pajz, LactoseTI, Ultimus, ToxGunn,
Ucanlookitup, Jdm64, Nedcarlson, John254, Kathovo, Gerry Ashton, Lewallen, James086, Aklm, X201, Tellyaddict, Sfxdude, SusanLesch, CamperStrike, Igorwindsor~enwiki, I already forgot, Dantheman531, Ksmathers, AntiVandalBot, Majorly, Yonatan, Luna Santin,
JimScott, Turlo Lomon, Oducado, QuiteUnusual, Angeldust~enwiki, Shirt58, Quintote, Cracker001, AaronY, Wallamanage, Exteray, Mr
Grim Reaper, Olexandr Kravchuk, Darklilac, Farosdaughter, Brian Katt, Zedla, Radar81, Ryanyomomma, JAnDbot, Husond, Raz0r,
MER-C, Cyberhacker665, Churnedfortaste, Britcom, Calvin Nyein Chan, PhilKnight, Cole31337, MSBOT, Opgooi monster, Thing10,
LittleOldMe, Acroterion, Raanoo, Propaniac, Penubag, Pedro, Slowcheetah, Ausome1, VoABot II, AurakDraconian, TARBOT, Zenchesswikster, Jim Douglas, Dinosaur puppy, Rohasnagpal, Testla, Z19~enwiki, Sumguy hhh, Thireus, Martynas Patasius, Glen, DerHexer, JaGa,
Esanchez7587, TheRanger, Fishdert, Cocytus, Foregone conclusion, Gwern, Custardninja, B9 hummingbird hovering, Kornfan71, Neonblak, Hdt83, MartinBot, Attackrabbit, Jeannealcid, Poeloq, Comperr, Rhlitonjua, Justin Piga, Rettetast, Mschel, Jgarland79, Kateshortforbob, ArcAngel, RockMFR, Timmccloud, Ankit bond2005, Public Menace, A Nobody, Wikipbob, Karthixinbox, Owlgorithm, Footballfan42892, SU Linguist, Gutchfest, Squeezeweasel, Gzkn, Dispenser, BrokenSphere, LordAnubisBOT, BrWriter2006, DarkBlackHat,
AntiSpamBot, Berserkerz Crit, Vanished user g454XxNpUVWvxzlr, Gordaen, Michaelban, Alpha713~enwiki, Creepzerg3, Astro Boii,
Watermelonhacker, Tanaats, Cerebos, Cometstyles, Browngreen64, WJBscribe, BrokenPaleGlass, Jevansen, Treisijs, Mike V, Nomnol2,
Bonadea, Micmic28, SoCalSuperEagle, The unsponsored sk8er, Kurdtkobain2707, Zer0is1337, Bite super poilue, VolkovBot, Thomas.W,
Doctor medicine, Je G., Danbloch, Paxcoder, Bsroiaadn, Timmyishappy, Philip Trueman, Greatwalk, Zidonuke, ZDubciclysmo, Planetary Chaos, Sdsd87, Eisenhauer666, Z.E.R.O., Anonymous Dissident, Woodsstock, Qxz, Codenametiger, Linkacid, Lradrama, QuintusMaximus, Aaron Bowen, Qwertasdfzxcv, Hfourxzeror, LeaveSleaves, Mattman2593, Ilyushka88, Patchthesock, Holyman98, Warrhamster,
Worldrallychamp, Playqoy, Enigmaman, Wolfrock, Adam.J.W.C., APplle, Purgatory Fubar, Emo man50, Istillcandream, Ceranthor, Aznfatnerd, Chenzw, Richard A Muller, Logan, Msjennings, 2600.ir, Ponyo, Konkrypton, SieBot, Cuj000, MLBplayer456, Oscarmayor7,
Whitehatnetizen, Sonicology, Infosecwriter, Tehjustice, PeterCanthropus, Pizzachicken, Spartan, Scarian, WereSpielChequers, Mxtp, Gerakibot, Josh the Nerd, Plinkit, Caltas, Eagleal, SE7, Ml-crest, Chiroz, Sephiroth storm, Yintan, Poohead121, Chris test, 360 Degree,
Mrmrsgwangi, Keilana, reeHaq, Android Mouse, Lee010cooldude, Pxma, Toddst1, Flyer22, Bdorsett, LETSskankTHEnightAWAY,
Blaireaux, Rheoguq, Agent Q556, Oxymoron83, Antonio Lopez, AngelOfSadness, Nuttycoconut, Lightmouse, Poindexter Propellerhead, Techman224, Bluedart13, F1r3w4ll, Diego Grez, Maelgwnbot, Anakin101, Bip34, Spartan-James, JohnnyMrNinja, Dust Filter,
Hâ^x^kîô, Starcraft232, Guitaralex, Youugly93u, Explicit, MaxwellHansen, Dlrohrer2003, Shoopdawhooplol, Loren.wilton, Martarius, Shyguy100, ClueBot, Dakinijones, Kl4m, Duerring, Criticalmass24, Matdrodes, Frvade2007, Stahlsta210, Taroaldo, 5y573m-3rr0r,
Zarkthehackeralliance, Nitrofurano, SuperHamster, Boing! said Zebedee, CounterVandalismBot, Blanchardb, BLiesting, Skate4life22,
Neverquick, SamFinkAnchorageAk, Joeomfgwtfbbq, Lambdaphage, Excirial, Bedwanimas214, CrazyChemGuy, Jasonbtulsabiz, Sivenn,
Yggdriedi, Rhododendrites, Milenkovic214, Andrew81446, Cr7i, Dekisugi, Synthus, JasonAQuest, Thehelpfulone, Lilboudreaux, Bald
Zebra, Rohit bond2005, Aitias, Certes, Versus22, Lamendoluz, Goodvac, Xcez-be, DumZiBoT, Jpirie23, Fathisules, Teh00d3di, NeVic1,
Joshowen041091, XLinkBot, Pichpich, Jjmshortys4life, Ost316, Mitch Ames, Skarebo, BlackDeath3, ErkinBatu, Mm40, Addbot, Creepymortal, DOI bot, Sam8888, Neonecho, Ronhjones, Scientus, TSWcontentlady, MrOllie, Ryoga Godai, Buster7, Dan Brown456, Glane23,
Metalpunk182, HACKTOLEARN, Favonian, LemmeyBOT, West.andrew.g, Tassedethe, Tide rolls, OlEnglish, ", Zorrobot, Jarble,
Fdaneels, Hyhfct, Yobot, Taxisfolder, Max, Evilmindwizard, Suvhero, AnomieBOT, ESHARI, Rubinbot, Jim1138, Kingpin13, Materialscientist, Citation bot, GB fan, Quebec99, Sixtysixwatts, Frankie0607, Prunesqualer, RibotBOT, Pradameinho, Sophus Bie, Architectchamp, Howsa12, Shadowjams, A. di M., Green Cardamom, Captain-n00dle, FrescoBot, Skychildandsonofthesun, Longgg johnnn?,
Weetoddid, Louperibot, Citation bot 1, Nabiy, Catphish, Pinethicket, I dream of horses, Xanadu1122, Hack news, Lotje, Nightkid411, CobraBot, Aoidh, Davish Krail, Gold Five, Diannaa, DrakkenCrew, DARTH SIDIOUS 2, RjwilmsiBot, B4lz, Agent Smith (The Matrix), Mr.
Greyhat, O iF R A GzBRO, Superways, Angrytoast, Grrow, GoingBatty, Matrix1010, RenamedUser01302013, Slightsmile, Elvenmuse,
Wikipelli, Cfust, StringTheory11, Thargor Orlando, Erniedabou, Access Denied, Demonkoryu, Wayne Slam, Coasterlover1994, Soddy182,
Pun, Nom nom monster, Orange Suede Sofa, Pastore Italy, Matthewrbowker, Man du Fromage, Tarn taran, Zabanio, FiloMJ, Gamepro127, Domjenkin, Voomoo, ClueBot NG, Ezzk, Pcpikachu123, OxyTrip, Viybel~enwiki, Reify-tech, Thekickass, MrJosiahT, Youkana,
Soulinthemachine, MerlIwBot, Helpful Pixie Bot, Whitehatpeople, The Mark of the Beast, Solomon7968, Xcyss, Bfugett, Toccata quarta,
John Sawyer, Avantiext, BattyBot, Stefano Vincenzi, Lugia2453, Joseph M Warren, Zaldax, Dixiedean66, Nshunter, ManjushaV, Crow,
Hacker124816, Monkbot, OKNoah, S166865h, HammadShamsi, Hacker alert 101, Vanyaxd, Kashif0334, Grazz54 and Anonymous: 1482
Hacker group Source: http://en.wikipedia.org/wiki/Hacker%20group?oldid=648070333 Contributors: Pnm, Bobo192, Tony Sidaway,
LFaraone, H2g2bob, Firsfron, DoctorWho42, Myleslong, RussBot, Moe Epsilon, SmackBot, Rtc, Mithaca, Blue Mirage, Gogo Dodo,
Qwyrxian, OrenBochman, Acroterion, JamesBWatson, Nyttend, MartinBot, ArcAngel, AntiSpamBot, January2007, Chahax, Twooars, Sue
Rangell, Accounting4Taste, FalconMan101, Matt Brennen, DOCOCTROC, Rhododendrites, Vanished user uih38riiw4hjlsd, Bearsona,
Addbot, Lightbot, Materialscientist, 78.26, I dream of horses, Anibar E, Redx93, RedBot, KayinDawg, Deadman1420, Lotje, Hobbes
Goodyear, Dewritech, Pro translator, ZroBot, Wagner, SecData, ClueBot NG, Smashx90, WikiPuppies, Helpful Pixie Bot, Whyking thc,
Mudkip11223, Mythpage88, Antivirotic, Jionpedia, MrOverkill, VariousLulz, Time for a nice cuppa brew, FBIArcadia, Skraito-0x71,
Pyrotle, Malici0usploit and Anonymous: 51
Hacker Manifesto Source: http://en.wikipedia.org/wiki/Hacker%20Manifesto?oldid=650676391 Contributors: SimonP, Lightning~enwiki, Pnm, Tgeorgescu, CesarB, Conti, Ylbissop, Random832, Jake Nelson, Bamos, Altenmann, Everyking, Quinwound, TonyW,
Arnauldvm, Eisnel, Article6, Mike Rosoft, Bneely, MBisanz, Blotwell, Mattl, JaveCantrell, *Kat*, H2g2bob, JanKG, Kelly Martin, Stefanomione, Marudubshinki, Who, Mallocks, The Rambling Man, YurikBot, RussBot, Hydrargyrum, Mipadi, Nikkimaria, Dposse, User24,
SmackBot, Rtc, Winterheart, Ikiroid, Bldsnprx, Can't sleep, clown will eat me, Frap, Cybercobra, Petr Kopa, Gloriamarie, Kuru, SubSeven, TheFarix, Gr33k-10v3r, Switchercat, DanielRigal, Mato, WISo, DumbBOT, Cmalkarali, JAnDbot, VoABot II, Gwern, CrackSoft,
Gaqzi, Jaimeastorga2000, Philip Trueman, TXiKiBoT, David Condrey, SieBot, Sephiroth storm, Roc314, Dabomb87, Trover, Trivialist,
Unikron2001, DragonBot, Rhododendrites, Killkola, Addbot, AkhtaBot, Rubinbot, Materialscientist, ArthurBot, 4twenty42o, FrescoBot,
Full-date unlinking bot, Lotje, Guerillero, Mrcarter011, DASHBot, WikitanvirBot, Dewritech, Openstrings, Ksommerville, Mjbmrbot,
ClueBot NG, Helpful Pixie Bot, Whitehatpeople, Canestenmobile, BattyBot, Mrt3366, Hmainsbot1, 127lh, NorthBySouthBaranof, SoldierxDOTcom, Robertjeerson, Fixuture and Anonymous: 75
Hacking tool Source: http://en.wikipedia.org/wiki/Hacking%20tool?oldid=660192501 Contributors: Pnm, Andreas Kaufmann,
Charonn0, Gary, Wtmitchell, H2g2bob, Woohookitty, Mindmatrix, Intgr, Hydrargyrum, Rsrikanth05, Open2universe, SmackBot, Rtc,
Betacommand, Captain Zyrain, LeoNomis, Mr Stephen, Clarityend, MER-C, Koraiem, Derfboy, ClueBot, Stayman Apple, Erebus Morgaine, Rhododendrites, UnCatBot, XLinkBot, IncandescentLight, Jabberwoch, Addbot, Cst17, MrOllie, AnomieBOT, Jim1138, KRLS,
182
Guillermo~enwiki, Stanislao Avogadro, Xqbot, Blenheimears, Rohitdua, FrescoBot, Jerd10, Mrk123, ClueBot NG, Seoexpert91, Xmen2011, Scienceomar, Juggared14, Akwin123 and Anonymous: 24
Keystroke logging Source: http://en.wikipedia.org/wiki/Keystroke%20logging?oldid=661442467 Contributors: Derek Ross, LC~enwiki,
The Anome, SimonP, R Lowry, Edward, Lir, Pnm, Ixfd64, Ellywa, Ronz, Angela, Kingturtle, Aimaz, Rossami, Evercat, Samw, GCarty,
Guaka, Aarontay, Ww, Dysprosia, WhisperToMe, Markhurd, Tschild, Furrykef, Nv8200pa, Omegatron, Jamesday, Catskul, Blugill, Lowellian, Hadal, Wereon, David Gerard, DavidCary, Laudaka, Jason Quinn, AlistairMcMillan, Solipsist, Antandrus, Beland, OverlordQ,
Lynda Finn, Mike Rosoft, Discospinster, Rich Farmbrough, ArnoldReinhold, Xezbeth, ZeroOne, JoeSmack, Sietse Snel, RoyBoy, Femto,
Adambro, Yono, Bobo192, Nigelj, Stesmo, Wisdom89, Dteare, Starchild, Alansohn, Danhash, Bobrayner, Woohookitty, Unixer, Armando,
Pol098, WadeSimMiser, Firien, Dbutler1986, Graham87, JIP, Rjwilmsi, DickClarkMises, FlaBot, Weihao.chiu~enwiki, Latka, JiFish,
Intgr, Runescape Dude, Salvatore Ingala, Peterl, Whosasking, Tiimage, YurikBot, Wavelength, Borgx, FlareNUKE, Lincolnite, Conscious,
Hede2000, SpuriousQ, Rsrikanth05, Wimt, Mipadi, Bob Stromberg, Vivaldi, Tony1, Occono, Palpalpalpal, DeadEyeArrow, Closedmouth,
GraemeL, Egumtow, Stefan yavorsky, Baxil, Veinor, A bit iy, SmackBot, Royalguard11, Hydrogen Iodide, Gnangarra, J.J.Sagnella,
Ohnoitsjamie, Skizzik, Chris the speller, Optikos, @modi, MK8, DHN-bot~enwiki, Colonies Chris, Firetrap9254, KojieroSaske, SheeEttin, Frap, Skidude9950, Ww2censor, Flask215, Khoikhoi, Engwar, Nakon, Gamgee, Kalathalan, Clicketyclack, Torritorri, Ckatz, Tuanmd, Redboot, Ehheh, Njb, Mets501, H, Mike Doughney, Pauric, Sander Sde, On1ine, Jeremy Banks, JForget, Dycedarg, Jesse Viviano,
Corpx, Alexdw, Odie5533, Tawkerbot4, Bposert, SJ2571, Njan, Alexey M., Epbr123, FTAAP, Snydley, RamiroB, Sheng.Long 200X,
Druiloor, AntiVandalBot, Luna Santin, Seaphoto, Fayenatic london, Zorgkang, Spydex, Qwerty Binary, Dreaded Walrus, JAnDbot, Thylacinus cynocephalus, Tony Myers, Barek, Bakasuprman, A1ecks, Hut 8.5, Isthisthingon, Techie guru, .anacondabot, Magioladitis, Jaysweet,
Ukuser, JNW, Cheezyd, Conteordeo, Fedia, Wikivda, Wikire, MartinBot, STBot, CliC, Jonathan.lampe@standardnetworks.com, Anaxial, Nono64, $pider, Tresmius, Slash, J.delanoy, Pharaoh of the Wizards, Cyrus abdi, Thomas Larsen, Samtheboy, Noogenesis, VolkovBot,
TreasuryTag, MemeGeneScene, Je G., Philip Trueman, TXiKiBoT, Mrdave2u, Zifert, A4bot, Glarosa, Isis4563, Madhero88, Dirkbb,
Turgan, Jjjccc~enwiki, ChewyCaligari, Rock2e, Resurgent insurgent, Cool110110, SieBot, Triwbe, Sephiroth storm, Nmviw, Arda Xi,
OsamaBinLogin, Banditauron, Tombomp, Clearshield, Dillard421, ArchiSchmedes, ClueBot, Wilbur1337, The Thing That Should Not
Be, AsymptoteG, Garyzx, Dotmax, Blanchardb, Asalei, Socrates2008, Rhododendrites, Technobadger, Manasjyoti, Arjayay, Drwhofor, Shin-chan01, El bot de la dieta, DanielPharos, Berean Hunter, Johnuniq, SF007, Noname6562, Darkicebot, Against the current,
XLinkBot, Spitre, Stickee, Rror, Dom44, Lamantine, WikHead, Dsimic, Tustin2121, Addbot, Mortense, Movingboxes, Rhinostopper,
MrOllie, Etracksys, Matt5075, Networkintercept, Favonian, ChenzwBot, Sureshot327, Tide rolls, MuZemike, Luckas-bot, Yobot, 2D, Bigtophat, Navy blue84, AnomieBOT, Andrewrp, Kingpin13, Ulric1313, Materialscientist, Are you ready for IPv6?, uman, HkBattousai,
GB fan, LilHelpa, Xqbot, Dragonshardz, Jerey Mall, Reallymoldycheese, Automaite, Ezen, S0aasdf2sf, Aceclub, Ruy Pugliesi, GrouchoBot, IslandLumberJack, Mark Schierbecker, Krypton3, Aenus, Mountielee, Prari, FrescoBot, WPANI, Clubmaster3, DigitalMonster,
PeramWiki, Nathancac, Waller540, HamburgerRadio, Italick, Redrose64, Rajtuhin, MKFI, AgentG, Reconsider the static, Ao5357, Lotje,
Vrenator, F11f12f13, Sloppyjosh, Forenti, DASHBot, J36miles, EmausBot, Manishfusion1, GoingBatty, Wikipelli, LinuxAngel, FlippyFlink, John Cline, Ida Shaw, Traxs7, S3cr3tos, , Ego White Tray, AlexNEAM, ClueBot NG, Matthiaspaul, O.Koslowski, Mactech1984,
Lolpopz1234, Marsmore, Nbudden, BG19bot, IraChestereld, Samiam111~enwiki, Guesst4094, Carliitaeliza, MeanMotherJr, BattyBot,
Abgelcartel, Jfd34, Lloydliske, EagerToddler39, Codename Lisa, Webclient101, Klabor74, Zhiweisun, Jaericsmith, Sourov0000, Corn
cheese, Way2veers, Yuvalg9, MountRainier, JadeGuardian, Kennethaw88, Lvanwaes, Mover07, Jianhui67, Dannyruthe, NewWorldOdor,
Janeandrew01, Michael Dave, Jamesmakeon, Bobsd12, Wasill37, Scyrusk, Devwebtel, JoanaRivers, ScottDNelson, Jhfhey, Awmarks and
Anonymous: 548
List of computer criminals Source: http://en.wikipedia.org/wiki/List%20of%20computer%20criminals?oldid=654956581 Contributors:
GCarty, PaulinSaudi, Michael Snow, Rdsmith4, Pablo X, Causa sui, Adrian~enwiki, Katana, H2g2bob, Bbatsell, Mendaliv, Rjwilmsi,
Koavf, The wub, Randomusername331, Mordicai, Bgwhite, The Rambling Man, Sceptre, Morgan Leigh, Chrishmt0423, Shawnc, GrEp,
Rwwww, SmackBot, Rtc, Bluebot, Pdspatrick, Kittybrewster, Grimhim, Heimstern, SubSeven, Ptimmins, CmdrObot, Riskyfrisky, Ruslik0,
Fordmadoxfraud, AndrewHowse, Cydebot, Reywas92, Gogo Dodo, Christian75, PamD, Daniel, Esemono, AntiVandalBot, Luna Santin,
Seaphoto, Danger, Qwerty Binary, Lovok, MikeDee~enwiki, Firealwaysworks, Eqdoktor, Iloveliz187, I-baLL, Ayecee, Maurice Carbonaro,
Yauch, STBotD, The Duke of Waltham, Je G., GimmeBot, Quatar, Gibson Flying V, A Raider Like Indiana, Arbor to SJ, Lightmouse,
Kumioko (renamed), Dabomb87, Haydenp123, Truco, Ottre, PCHS-NJROTC, Apparition11, ErgoSum88, Addbot, Vejvanick, Nohomers48, Bte99, MrOllie, Sashi Degodeshi, Hackistory, AnomieBOT, Bluerasberry, Materialscientist, Citation bot, LilHelpa, Udayantha,
Ksshannon, FrescoBot, Jellyjordan, Tlork Thunderhead, Winsock, Keshawn j jackson, Yunshui, Lotje, JanDeWit1, Airbag190, Jfmantis,
RjwilmsiBot, Qrsdogg, Thecheesykid, ZroBot, Michael Essmeyer, H3llBot, Mrobaer, Wayne Slam, Music Sorter, Yulli67, Chimpfunkz,
Signalizing, ClueBot NG, MoondyneAWB, Achlysis, Helpful Pixie Bot, BG19bot, Goldenshimmer, Cressi97, , 220 of
Borg, Rcsenavirathna, Dariusg1, Codename Lisa, Michael Anon, Lugia2453, Jc86035, Aporvearyan, Rootdz, Rikesh.ballah1122, FrigidNinja, Razveer, McLean.Alex, SoldierxDOTcom, Tractor Tyres, Phreaker007, Monkbot, Colby Gleason, Kashimonok and Anonymous:
136
Phreaking Source: http://en.wikipedia.org/wiki/Phreaking?oldid=661558619 Contributors: Bryan Derksen, Tarquin, Fubar Obfusco,
Maury Markowitz, Sara Parks Ricker, Olivier, Citizenzero, Frecklefoot, RTC, Michael Hardy, Kwertii, Pnm, Dori, CesarB, Ahoerstemeier, Notheruser, Michael Shields, Alex756, Wfeidt, Dwo, Fry-kun, Mbstone, RickK, Ike9898, Paul Stansifer, Dysprosia, Geary, Rvolz,
Furrykef, Saltine, Betterworld, Fvw, Bloodshedder, Shantavira, Denelson83, EdwinHJ, Dale Arnett, Fredrik, Greudin, Chancemill, TimothyPilgrim, Steeev, Auric, Jondel, Danceswithzerglings, Cyrius, Pengo, Falkonkirtaran, Skriptor~enwiki, Everyking, OrbitalBundle, Curps,
Tieno, Beta m, Rchandra, Falcon Kirtaran, Matt Crypto, Pne, Peter Ellis, Wmahan, Lucioluciolucio, Ddhix 2002, Sayeth, Hellisp, Resister,
Chmod007, Chane~enwiki, R, VCA, KneeLess, Bneely, Vsmith, Smyth, Chowells, R.123, SocratesJedi, Paul August, Suriyawong, Mr.
Billion, Kiand, Adrian~enwiki, Nicke Lilltroll~enwiki, Makomk, Juzeris, Larry V, Anthony Appleyard, Fwb44, Water Bottle, Stephen
Turner, Seancdaug, Here, Cburnett, Anthony Ivano, H2g2bob, Galaxiaad, Angr, Woohookitty, Myleslong, Krille, The Wordsmith,
BriskWiki, Hbdragon88, TotoBaggins, Karam.Anthony.K, Graham87, Stromcarlson, Ronnotel, Bilbo1507, JIP, Grammarbot, Josh Parris,
Koavf, Chrisp510, PinchasC, Seraphimblade, Krash, The wub, FlaBot, Latka, Nihiltres, Gary D Robson, Bmicomp, Planetneutral, Jpkotta,
ColdFeet, YurikBot, Wavelength, Ailag~enwiki, Hairy Dude, Kerowren, Gaius Cornelius, Lusanaherandraton, A314268, Wiki alf, Janarius,
THB, Black Ratchet, Zypres, Moe Epsilon, Voidxor, Elkman, Sir Isaac, Tawal, Deltalima, Delirium of disorder, Dkgoodman, Arthur Rubin,
Sturmovik, TomHawkey, Jonathan.s.kt, MansonP, Goob, Almostc, User24, SmackBot, Elonka, Rtc, KnowledgeOfSelf, Pgk, Rrius, Dazzla,
TrancedOut, Skizzik, Saros136, Amatulic, EncMstr, SchftyThree, Kostmo, Hgrosser, Can't sleep, clown will eat me, Shalom Yechiel, Ianmacm, Kevlar67, Pretorious, Guroadrunner, Savetz, MKC, Rafert, RomanSpa, Othtim, Peyre, DabMachine, JmanA9, JoeBot, Highspeed,
Twas Now, Dycedarg, Nczempin, Kylu, NickW557, Natas802, Lucky225, Neelix, No1lakersfan, Minilik, Mr.weedle, DumbBOT, Alaibot, Wintermute314, JohnInDC, Squidward tortelini, Qwyrxian, Jedibob5, Link Spam Remover, Vaniac, Escarbot, Radimvice, Oducado,
Gigi head, JAnDbot, Albany NY, Tqbf, Bongwarrior, JNW, Xb2u7Zjzc32, Leftblank, JanGB, Jim Douglas, Steven Walling, P.B. Pilhet,
183
Shuini, I-baLL, MartinBot, CliC, Jeannealcid, Jim.henderson, Rhlitonjua, Bemsor, R'n'B, KTo288, Lilac Soul, Doranchak, Piercetheorganist, Galifrag, Terabandit, Davidm617617, Peterhgregory, Black Walnut, Seanbo, VolkovBot, SupaPhreak, TXiKiBoT, Anonymous
Dissident, H3xx, David Condrey, Softtest123, Pious7, Enigmaman, Haseo9999, Lamro, Edkollin, Anonymousphreaker, Celain, Phreaka
Dude, NHRHS2010, Trackinfo, Jimb20, Vortalux, RMB1987, Lightmouse, Seedbot, Svick, Retractor, Tegrenath, Twinsday, ClueBot,
Pressforaction, Leatherstocking, Xitit, Dgabbard, Jotag14, Draxor99, Ottava Rima, SamuelTheGhost, Tlatseg, Alexbot, Mrchris, Eeekster, Goon Noot, EutychusFr, Johnuniq, Vanished User 1004, AlanM1, Badmachine, Ost316, Asrghasrhiojadrhr, Addbot, Leszek Jaczuk,
MrOllie, Mphilip1, Devinriley, Luckas-bot, Yobot, Will Decay, Synchronism, AnomieBOT, Sidlter, Theoprakt, Xqbot, The sock that
should not be, Gidoca, Multixfer, Rohitdua, Miyagawa, Tabledhote, Ace of Spades, Rkr1991, Menilek, Kgrad, Lotje, Vrenator, Tbhotch,
Sideways713, RjwilmsiBot, NameIsRon, WikitanvirBot, Mo ainm, EyeExplore, Amilianithiantha, H3llBot, Staszek Lem, Leitz31337,
Cb3684, Scientic29, Ego White Tray, ClueBot NG, Frankienoone, Widr, Calabe1992, JohnChrysostom, MusikAnimal, Jimw338, JurgenNL, SoledadKabocha, Cerabot~enwiki, Corn cheese, Electracion, IanDGunn, Phreaker007, Monkbot, Abhishekkr101, Licknooft,
KH-1, DanielKnights, Buntee2, Matt Da Freak and Anonymous: 365
Rootkit Source: http://en.wikipedia.org/wiki/Rootkit?oldid=662241846 Contributors: Zundark, Fubar Obfusco, William Avery, SimonP,
Stevertigo, Frecklefoot, JohnOwens, Nixdorf, Pnm, Liftarn, Zanimum, Penmachine, Tregoweth, Ahoerstemeier, Haakon, Nikai, Schneelocke, Emperorbma, Timwi, Aarontay, Ww, Olego, Fuzheado, Markhurd, Echoray, Furrykef, Taxman, Bevo, Rossumcapek, Phil Boswell,
Robbot, Scott McNay, Henrygb, Auric, Zidane2k1, Paul G, Tobias Bergemann, Unfree, David Gerard, Alison, JimD, Ezhiki, Kravietz,
AlistairMcMillan, Saucepan, Taka, Deewiant, Creidieki, Pascalv, Adashiel, Squash, Brianhe, ElTyrant, Rich Farmbrough, Agnistus, Jayc,
Bender235, CanisRufus, Twilight (renamed), Kwamikagami, PhilHibbs, Spoon!, Femto, Perfecto, Stesmo, Smalljim, Chasmo, Mpvdm,
Adrian~enwiki, Giraedata, Yonkie, Bawol, Helix84, Espoo, Jhfrontz, Polarscribe, CyberSkull, JohnAlbertRigali, Hookysun, Phocks,
BanyanTree, Earpol, RJFJR, RainbowOfLight, Kazvorpal, RyanGerbil10, Japanese Searobin, Dtobias, Dexio, Alvis, CCooke, OwenX,
Woohookitty, David Haslam, Steven Luo, Shevek, Pol098, Apokrif, Btmiller, Easyas12c, Midnightblaze, SDC, Umofomia, Xiong Chiamiov, SqueakBox, Graham87, Rjwilmsi, TitaniumDreads, Syndicate, Arisa, Randolph, RainR, Flarn2006, FlaBot, RobertG, Stoph, JiFish, Harmil, Mark Luszniak, Arunkoshy, Mordien, Intgr, Mimithebrain, Dbpigeon, Martin Hinks, Poorsod, FrankTobia, Elfguy, Uriah923,
YurikBot, Wavelength, Hairy Dude, Diesonne, AVM, Chrisjustinparr, IByte, Hydrargyrum, NawlinWiki, Wiki alf, Mipadi, Ian Cheese,
Ejdzej, Stephen e nelson, Cleared as led, Nick, Raven4x4x, JackHe, Mysid, FoolsWar, Bota47, Nescio, Ninly, Maxwells Demon, Mateo
LeFou, Theda, Closedmouth, Arthur Rubin, Reyk, Roothorick, AnimeJanai, Solarusdude, Jacqui M, That Guy, From That Show!, SmackBot, Mmernex, Estoy Aqu, Reedy, Mate.tamasko, Unyoyega, KelleyCook, Iph, SimonZerafa, Ohnoitsjamie, Chris the speller, Bluebot,
Gspbeetle, Thumperward, Ben.the.mole, Octahedron80, DARQ MX, DHN-bot~enwiki, Jmax-, 1(), Frap, Onorem, Tim Pierce, Sommers, Ukrained, Whpq, MichaelBillington, DMacks, J.Christopher.Wells, AndyBQ, A5b, Mitchumch, N-dy, Clicketyclack, FrostyBytes,
Tasc, Tthtlc, Peyre, Simon Solts, Xionbox, LAlawMedMBA, IvanLanin, CapitalR, Prpower, Phoenixrod, Courcelles, Tawkerbot2, Davidbspalding, FatalError, Zarex, Cyrus XIII, Megaboz, Jokes Free4Me, Jesse Viviano, Chrismo111, Racooper, Myasuda, Equendil, A876,
GrahamGRA, Tryl, rate, Fetternity, Mewsterus, Etaon, Ambulnick, Marek69, Tocharianne, AntiVandalBot, Widefox, Obiwankenobi,
Czj, Sjledet, Lfstevens, Bscottbrown, AndreasWittenstein, TuvicBot, Hiddenstealth, NapoliRoma, MER-C, Minitrue, QuantumEngineer,
Karsini, BCube, Repku, Raanoo, Drugonot, Chevinki, Nyttend, Cl36666, Denorios, Stromdal, Alekjds, Hamiltonstone, Cpl Syx, XandroZ,
Stephenchou0722, R27smith200245, MartinBot, Eshafto, CobraBK, Fethers, R'n'B, Nono64, Ash, Felipe1982, CraZ, Pharaoh of the Wizards, UBeR, Uncle Dick, Maurice Carbonaro, Public Menace, Leeked, Andy5421, It Is Me Here, Peppergrower, Crakkpot, DavisNT,
Wng z3r0, Marekz, Cometstyles, Gemini1980, ArneWynand, VolkovBot, Ashcan Rantings, Senachie, Soliloquial, TXiKiBoT, Sphinx2k,
CanOfWorms, Miketsa, UnitedStatesian, Haseo9999, Willbrydo, Suzaku Medli, Ceranthor, Ggpur, MrChupon, SieBot, Technobreath,
Sephiroth storm, Edans.sandes, Windowsvistafan, Aly89, General Synopsis, Fyyre, Clearshield, Capitalismojo, Bogwhistle, BfMGH,
Guest141, Martarius, ClueBot, The Thing That Should Not Be, TheRasIsBack, Mild Bill Hiccup, Fossguy, Tai Ferret, Socrates2008,
Crywalt, PixelBot, JunkyBox, Rhododendrites, Holden yo, NuclearWarfare, Mrkt23, Pinkevin, Htddler, DanielPharos, Floul1, Johnuniq,
SF007, Uuddii, Pelican eats pigeon, XLinkBot, Thatguyint, Addbot, Willking1979, Kongr43gpen, Sergey AMTL, Elsendero, TutterMouse, Cst17, MrOllie, OlEnglish, Fiftyquid, Luckas-bot, Yobot, Fraggle81, GateKeeper, Golftheman, Alipie42, AnomieBOT, NoKindOfName, Bluerasberry, Materialscientist, Nutsterrt, Citation bot, ArthurBot, LilHelpa, Avastik, S0aasdf2sf, Notwej, GrouchoBot, Kernel.package, Thearcher4, Traord09, Sophus Bie, XLCior, Shadowjams, FrescoBot, WPANI, Ozhu, Wmcleod, HamburgerRadio, Citation
bot 1, JoeSmoker, Winterst, Pinethicket, Jonesey95, Shultquist, Gim3x, OMGWEEGEE2, Rbt0, Trappist the monk, Techienow, Vanished
user aoiowaiuyr894isdik43, TjBot, Alph Bot, EmausBot, John of Reading, WikitanvirBot, Timtempleton, Heracles31, Dewritech, Janiko,
P3+J3û!, ZroBot, Herman Shurger, Basheersubei, Mike735150, IceCreamForEveryone, Bender17, Chicklette1, Diame, Macwhiz,
Nhero2006, DASHBotAV, Pianosa, ClueBot NG, Biterankle, Morgankevinj huggle, Matthiaspaul, MelbourneStar, Zakblade2000, Barry
McGuiness, Helpful Pixie Bot, Strovonsky, Rijinatwiki, Abagi2, Johndavidthomas, BattyBot, Tkbx, StarryGrandma, ChrisGualtieri, Draculamilktoast, Cadava14, Dexbot, Codename Lisa, Noul Edge, SoledadKabocha, Cryptodd, CaSJer, MopSeeker, Ginsuloft, Oranjelo100,
Monkbot, Vieque, BethNaught, Ahollypak, Shinydiscoball, Jithendran Subburaj, TQuentin, Azlan 6473 and Anonymous: 574
Script kiddie Source: http://en.wikipedia.org/wiki/Script%20kiddie?oldid=657126680 Contributors: AxelBoldt, WojPob, The Anome, -April, Jagged, Zadcat, Ryguasu, Frecklefoot, Ubiquity, Patrick, Voidvector, Pnm, Zanimum, TakuyaMurata, (, CesarB, Looxix~enwiki,
Ellywa, Angela, Marteau, Evercat, Schneelocke, Saint-Paddy, Przepla, WhisperToMe, Issa, Furrykef, Fvw, David.Monniaux, MrWeeble,
Robbot, Altenmann, LGagnon, Hif, Pengo, Ich, Rchandra, The zoro, Matt Crypto, Neilc, Andycjp, Shibboleth, Tothebarricades.tk, Scott
Burley, Asbestos, Henriquevicente, Joyous!, Bluefoxicy, RedWordSmith, Rich Farmbrough, Rhobite, Fluzwup, Evice, Bobo192, Smalljim, Nectarowed, Blotwell, Tadman, Red Scharlach, Rernst, Alansohn, Gary, Transnite, 119, Arthena, Andrewpmk, Ciaran H, Seans
Potato Business, Ethethlay, Scott5114, Robin201, Evil Monkey, Freyr, Feezo, JanusPaul, MickWest, Woohookitty, Mindmatrix, Grillo,
Duncan.france, Pchov, Fred J, Terence, Kralizec!, Harkenbane, ArCgon, TNLNYC, Joe Roe, Mandarax, Ashmoo, Graham87, Magister Mathematicae, Jclemens, Rjwilmsi, T0ny, JDanM, JenniferR, IpwnNES, Yamamoto Ichiro, Exeunt, FlaBot, Ian Pitchford, Faluinix,
Crazycomputers, Kerowyn, JYOuyang, Gurch, Intgr, Salvatore Ingala, Masnevets, Rogertudor, Mysekurity, YurikBot, Rdoger6424, NTBot~enwiki, Curuinor, Hydrargyrum, Shaddack, Rsrikanth05, NawlinWiki, Borbrav, Aeusoes1, Ejdzej, Abb3w, Moe Epsilon, Tony1,
Syrthiss, Xompanthy, Hydroksyde, DryaUnda, Vlad, Private Butcher, Werdna, Wknight94, Trojjer, Raijinili, Saranghae honey, Closedmouth, Garion96, Staxringold, SmackBot, Haza-w, Rtc, Hammerite, ScaldingHotSoup, Eskimbot, Zanetu, BiT, Bluebot, Codeninja42, JDCMAN, Miquonranger03, MalafayaBot, Dethme0w, CaptainCarrot, Stormchaser, Frap, PoiZaN, Ultra-Loser, Chlewbot, Etu, Rrburke,
Cybercobra, Nakon, Drc79, Foolish Child, Minna Sora no Shita, Hvn0413, Mets501, Dr.K., Clarityend, Ouzo~enwiki, Courcelles, Filter1987, Tawkerbot2, Haneul, Bakanov, Neelix, Sideshow Todd, Myasuda, Jack mcdonagh, Clayoquot, Gogo Dodo, Chasingsol, Evogol,
DumbBOT, Kozuch, Soccer skills, Thijs!bot, Epbr123, LactoseTI, Mchtegern, CTZMSC3, AntiVandalBot, Luna Santin, Seaphoto, CobraWiki, Rossj81, Mgeel, Oddity-, Markthemac, Barek, CosineKitty, Wootery, Hawk90, Andreas Toth, JamesBWatson, Froid, Justaguy1,
HastyDeparture, AndyI, A2-computist, Ryan1918, MartinBot, Kateshortforbob, Exarion, J.delanoy, Trusilver, WarthogDemon, Thomas
Larsen, NewEnglandYankee, Wilson.canadian, Juliancolton, Crabworld, Tkgd2007, Yasuna, TheFrankinator, Lights, Vranak, Sparklism,
VolkovBot, DSRH, Lexein, Supersonicjim, Philip Trueman, Anonymous Dissident, Imasleepviking, Seraphim, Haseo9999, Necris, Logan,
184
W00taliter, Dawn Bard, Texmexsam111, MarkinBoston, Mr. Stradivarius, Atif.t2, ClueBot, Mattgirling, VQuakr, Excirial, Rhododendrites, Andrew81446, Alexey Muranov, Thingg, XLinkBot, FactChecker1199, ErkinBatu, Alexius08, Brilliantine, Addbot, Xp54321,
Proxima Centauri, Freqsh0, Sdribybab222, Jaydec, 5 albert square, Jarble, Lolgailzlz, Yobot, Jackie, M9.justin, Ajh16, THEN WHO WAS
PHONE?, Skhu25993, Byeitical, Jim1138, Materialscientist, Citation bot, ShornAssociates, LaRoza, ArthurBot, Xqbot, The sock that
should not be, Tyrol5, Peanuter, Ssarti, Amaury, Caseeaero, Cho fan, Afromayun, JoeJev, Evalowyn, I dream of horses, Hoo man, RedBot, SpaceFlight89, Lemonsourkid, Lotje, Neptunerover, Reaper Eternal, Merlinsorca, Diannaa, Tbhotch, DASHBot, EmausBot, WikitanvirBot, Gfoley4, Tommy2010, AsceticRose, Chealsearock, John Cline, Demonkoryu, Ocaasi, Randiv, Donner60, AndyTheGrump,
Jlatto, Iarkey1337, Angwatch, ClueBot NG, Pcight, K8ylynnn, Helpful Pixie Bot, Lowercase sigmabot, The Almightey Drill, Astros4477,
No1dead, HappiestDrunk, EagerToddler39, Philip J Fry, Lugia2453, 93, Fusingwharf, Movinggun, Pwnyy, DavidLeighEllis, Someone not
using his real name, SS7 Somebody, Bs9987, ThatRusskiiGuy, WikiWinters, Peterpacz1, Melcous, Doyouqa, Swagstar124, ChiTownDev,
Kostubbs, Jizzle nizzle, Yaser09363239065 and Anonymous: 408
Spyware Source: http://en.wikipedia.org/wiki/Spyware?oldid=659159185 Contributors: The Epopt, WojPob, LC~enwiki, Eloquence,
Vicki Rosenzweig, Mav, Zundark, Berek, Toby Bartels, Fubar Obfusco, SimonP, Ellmist, R Lowry, Modemac, KF, Frecklefoot, Edward, Willsmith, Fred Bauder, Pnm, Tannin, Wwwwolf, Tgeorgescu, Karada, Ahoerstemeier, DavidWBrooks, Haakon, Mac, Arwel
Parry, Notheruser, Darkwind, Mcy85, Julesd, Cgs, Glenn, Bogdangiusca, Slusk, Phenry, Evercat, Raven in Orbit, Mydogategodshat,
Guaka, Aarontay, Mbstone, RickK, Dysprosia, WhisperToMe, Wik, Pedant17, Jake Nelson, Grendelkhan, Saltine, ZeWrestler, Sabbut,
Wernher, Bevo, Joy, Khym Chanur, Fvw, Raul654, Pakaran, Jamesday, Denelson83, PuzzletChung, Aenar, Robbot, Paranoid, Senthil,
ChrisO~enwiki, Korath, Tomchiukc, Vespristiano, Moondyne, ZimZalaBim, Psychonaut, Yelyos, Modulatum, Lowellian, Mirv, JustinHall, Stewartadcock, Academic Challenger, Texture, Meelar, LGagnon, DHN, Hadal, Dehumanizer, Wereon, Michael Snow, Boarder8925,
ElBenevolente, Anthony, Mmeiser, Lzur, Tobias Bergemann, Alerante, Alexwcovington, DocWatson42, Fennec, Inter, Lupin, Ferkelparade, Everyking, Kadzuwo~enwiki, Rookkey, Frencheigh, FrYGuY, Gracefool, Daniel Brockman, Zoney, Pascal666, AlistairMcMillan,
Spe88, SWAdair, Golbez, Justzisguy, Gadum, Shibboleth, Toytoy, CryptoDerk, GeneralPatton, Quadell, Antandrus, OverlordQ, The
Trolls of Navarone, Piotrus, Quarl, Khaosworks, MFNickster, Kesac, Jesster79, Maximaximax, SeanProctor, Bumm13, Kevin B12,
Sam Hocevar, Sridev, TonyW, Rantaro, Neutrality, Joyous!, Jcw69, Adashiel, JamesTeterenko, Grunt, Guppynsoup, Mike Rosoft,
Maryevelyn, Tom X. Tobin, Monkeyman, Poccil, Imroy, Maestro25, Naryathegreat, Discospinster, Twinxor, Rich Farmbrough, Rhobite, Andros 1337, MCBastos, Clawed, YUL89YYZ, Mani1, Tinus, Pavel Vozenilek, Martpol, Paul August, SpookyMulder, ESkog,
JoeSmack, Violetriga, Brendandonhue, CanisRufus, *drew, Fireball~enwiki, Mwanner, Perspective, Aude, Spoon!, Femto, Incognito,
ZooCrewMan, Sole Soul, Bobo192, Longhair, Meggar, Flxmghvgvk, Mikemsd, Chessphoon, Cwolfsheep, Alpheus, Jag123, Alexs letterbox, Visualize, Minghong, Wrs1864, Haham hanuka, Jonathunder, SPUI, ClementSeveillac, Nkedel, Espoo, Danski14, Alansohn,
JYolkowski, Cronus, GRider, Interiot, Arthena, Rd232, Jeltz, Andrewpmk, Plumbago, Zippanova, T-1000, Kocio, InShaneee, DavidCWG, Idont Havaname, Blobglob, BanyanTree, Uucp, Yuckfoo, Evil Monkey, BlastOButter42, Kusma, Jsorensen, Someoneinmyheadbutitsnotme, Zootm, Kerry7374, Mikenolte, 4c27f8e656bb34703d936fc59ede9a, Kyrin, Bobrayner, Weyes, Boothy443, Kelly Martin,
Woohookitty, LostAccount, Mindmatrix, Vorash, TigerShark, Scriberius, LOL, Nuggetboy, Localh77, Daniel Case, Baysalc, Snotty
(renamed), WadeSimMiser, Drongo, Schzmo, BlaiseFEgan, Rchamberlain, Zzyzx11, Leemeng, Wayward,
, Zhen-Xjell, Stefanomione, Karam.Anthony.K, Zpb52, Palica, Allen3, MassGalactusUniversum, Graham87, Marskell, Deltabeignet, Magister Mathematicae, BD2412, Roger McCoy, RadioActive~enwiki, MauriceJFox3, Jclemens, Icey, Josh Parris, Canderson7, Sjakkalle, Seidenstud, Coemgenus, Baeksu, Eyu100, Dannysalerno, Amire80, Carbonite, Harro5, Nneonneo, Oblivious, Roivas, Creative210, OKtosiTe,
Hermione1980, AySz88, Yamamoto Ichiro, Teddythetank, Eexlebots, RainR, Titoxd, FlaBot, Ecb29, Ian Pitchford, RobertG, Otnru,
HowardLeeHarkness, Arlondiluthel, JiFish, Avalyn, JYOuyang, Klosterdev, Rune.welsh, RexNL, Gurch, Quuxplusone, Intgr, Bmicomp,
Noxious Ninja, Butros, King of Hearts, KaintheScion, Scoops, Bornhj, DVdm, Ariele, Voodoom, Bgwhite, YurikBot, Wavelength, Aleahey,
Splintercellguy, Kencaesi, Kafziel, Adam1213, Pleonic, Hede2000, Bhny, Richjkl, Paul Quirk, Admiral Roo, Kirill Lokshin, Pvasiliadis,
Van der Hoorn, Akamad, Chensiyuan, Amanaplanacanalpanama, Stephenb, Manop, Barefootguru, Coyote376, Gaius Cornelius, CambridgeBayWeather, Kyorosuke, Member, Wimt, MarcK, Crazyman, Wiki alf, Dialectric, God Of All, AlMac, RazorICE, Irishguy, Brian
Crawford, Kynes, Rmky87, Ugnius, Amcfreely, Misza13, FlyingPenguins, Zephalis, Pablomartinez, DeadEyeArrow, Bota47, Xpclient,
Flipjargendy, Romal, Wknight94, Graciella, Zzuuzz, Encephalon, Gorgonzilla, Bayerischermann, AtOMiCNebula, Theda, Abune, Reyk,
Dspradau, Sean Whitton, BorgQueen, GraemeL, Shawnc, Peter, QmunkE, Emc2, JLaTondre, MagneticFlux, Che829, Bluezy, Katieh5584,
Kungfuadam, Plethorapw, NeilN, Leuk he, Kingboyk, Destin, Mardus, SkerHawx, That Guy, From That Show!, SG, Attilios, Veinor,
MacsBug, Firewall-guy, SmackBot, Colinstu, Estoy Aqu, Justinstroud, KnowledgeOfSelf, Royalguard11, CompuHacker, Georgeryp,
Blue520, Davewild, Matthuxtable, Stie, ElDakio, Delldot, KelleyCook, ProveIt, Vilerage, Ccole, Kaunietis25, Gilliam, Ohnoitsjamie,
Jushi, Oscarthecat, Skizzik, Chaojoker, ERcheck, Gary09202000, Chris the speller, Parajuris, Skintigh, Chemturion, Thumperward,
Christopher denman, SchftyThree, Deli nk, Octahedron80, DHN-bot~enwiki, Darth Panda, Trimzulu, Jmax-, Can't sleep, clown will
eat me, Frap, Episteme-jp, Nixeagle, JonHarder, Korinkami, Rablari Dash, Homestarmy, Xyzzyplugh, Jax9999, Midnightcomm, Mr.Zman, Gabi S., Cybercobra, Engwar, Nakon, GhostDancer, Monotonehell, Warren, Weregerbil, Polonium, Sbluen, Sljaxon, Twain777,
Fredgoat, Jeremyb, Kotjze, Nevyan, MOO, Risker, DataGigolo, Clicketyclack, SashatoBot, Rory096, Swatjester, JethroElfman, Heimstern, Tor Stein~enwiki, Xaldafax, Minna Sora no Shita, Abdomination, Llamadog903, PseudoSudo, LebanonChild, Chrisch, Mr. Vernon, Andypandy.UK, Jcmiras, Alistairphillips, Alistair.phillips1, Darklord.dave, MrArt, Mphill14, SandyGeorgia, Camp3rstrik3r, Jam01,
Rip-Saw, Vernalex, Michael.koe, Sifaka, Jnk, Iridescent, Lonyo, JoeBot, Cowicide, Gholam, 10014derek, JHP, J Di, IvanLanin, Igoldste, Cbrown1023, RekishiEJ, AGK, Linkspamremover, Astral9, Kanecain, Mzub, Tawkerbot2, Morryau, Jasrocks, SMRPG, Clintmsand,
Alestrial, AbsolutDan, SkyWalker, J Milburn, JForget, FleetCommand, Anon user, Wikkid, Xlegiofalco, Ewc21, DevinCook, Pockle,
Raceprouk, Green caterpillar, El aprendelenguas, Kejoxen, Herenthere, CJBot, Angelsfreeek, Kribbeh, Phatom87, TheBigA, Cydebot,
Treybien, Steel, Gogo Dodo, Mroesler, Tiger williams, Bigjake, Shirulashem, Christian75, Codetiger, DumbBOT, TheJC, Omicronpersei8, Zalgo, Lo2u, Jed keenan, Satori Son, FrancoGG, Thijs!bot, Epbr123, Wikid77, Ilpalozzo, Supermario99, Daniel, Wikikiki~enwiki,
Nonagonal Spider, Who123, Rcandelori, Jojan, Moulder, West Brom 4ever, A3RO, Cool Blue, Grayshi, CharlotteWebb, Nick Number, Wai Wai, Wikidenizen, Dawnseeker2000, Natalie Erin, Silver Edge, Escarbot, CamperStrike, Andykitchen, Mentisto, Mr.Fraud,
AntiVandalBot, Operator link, Luna Santin, Ownlyanangel, Schooop, Anotherpongo, Dylan Lake, Kmesserly, Shlomi Hillel, Pixelface,
Jenny Wong, Falconleaf, Alevine-eantick, Qwerty Binary, Ingolfson, JAnDbot, Hiddenstealth, Ginza, Barek, Epeeeche, BCube, Bhaddow, D. Kapusta, Dcooper, The elephant, Entgroupzd, MadMom2, Kipholbeck, SteveSims, Magioladitis, Bongwarrior, VoABot II,
Mike5906, Abbadox, Yandman, Dfense, XPOTX, Tedickey, Twsx, Mikey129, LonelyWolf, Alekjds, Violetness, Robotman1974, Allstarecho, Cpl Syx, Fang 23, Bugtrio, Fayul, Glen, Myststix, Pikolas, Gwern, Atulsnischal, Ksero, Gundato, Hdt83, MartinBot, M3tal H3ad,
CliC, BetBot~enwiki, Flamingpanda, Axlq, Skipatek, Lcaa9, Ittan, R'n'B, I2omani, Bgold4, RaccoonFox, J.delanoy, Fakir005, Trusilver, Deonwilliams, Neon white, Singing guns, Dispenser, Justinm1978, LordAnubisBOT, 2IzSz, Thomas Larsen, Compman12, Freejason,
Demizh, Jwright1, Legendsword, AntiSpamBot, WikiChip, TomasBat, Bushcarrot, NewEnglandYankee, Hellohellohello007, ,
Fsf~enwiki, Juliancolton, WarFox, Atama, Teggis, Redrocket, Wiki989, Mguy, Kiyo o, VolkovBot, ChrisPerardi, Je G., Tesscass,
185
Dajahew1, TXiKiBoT, Zidonuke, Moogwrench, KevinTR, Rei-bot, GcSwRhIc, Shindo9Hikaru, Oxfordwang, Anna Lincoln, Melsaran,
Martin451, LeaveSleaves, Alexarankteam, Master Bigode, Wikiisawesome, Copper20, Trickiality, Bercyon, Billinghurst, The Negotiator,
Haseo9999, Flamesrule89, Willbrydo, Digita, Mickelln, LittleBenW, AlleborgoBot, Fredtheyingfrog, Fabioejp, EmxBot, Overtheblock,
Supery789, SieBot, Techwrite, Spartan, Backpackkk, Backpack123, Gorx, Jack Merridew, IHateMalware, Dawn Bard, Schwartz, Ken,
Sephiroth storm, WJerome, Arda Xi, Pdub567, Oda Mari, Arbor to SJ, Jojalozzo, Nosferatus2007, Oxymoron83, Faradayplank, AngelOfSadness, Wjemather, ImageRemovalBot, Loren.wilton, ClueBot, Mr. pesci, GorillaWarfare, Fyyer, The Thing That Should Not Be,
College222, Darthveda, Drmies, Mild Bill Hiccup, Braksus, Mackmar, Milenamm, Absmith111, Tokyogamer, Christineokelly, Bichon,
Emperordarius, Igorberger, Rhododendrites, WalterGR, WWriter, Anti328, DanielPharos, Morriske, Apparition11, SF007, DumZiBoT,
Adams527, Mikon8er, XLinkBot, ICaNbEuRsOuLjAgIrL, Skarebo, SilvonenBot, Alexius08, Noctibus, Dubmill, Addbot, Deepmath, Clsdennis2007, Wowrocker2, Joost Kieviet, SuperSmashBros.Brawl777, AndrewJNeis, Christos2121, 15lsoucy, Ronhjones, Leszek Jaczuk,
Skyezx, MrOllie, Glane23, Chzz, Debresser, Favonian, Mike A Quinn, Evildeathmath, Lightbot, OlEnglish, Qwertyytrewqqwerty, Fiilott,
Luckas-bot, Yobot, Sdalk208, TaBOT-zerem, Voyage34, Aaronit~enwiki, Egosintrick, THEN WHO WAS PHONE?, SeanTheBest949,
Writerjohan, KamikazeBot, Fortmadder, TJDishaw6, Quentinv57, AnomieBOT, Keepitreal74, Roman candles, Jim1138, MinnetonkaCZ,
IRP, Galoubet, Piano non troppo, AdjustShift, Wasisnt, Yachtsman1, Ulric1313, Materialscientist, Danno uk, The Firewall, Xqbot, Sionus,
Capricorn42, Dubboy1969, Avastik, Junkcops, Katcrane, Halstonm, PraeceptorIP, Mlpearc, S0aasdf2sf, Ragityman, Danalpha31, Kurtdriver, BubbleDude22, Prunesqualer, Mathonius, IShadowed, Vuletrox, Luminique, Fastguy397, VS6507, DigitalMonster, Cykloman15,
Flakmonkey24, HamburgerRadio, Yodaddy4276, Jammy467, Pinethicket, Idemnow, Jacobdead, Chucknorriss007, JNorman704, Ngyikp,
Brian Everlasting, SpaceFlight89, RandomStringOfCharacters, OMGWEEGEE2, Reconsider the static, MichaelRivers, Sahil16, Dinamikbot, Vrenator, Halti1328, Sammonaran, Jerd10, JV Smithy, Thunerb, Tbhotch, Luis8750, RjwilmsiBot, VernoWhitney, Buggie111,
Xvunrealvx, Nabahat, EmausBot, John of Reading, Marmbrus, Bob22234, Dewritech, RA0808, L235, Tommy2010, Wikipelli, K6ka,
Boysfood, Zach eastburn, Rocopter23, EneMsty12, L0ngpar1sh, Wayne Slam, Isarra, Hidbaty223, Janesilentbob, Damirgrati, FloridaShawn123, GrayFullbuster, Jschwa12, ClueBot NG, Karlson2k, Cntras, Braincricket, 123Hedgehog456, O.Koslowski, Chikkey007,
Widr, Neilacharya, Pattiewillford, Rubybarett, Icallitvera, DBigXray, Kwolton, Jordan james elder, PatrickCarbone, Larda, MusikAnimal, EmadIV, Brilubic2, YolentaShield, Cre8tin, Mechanic1545, VanEman, RobertEdingerPHD, Egyptianmorrow, J3zzy1998DBZ,
Jeremy112233, Cyan.aqua, Squishy901, Rms1524, ZappaOMati, EuroCarGT, Dexbot, Cwobeel, Codename Lisa, Jamiedude2002, Geniusmanship, SFK2, Sourov0000, Corn cheese, Allne1972, Franois Robere, Melonkelon, Eyesnore, Yuvalg9, Jameii123, Muhammadbabarzaman, MountRainier, Majidmec, Babitaarora, Ymd2004, Someone not using his real name, Jianhui67, Dannyruthe, Mickel1982,
7Sidz, BethNaught, Qwertyxp2000, Wii , Zaixar, 7thwave1, Julietdeltalima, Silien2002, MagyVi, Securitysentry, Tripboom, Jiesenpan
and Anonymous: 1354
Timeline of computer security hacker history Source: http://en.wikipedia.org/wiki/Timeline%20of%20computer%20security%
20hacker%20history?oldid=662294118 Contributors: ChangChienFu, Edward, Nixdorf, Eurleif, Sannse, Delirium, Paul A, Minesweeper,
Tregoweth, Ronz, Snoyes, Cimon Avaro, Evercat, GCarty, Conti, Ylbissop, PatriceNe, Reddi, Ike9898, Zoicon5, Jnc, Topbanana,
Jeq, RadicalBender, Sjorford, Gentgeen, Robbot, Fredrik, Sanders muc, RedWolf, Altenmann, Stewartadcock, Jy, PBP, Pengo,
GreatWhiteNortherner, Davidcannon, Dave6, DocWatson42, Jtg, Kenny sh, Everyking, Niteowlneils, Broux, Maroux, DO'Neil, AlistairMcMillan, The zoro, Gzornenplatz, Matt Crypto, Alvestrand, Bobblewik, Gadum, Utcursch, Ruy Lopez, Long John Silver~enwiki,
Beland, Tim Pritlove, Kbrooks, Neutrality, Eisnel, Zoganes, Orange Goblin, D6, Wikiti, Guanabot, Ponder, Calebbell, Thebrid, CanisRufus, NetBot, Adrian~enwiki, Draconiszeta, RussBlau, Hektor, JaveCantrell, Inky, Bart133, Yolgie, M3tainfo, Danthemankhan, Guthrie,
H2g2bob, Markaci, Lkinkade, Jbl, Brunnock, Myleslong, Skyraider, Amatus, Scm83x, Allen3, Rjwilmsi, Koavf, Vegaswikian, Bensin,
Ground Zero, JdforresterBot, Kmorozov, Ewlyahoocom, TheDJ, Alvin-cs, Bgwhite, RussBot, Gaius Cornelius, EWS23, Mipadi, BirgitteSB, DeadEyeArrow, Izcool, Haemo, American2, Deville, Closedmouth, Arthur Rubin, Dcb1995, Rwwww, UltimatePyro, SmackBot,
Jereykopp, Rtc, Zazaban, Anarchist42, 6Akira7, Resorb, Mauls, Commander Keane bot, Gilliam, GoneAwayNowAndRetired, Chris the
speller, TimBentley, Snori, Roscelese, Steelmanronald, CSWarren, Kungming2, Colonies Chris, Wesw02, Racklever, ConMan, Warren,
Tlmii, Blututh, Wizardman, KeithB, Via strass, Tomhubbard, DavidBailey, Breno, Dipset1991, Lightshadow~enwiki, Mets501, Xionbox,
Zepheus, BranStark, Octane, Switchercat, CmdrObot, No1lakersfan, Dalen talas, Ngileadi, DrunkenSmurf, Alaibot, Satur9, Epbr123,
NOYGDB-YHNNTK, Karin Spaink, Esemono, Jimhoward72, Nick Number, AntiVandalBot, Pipedreamergrey, Tqbf, Magioladitis, Tinucherian, Seigiac, Firealwaysworks, Animum, Edward321, Esanchez7587, Gun Powder Ma, Gwern, Pauly04, Coradon, Jargon777, Maurice Carbonaro, Shatner1, Craigmascot, Znx, SmackTacular, S, TheNewPhobia, Funandtrvl, Sam Blacketer, Indubitably, DBZROCKS,
Seb az86556, Haseo9999, Oriaj, Chahax, Sue Rangell, BlueClerica, TJRC, Scarian, Malcolmxl5, Nathan, Matt Brennen, Happysailor,
Mandsford, Oxymoron83, SilverbackNet, CultureDrone, Denisarona, Faithlessthewonderboy, Martarius, ClueBot, Plastikspork, Mild Bill
Hiccup, Niceguyedc, Arunsingh16, Sv1xv, Leonard^Bloom, Rhododendrites, Sun Creator, Arjayay, Dark-Basics, DanielPharos, Gencturk~enwiki, J3r3m3, Galt 57, DumZiBoT, UnUnNilium, XLinkBot, Ost316, RyanCross, Addbot, Montgomery '39, Cst17, Mohamed
Magdy, Download, Sashi Degodeshi, Freqsh0, Chzz, Boydays, Yobot, TaBOT-zerem, Lacrymocphale, SwisterTwister, Backslash Forwardslash, AnomieBOT, Noq, Jim1138, Materialscientist, Citation bot, Miles86, LilHelpa, Sixequalszero, Alexnickell, Uitham, Shadowjams, FrescoBot, Haeinous, Meishern, HamburgerRadio, Citation bot 1, I dream of horses, Jeger, Full-date unlinking bot, Arbero,
Onel5969, Hobbes Goodyear, RjwilmsiBot, In ictu oculi, Acather96, Dixtosa, Szawi, Dewritech, GoingBatty, Wikipelli, Josve05a, Wikfr,
Brandmeister, L Kensington, ClueBot NG, Jack Greenmaven, LogX, Catlemur, Steve dexon, Killawattson, Widr, Kleinash, Helpful Pixie
Bot, Mrorville1, YusufZ, Rsotillo, MusikAnimal, Hackingtag, Neishamonaya, Conifer, Fylbecatulous, BattyBot, Mgreen11, Pratyya Ghosh,
Tonyxc600, MikeTaylor1986, CooKiee2012, Maestro814, Codename Lisa, Lugia2453, Jamesx12345, Izniz, Cody Allan, Everymorning,
JacobiJonesJr, The Herald, JaconaFrere, InfoSecGuy, Magma1983, Parveen97, Tjb5228, SirJohnWilliams, Beardog108 and Anonymous:
367
Trojan horse (computing) Source: http://en.wikipedia.org/wiki/Trojan%20horse%20(computing)?oldid=662342900 Contributors:
Damian Yerrick, Paul Drye, MichaelTinkler, LC~enwiki, Mav, Bryan Derksen, Zundark, Rjstott, Andre Engels, Gianfranco, Mincus,
Heron, R Lowry, Michael Hardy, Voidvector, Pnm, Dori, Ahoerstemeier, Ronz, Darrell Greenwood, Julesd, Glenn, Jiang, Ryuukuro,
Timwi, Andrevan, Ww, WhisperToMe, SEWilco, Chuunen Baka, Robbot, Kizor, Schutz, Altenmann, Puckly, Premeditated Chaos, Sunray, Tbutzon, Saforrest, Borislav, Miles, Splatt, Cyrius, GreatWhiteNortherner, Giftlite, Fennec, Brian Kendig, No Guru, Wikibob, Leonard
G., ZeroJanvier, AlistairMcMillan, Fanf, Matt Crypto, PlatinumX, SWAdair, SoWhy, Knutux, SURIV, Antandrus, Tbjablin, Kesac, Asriel86, Bumm13, Trafton, Shiftchange, Monkeyman, A-giau, Discospinster, Sperling, Stereotek, JoeSmack, CanisRufus, Shanes, Sietse
Snel, One-dimensional Tangent, Yono, Bobo192, Alexandre.tp, Cmdrjameson, Chirag, DCEdwards1966, Haham hanuka, Jjron, Ranveig, Alansohn, Anthony Appleyard, Guy Harris, Andrewpmk, M7, Riana, Sade, Ciaran H, Kesh, Danhash, Evil Monkey, BDD, Versageek, Brookie, Nuno Tavares, Woohookitty, Mindmatrix, TigerShark, Myleslong, Matey~enwiki, Briangotts, Pol098, WadeSimMiser,
Easyas12c, Optichan, Gyrae, Mekong Bluesman, Graham87, Jclemens, Enzo Aquarius, Rjwilmsi, JoshuacUK, Blacktoxic, NeonMerlin,
ElKevbo, Aapo Laitinen, AySz88, Andrzej P. Wozniak, RainR, RobertG, JiFish, Bubbleboys, Ewlyahoocom, Alexjohnc3, TheDJ, DevastatorIIC, Ben-w, Gr8dude, M7bot, Ahunt, Chobot, DVdm, Roboto de Ajvol, Angus Lepper, Sceptre, Ytgy111, Kerowren, Eleassar, Ptomes,
186
Wimt, NawlinWiki, Wiki alf, Dialectric, RattleMan, Johann Wolfgang, Vincspenc, THB, Ugnius, Nick C, Kenkoo1987, T, Lockesdonkey,
Wknight94, Niggurath, Zzuuzz, E Wing, Jogers, GraemeL, Ethan Mitchell, RandallZ, Airconswitch, Suburbancow, CIreland, Jaysscholar,
Slampaladino, J2xshandy, Scolaire, SmackBot, Kellen, Unschool, Narson, Bobet, Tarret, KocjoBot~enwiki, Delldot, KelleyCook, Jpvinall,
Arsenaldc1988, Gilliam, Ohnoitsjamie, Spamhuntress, Snori, Tree Biting Conspiracy, Miquonranger03, Gareth, LaggedOnUser, Lexlex,
DHN-bot~enwiki, Jereyarcand, Abaddon314159, Can't sleep, clown will eat me, MyNameIsVlad, Frap, Christan80, KaiserbBot, Rrburke,
TKD, Emre D., Nibuod, Sljaxon, Drphilharmonic, HDow, LeoNomis, Richard0612, Clicketyclack, Neverender 899, SS2005, Kuru, Jidanni, Gobonobo, Sir Nicholas de Mimsy-Porpington, Evan Robidoux, UkNegative, 041744, JHunterJ, George The Dragon, Alethiophile,
Waggers, Iridescent, Redskull619, IvanLanin, JoeE, Blehfu, Courcelles, Linkspamremover, Astral9, Mzub, ChrisCork, Switchercat, SkyWalker, JForget, DJPhazer, CmdrObot, Wafulz, Makeemlighter, ParadoX, CWY2190, Rikva, Lishy Guy, Jesse Viviano, INVERTED,
Neelix, Funnyfarmofdoom, Equendil, Slazenger, MC10, Red Director, SnootyClaus, Strom, Mr. XYZ, Shirulashem, UnDeRsCoRe, Rud
Almeida, Omicronpersei8, Rocket000, Thijs!bot, Epbr123, Blademaster313, N5iln, Laboye, Vertium, John254, James086, Leon7, Danfreedman, Mule Man, Dawnseeker2000, Mentisto, AntiVandalBot, Luna Santin, Widefox, Seaphoto, Oducado, Karthik sripal, Rhugginsahammond, JAnDbot, Xhienne, El Dominio, Vaclon, HellDragon, Mishrankur, Freedomlinux, VoABot II, Nyq, Jrg7891, SineWave,
GODhack~enwiki, Indon, Cailil, Esanchez7587, Shuini, DidierStevens, Charitwo, Gwern, Atulsnischal, MartinBot, Axlq, Jonathan Hall,
R'n'B, JohnNapier, J.delanoy, Patsyanks06, Legoboy2000, Catmoongirl, Didgeman, Mccajor, McSly, RichJizz123, Demizh, Evils Dark,
Gurchzilla, AntiSpamBot, Dividing, LeighvsOptimvsMaximvs, Shoessss, Cue the Strings, Andrewcmcardle, Darryl L James, Bonadea,
Martial75, Ditre, Anapologetos, ThePointblank, CardinalDan, Burlywood, Deor, VolkovBot, ABF, Je G., Sulcage, Rtrace, VasilievVV,
Jacroe, Ryan032, Philip Trueman, PGSONIC, Af648, Zidonuke, Dorcots, Floddinn, Drake Redcrest, Rei-bot, Crohnie, Arnon Chafn, Warrush, Anna Lincoln, Clarince63, Undine235, LeaveSleaves, ^demonBot2, Lukes123, Skittles266, BotKung, Hurleyman, SpecMode, Darkness0110, Madhero88, Peteritism, Haseo9999, Falcon8765, Enviroboy, Insanity Incarnate, Why Not A Duck, Spitre8520,
LittleBenW, AlleborgoBot, Logan, PGWG, Numbuh48, Firefoxobsession, Ramesseum, Softpile, Copana2002, SieBot, Teh nubkilr, BotMultichill, Krawi, Josh the Nerd, Caltas, Eagleal, RJaguar3, X-Fi6, Chiroz, Sephiroth storm, Johnnyeagleisrocker, Happysailor, Flyer22,
Caidh, Oxymoron83, Kosack, Hobartimus, Drsamgo, Bcrom, Hamiltondaniel, AtteOOIE, Snarkosis, The sunder king, Martarius, ClueBot, Jimmyrules1, Damonkeyman889944, Avenged Eightfold, Binksternet, Artichoker, The Thing That Should Not Be, IceUnshattered,
Lawrence Cohen, Ndenison, Wysprgr2005, Ascabastion, Zarkthehackeralliance, Mild Bill Hiccup, Piriczki, Infogaure, CounterVandalismBot, Dandog77, Aabrol19, Dennistang2007, Gunnar Kreitz, Somno, Aua, Excirial, Jusdafax, PixelBot, Eeekster, Bde1982, Rhododendrites, Mac1202, Lunchscale, WalterGR, Doctor It, Jaizovic, DanielPharos, JaneGrey, Taranet, VIKIPEDIA IS AN ANUS!, 7, Ranjithsutari, Berean Hunter, Egmontaz, Alchemist Jack, Polemos~enwiki, XLinkBot, Spitre, NiveusLuna, Jovianeye, Feinoha, TFOWR,
ErkinBatu, Mifter, Alexius08, Noctibus, Addbot, Some jerk on the Internet, Landon1980, A.qarta, Friginator, Markyman12, Ronhjones,
Ashton1983, Nirajdoshi, MrOllie, Download, Morning277, Ericzhang789, London-infoman, D.c.camero, Glane23, Exor674, SamatBot,
Arteyu, Theman98, Politoed666, Numbo3-bot, Tide rolls, Legion79, Krano, Apteva, Teles, Zorrobot, Jarble, Arbitrarily0, Fdaneels,
Koru3, Legobot, Helpfulweasal, Yobot, 2D, Fraggle81, Cm001, Xxxpivjtxxx, NERVUN, Nallimbot, QueenCake, Sujit.jhare, South Bay,
AnomieBOT, KDS4444, DemocraticLuntz, Rubinbot, Captain Quirk, Jim1138, Chuckiesdad, Materialscientist, Arezey, Frankenpuppy,
Xqbot, Capricorn42, Robot85, Liorma, Bihco, Jsharpminor, KrisBogdanov, Mlpearc, S0aasdf2sf, GrouchoBot, Megamonkeyextreme, RibotBOT, SassoBot, TrueGlue, Amaury, JulianDelphiki, Shadowjams, SchnitzelMannGreek, Vanatom, Thehelpfulbot, Trojan1223, FrescoBot, Untilabout9am, Daerlun, Clubmaster3, Michael93555, Scottaucoin89, A little insignicant, Haein45, HamburgerRadio, Mitchell
virus, Launchballer, Winterst, I dream of horses, Vicenarian, Edderso, Jacobdead, A8UDI, Rihdiugam, Ddspec, Robo Cop, Pcuser42, GWPSP090, Ksanexx, DixonDBot, Lamarmote, Miiszmylove, MichaelRivers, Vrenator, Reaper Eternal, Jerd10, Specs112, Vanished user
aoiowaiuyr894isdik43, Ciscorx, Minimac, Ameypersonsave, DARTH SIDIOUS 2, MMS2013, Lowoox, SMARTCUTEFUNNYXD, Brandonprince00, NerdyScienceDude, Limited2fan, Slon02, DASHBot, EmausBot, Super48paul, Fly by Night, L235, Tommy2010, Wikipelli,
TheGeomaster, Skaera, Ida Shaw, Dalek32, Traxs7, Eldruin, EneMsty12, Lolcat56734, Coasterlover1994, Sahimrobot, L Kensington,
Donner60, ClueBot NG, Cwmhiraeth, MunMan999, Gareth Grith-Jones, MelbourneStar, Bped1985, Augustalex, Muon, Braincricket,
Mesoderm, Rezabot, Widr, OKIsItJustMe, Madpigeon12, Strike Eagle, Titodutta, Complol2234343, Robbiecee2, Wiki13, MusikAnimal, AvocatoBot, Desenagrator, Mark Arsten, Sbd01, Onewhohelps, 1ravensnfan, Snow Blizzard, MrBill3, Glacialfox, Kelvinruttman,
Tutelary, Niraj.adyyyy, Th4n3r, Hsr.rautela, Adhithyan15, ChrisGualtieri, MadGuy7023, JayMyers-NJITWILL, Ghostman1947, Rezonansowy, SoledadKabocha, Djairhorn, Lugia2453, JoshLyman2012, Jc86035, Siravneetsingh, Soda drinker, Sourov0000, Cablewoman,
Bugzeeolboy, NimaBoscarino, RootSword, Dave Braunschweig, Epicgenius, CatBallSack, Eyesnore, Gaman0091, Khabir123, Kushay titanium, Someone not using his real name, Manish2911, Oranjelo100, Dannyruthe, Sathishguru, STH235SilverLover, Joseph 0515, Marp pro,
Rkpayne, Monkbot, Sidharta.mallick, Filedelinkerbot, Abcdfeghtys, Laura J. Pyle, Biblioworm, TerryAlex, Classofthewise, Earthquake58,
HamadPervaiz, Helpguy77, TQuentin, James the king12, JeremiahY, TeacherWikipedia, OldMcdonald12345 and Anonymous: 1149
Vulnerability (computing) Source: http://en.wikipedia.org/wiki/Vulnerability%20(computing)?oldid=661677087 Contributors: Kku,
CesarB, Ronz, Joy, Eugene van der Pijll, Phil Boswell, ZimZalaBim, Waldo, Sdsher, Jason Quinn, Wmahan, Utcursch, Beland, WhiteDragon, Quarl, FrozenUmbrella, Mozzerati, Discospinster, Xezbeth, Mani1, Adequate~enwiki, InShaneee, Velella, Mindmatrix, Ahouseholder, Ruud Koot, Macaddct1984, Mandarax, Tslocum, BD2412, Ketiltrout, Rjwilmsi, Jweiss11, ElKevbo, Naraht, Brownh2o, Chobot,
YurikBot, Gardar Rurak, Gaius Cornelius, Irishguy, Gru~enwiki, Perry Middlemiss, Mugunth Kumar, Abune, SmackBot, Mmernex,
AnOddName, Gilliam, PJTraill, Chris the speller, Persian Poet Gal, Manuc66~enwiki, JonHarder, Solarapex, Chris palmer, Mistress
Selina Kyle, FlyHigh, Lambiam, Derek farn, Xandi, Beetstra, Ehheh, Nevuer, Dreftymac, JoeBot, Jbolden1517, Penbat, Vanished user
fj0390923roktg4tlkm2pkd, Thijs!bot, EdJohnston, Obiwankenobi, Dman727, Eleschinski2000, S.C.F, Esanchez7587, CliC, Fleetame,
Ash, Jesant13, Anant k, Sarveshbathija, Touisiau, Jramsey, Tanjsta, TXiKiBoT, Softtest123, Zhenqinli, Michaeldsuarez, Haseo9999,
Swwiki, LittleBenW, Sassy410, JuTiLiu, Securityphreaks, Phe-bot, Cenzic, Jojalozzo, Jruderman, Ottawahitech, Dcampbell30, Liquifried,
WalterGR, DanielPharos, PotentialDanger, Sensiblekid, Fathisules, Addbot, Larry Yuma, SpBot, Tide rolls, Luckas-bot, BaldPark, Yobot,
Djptechie, Sweerek, AnomieBOT, MistyHora, Bluerasberry, ArthurBot, The Evil IP address, RibotBOT, Pradameinho, Bentisa, Erik9,
FrescoBot, Kitaure, HamburgerRadio, Pinethicket, Guriaz, Tool789789, Dtang2, Lotje, DARTH SIDIOUS 2, VernoWhitney, EmausBot,
John of Reading, Logical Cowboy, Timtempleton, Pastore Italy, ClueBot NG, Ptrb, Shajure, Emilyisdistinct, J23450N, AvocatoBot, Exercisephys, Mrebe1983, Mdann52, Mrt3366, Mediran, Codename Lisa, Mogism, Pharrel101, Wieldthespade, Krazy alice, OccultZone, Pat
power11, Monkbot, S166865h, Balancesheet, Greenmow and Anonymous: 105
White hat (computer security) Source: http://en.wikipedia.org/wiki/White%20hat%20(computer%20security)?oldid=662295700 Contributors: Pnm, Tango, Timwi, Joy, Jerzy, Altenmann, Pengo, Kenny sh, Gracefool, RoToRa, R. end, Quarl, Neutrality, Brianjd, JS
Nelson, Discospinster, Smyth, Goplat, AndrewM1, Aranel, Mattingly23, Sietse Snel, Bobo192, Adrian~enwiki, HasharBot~enwiki, Alansohn, Khaim, CivilianJones, M3tainfo, Sciurin, Guthrie, H2g2bob, Bsadowski1, Sfacets, Richwales, True~enwiki, Woohookitty, Mindmatrix, Qwertyus, Jclemens, Reisio, Rjwilmsi, Tizio, Wiarthurhu, WhiteBoy, JYOuyang, RexNL, Quuxplusone, Chobot, YurikBot, Borgx,
Kerowren, Hydrargyrum, Stephenb, Wimt, Korny O'Near, Awyllie, Rwalker, Intershark, Zzuuzz, Rsriprac, 404notfound, CWenger, That
Guy, From That Show!, SmackBot, Estoy Aqu, Rtc, Primetime, KVDP, Mauls, Yamaguchi , Gilliam, Ohnoitsjamie, Oscarthecat,
187
Thumperward, Rediahs, A. B., BlackbeardSCBC, Pegua, Thejut, Pax85, Djm101, Zchenyu, Kuru, Robosh, Neokamek, Stratadrake, Gijake, Beetstra, Hu12, Iambagels, Colonel Warden, NativeForeigner, Beno1000, Kingoomieiii, JohnCD, DaveK@BTC, Neelix, Phatom87,
The Librarian at Terminus, Sp!ke, Gogo Dodo, Chasingsol, Omicronpersei8, Epbr123, JNighthawk, Headbomb, Marek69, Tsschwartz,
Seaphoto, Froglegs114, Harryzilber, MER-C, Skomorokh, Fetchcomms, GoodDamon, Y2kcrazyjoker4, Mjhmach5, JamesBWatson, Arctic, Testla, Web-Crawling Stickler, JonWinge, Thompson.matthew, Lunakeet, FisherQueen, MartinBot, Xumbra, RockMFR, J.delanoy,
Ncmvocalist, AntiSpamBot, NewEnglandYankee, Cometstyles, Dkovalak, Bonadea, Jarry1250, Elephant101, Dog777, VolkovBot, AlnoktaBOT, Philip Trueman, TXiKiBoT, Securitytester, Martin451, BotKung, Doug, Falcon8765, Unused0030, Monty845, A pop machine,
Mmairs, Whitehatnetizen, Neil Smithline, Ml-crest, Sephiroth storm, Rahk EX, KathrynLybarger, OKBot, Diego Grez, ClueBot, Badger Drink, Ddonzal, Pitt the elder, Marktompsett, Excirial, Cronus111, Rhododendrites, Andrew81446, Elizium23, Jinxpuppy, C628,
9010154g, Jasburger, GoldenPhoenix, DumZiBoT, Neuralwarp, XLinkBot, Jediknight304, Johndci, Addbot, ZXZYZXZY, CL, Proxima
Centauri, Buddha24, Muiranec, Yobot, THEN WHO WAS PHONE?, Tree-hugger-for-mccain, South Bay, Tom87020, Materialscientist,
Wodawik, Naga.naga2009, Obersachsebot, Xqbot, CXCV, Peterdx, Pradameinho, Bellerophon, Architectchamp, Moby-Dick3000, Extralars, Romangralewicz, DivineAlpha, Terence88, Pinethicket, Skyerise, Jandalhandler, Napsss, Krilykki, Lotje, Aoidh, Jerd10, No One
of Consequence, RjwilmsiBot, Alexandru47, Beyond My Ken, EmausBot, WikitanvirBot, Hirsutism, Dewritech, Arfharwinder, Ida Shaw,
F, Josephkristianblack, Kilopi, Tolly4bolly, Donner60, Nayak.rakesh70, ClueBot NG, Unscintillating, WhitehatGuru, Tws6-NJITWILL,
ScottSteiner, Mohsinmahfooz, Joshuajohnson555, Emasterashu, HMSSolent, Xcyss, DanyXyz, BattyBot, Smbcxkcd, Darylgolden, Frosty,
Aroratrishneet, Pkcoolpk, Malerooster, Dr Dinosaur IV, Mongo Feels Better, Babitaarora, Jemeares, Ginsuloft, Saniya2090, Akshay0000,
HelenaKitty, Pushpinder Joshi, Behroznathwani, FourViolas, Shesgirlfriday, Hoaxing, Prashanth 744, Jugad.ab, Rohi4417 and Anonymous:
261
Hacker (programmer subculture) Source: http://en.wikipedia.org/wiki/Hacker%20(programmer%20subculture)?oldid=662486288
Contributors: The Anome, Aldie, Phil Bordelon, ChangChienFu, Edward, Liftarn, Gabbe, Zanimum, TakuyaMurata, Dori, AquaRichy,
Stan Shebs, Stevenj, Pratyeka, Ylbissop, Dysprosia, Altenmann, Lowellian, Chris Roy, Pengo, Martinwguy, Eric S. Raymond, Kolab,
Ich, Ds13, Mboverload, AlistairMcMillan, Elmindreda, Vanished user wdjklasdjskla, Neilc, Utcursch, Piotrus, Billposer, Gscshoyru,
Trek011~enwiki, Rich Farmbrough, Triskaideka, Gronky, Bender235, Nabla, El C, Pikesta, Army1987, Ypacara, ~enwiki, Blotwell,
Pearle, Diego Moya, Sl, Bart133, Paul1337, Astralnaut, H2g2bob, Versageek, Ringbang, Markaci, Mindmatrix, Daira Hopwood, WadeSimMiser, The Wordsmith, Exxolon, Marudubshinki, Mycro, Windchaser, Quuxplusone, Jamessnell, Ahpook, WriterHound, Elfguy, Piet
Delport, Kerowren, Proidiot, Abb3w, Froth, Janizary, Karora, SmackBot, Rtc, 6Akira7, Sciintel, Renesis, Edgar181, Unforgettableid,
Gilliam, Thumperward, Audriusa, Frap, Dee man 45, Pete Fenelon, Dmitrios, Cybercobra, N Shar, AmiDaniel, Dwpaul, Al1encas1no,
Colonel Warden, Twas Now, Tawkerbot2, Kingoomieiii, JForget, Paulmlieberman, ShelfSkewed, Lentower, Neelix, JustAGal, AntiVandalBot, Joachim Michaelis, Dylan Lake, Vendettax, Utopiantheorist, Tedickey, Thireus, Scenestar, STBot, R'n'B, VirtualDelight, J.delanoy,
Falljorda, Cometstyles, Jevansen, Funandtrvl, Je G., Rocka89, Comrade Graham, Getonyourfeet, Falcon8765, Scarian, Phe-bot, Topher385, DancingPhilosopher, Svick, Torchwoodwho, Martarius, ClueBot, The Thing That Should Not Be, TableManners, Ndenison, Bob
bobato, Trivialist, Excirial, OpinionPerson, Rhododendrites, Andrew81446, Subash.chandran007, Anonymasity, Bearsona, XLinkBot,
David Delony, Dsimic, Addbot, Jojhutton, Grandscribe, Fluernutter, TSWcontentlady, MrOllie, Glane23, Roux, AgadaUrbanit, Lightbot, OlEnglish, Jarble, Yobot, Eric-Wester, AnomieBOT, Rjanag, Aditya, Darolew, Materialscientist, MaxWinsForever, Karlzt, 2ndAccount, Joaquin008, A. di M., FrescoBot, W3bW4rL0cK, Citation bot 1, Pinethicket, Jonesey95, Eagles247, Skyerise, Robvanvee, Detoxicated, Aoidh, Jerd10, Lynkynpark86, Scil100, Grrow, Dewritech, Wikipelli, Younghackerx, QEDK, Cosman246, Coasterlover1994,
Palosirkka, Bk314159, Pun, Ego White Tray, Tijfo098, ClueBot NG, Peter James, Gilderien, Decepticon1, Magister Scienta, Reifytech, Nick7244, BG19bot, Arbsn, Eugn Jung, MusikAnimal, Valentine Wyggin, Bhanusharma027, Harban.mital, Hasimas, Avantiext,
ChrisGualtieri, Billyshiverstick, Shikhil sharma(ethical hacker), Hnurgds, BreakfastJr, Jennpliu, NickDragonRyder, Blosoya, TheBigBadHACKAH, Usman ki rani, Lakun.patra, Rotaryphone111, Orhanbajrami, PShermz, S166865h, OMPIRE, Aerial1030, Crystallizedcarbon,
Anonymous6767, TheGamingMun and Anonymous: 176
Hacker ethic Source: http://en.wikipedia.org/wiki/Hacker%20ethic?oldid=660465151 Contributors: The Anome, Vovkav~enwiki,
Michael Hardy, Pnm, Dori, (, Darkwind, Dpbsmith, Jeq, Pengo, DocWatson42, Long John Silver~enwiki, Ashmodai, Rich Farmbrough, Harriv, Gronky, Bobo192, Army1987, Adrian~enwiki, H0mee, Batmanand, Keziah, Danaman5, H2g2bob, Markaci, True~enwiki,
Mindmatrix, Marudubshinki, Cuvtixo, Aputtu, Mycro, WhyBeNormal, Bjwebb, YurikBot, NTBot~enwiki, Gaius Cornelius, Trisapeace,
Nlu, Ted@SysAdminDay.com, Victor falk, Karora, SmackBot, Rtc, InverseHypercube, Gilliam, Chris the speller, Thumperward, Oli
Filth, Audriusa, Frap, Xillion, Vanished user 9i39j3, Unclaimed avatar, Noah Salzman, Doczilla, Wwagner, Spinnick597, Colonel Warden, Johnthescavenger, Beno1000, Markg123, JohnCD, Tomchance, Shandris, Neelix, Victornrm, Jcmtan, XP105, Sirmylesnagopaleentheda, Omicronpersei8, Thijs!bot, Carolmooredc, Pixelface, Leuko, Lsi, SteveSims, Magioladitis, Gwern, ArcAngel, Jdfulmer, GreenRunner0, Eliz81, Rich Janis, AllGloryToTheHypnotoad, Aphilo, Andy Dingley, Tomaxer, Fischer.sebastian, Indexum, Hmwith, Scarbrow,
Mikemoral, Mikazo, Sethop, Denisarona, Floorwalker, Mr. Granger, Noctivigant wow, AlexConnell, Tangmas214, John723, Qianruomas214, Rhododendrites, Nguyenmas214, SjaichudinMAS214, Hilton214, Dmyersturnbull, Lombana, Kakofonous, Error 128, BlackDeath3, RyanCross, Linuxguymarshall, JWCurtis2003, TSWcontentlady, AnnaFrance, MisterB777, Lightbot, Jarble, Legobot, Yobot,
AnomieBOT, Lphung32, Paterson229, Parker229, Xqbot, Hamiltonmas229, Ahernmas214, Cloutmas229, Rawhunger, Pradameinho,
Sophus Bie, Harkatline, D'ohBot, Mhollo, Citation bot 1, Pinethicket, Kiefer.Wolfowitz, Zeptozoid, Ingrid Krunge, Wakelamp, Daulfn,
Ripchip Bot, MithrandirAgain, Ego White Tray, Will Beback Auto, ClueBot NG, Reify-tech, Helpful Pixie Bot, Sbark26, Whitehatpeople,
HelioSeven, Ugncreative Usergname, Mottengott, Avantiext, CheezRulez, Webclient101, Hnurgds, Eugpop2014, OMPIRE, Bcbethevans
and Anonymous: 84
33.9.2
Images
File:2010-T10-ArchitectureDiagram.png
Source:
2010-T10-ArchitectureDiagram.png License:
CC BY-SA
2010-T10-ArchitectureDiagram.png Original artist: Neil Smithline
3.0
http://upload.wikimedia.org/wikipedia/commons/8/86/
Contributors:
http://www.owasp.org/index.php/File:
File:2600_Hz.ogg Source: http://upload.wikimedia.org/wikipedia/commons/f/fe/2600_Hz.ogg License: Public domain Contributors: Own

work Original artist: H2g2bob
File:Abene9_2005.jpg Source: http://upload.wikimedia.org/wikipedia/commons/d/d6/Abene9_2005.jpg License: Public domain Contributors: ? Original artist: ?
File:Ambox_globe_content.svg Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Ambox_globe_content.svg License:
Public domain Contributors: Own work, using File:Information icon3.svg and File:Earth clip art.svg Original artist: penubag
188
File:Ambox_important.svg Source: http://upload.wikimedia.org/wikipedia/commons/b/b4/Ambox_important.svg License: Public domain Contributors: Own work, based o of Image:Ambox scales.svg Original artist: Dsmurat (talk contribs)
File:Ambox_rewrite.svg Source: http://upload.wikimedia.org/wikipedia/commons/1/1c/Ambox_rewrite.svg License: Public domain
Contributors: self-made in Inkscape Original artist: penubag
File:Bending.jpg Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Bending.jpg License: CC BY-SA 2.5 Contributors: Own
work - Original artist: Holotone / Holotone at en.wikipedia
File:Botnet.svg Source: http://upload.wikimedia.org/wikipedia/commons/c/c6/Botnet.svg License: CC BY-SA 3.0 Contributors: Own
work Original artist: Tom-b
File:CPU_ring_scheme.svg Source: http://upload.wikimedia.org/wikipedia/commons/2/25/CPU_ring_scheme.svg License: CC-BYSA-3.0 Contributors: This vector image was created with Inkscape. Original artist: User:Sven, original Author User:Cljk
File:ClamAV0.95.2.png Source: http://upload.wikimedia.org/wikipedia/commons/2/2f/ClamAV0.95.2.png License: GPL Contributors:
my PC running Ubuntu 9.04 Original artist: SourceFire
File:ClamTK3.08.jpg Source: http://upload.wikimedia.org/wikipedia/commons/2/26/ClamTK3.08.jpg License: GPL Contributors: Own
work (own screenshot) Original artist: Dave Mauroni
File:Commons-logo.svg Source: http://upload.wikimedia.org/wikipedia/en/4/4a/Commons-logo.svg License: ? Contributors: ? Original
artist: ?
File:Conficker.svg Source: http://upload.wikimedia.org/wikipedia/commons/5/53/Conficker.svg License: CC BY-SA 3.0 Contributors:
Own work Original artist: Gppande
File:Crystal_Clear_device_cdrom_unmount.png Source:
http://upload.wikimedia.org/wikipedia/commons/1/10/Crystal_Clear_
device_cdrom_unmount.png License: LGPL Contributors: All Crystal Clear icons were posted by the author as LGPL on kde-look;
Original artist: Everaldo Coelho and YellowIcon;
File:DC13_Badge.jpg Source: http://upload.wikimedia.org/wikipedia/commons/8/84/DC13_Badge.jpg License: Public domain Contributors: enwiki (http://en.wikipedia.org/wiki/Image:DC13_Badge.jpg) Took image in bedroom. Origional can be found at the following:
http://google.gotdns.com/modules.php?name=coppermine&file=displayimage&album=96&cat=0&pos=12". (en:Prosavage2600) Original artist: en:Prosavage2600
File:DEF_CON_17_CTF_competition.jpg Source:
http://upload.wikimedia.org/wikipedia/commons/4/47/DEF_CON_17_CTF_
competition.jpg License: CC BY 2.0 Contributors: Flickr Original artist: Nate Grigg
File:Disambig_gray.svg Source: http://upload.wikimedia.org/wikipedia/en/5/5f/Disambig_gray.svg License: Cc-by-sa-3.0 Contributors:
? Original artist: ?
File:Edit-clear.svg Source: http://upload.wikimedia.org/wikipedia/en/f/f2/Edit-clear.svg License: Public domain Contributors: The
Tango! Desktop Project. Original artist:
The people from the Tango! project. And according to the meta-data in the le, specically: Andreas Nilsson, and Jakub Steiner (although
minimally).
File:Encryption_-_decryption.svg Source: http://upload.wikimedia.org/wikipedia/commons/b/bf/Encryption_-_decryption.svg License: CC-BY-SA-3.0 Contributors: based on png version originally uploaded to the English-language Wikipedia by mike40033, and
moved to the Commons by MichaelDiederich. Original artist: odder
File:Firewall.png Source: http://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png License: CC BY-SA 3.0 Contributors:
Feito por mim Original artist: Bruno Pedrozo
File:Firewall_bw.png Source: http://upload.wikimedia.org/wikipedia/commons/1/10/Firewall_bw.png License: GPL Contributors: http:
//www.opendesktop.org/content/show.php?content=72618 Original artist: DBGthekafu
File:Flag_of_Las_Vegas,_Nevada.svg Source:
http://upload.wikimedia.org/wikipedia/commons/e/ed/Flag_of_Las_Vegas%2C_
Nevada.svg License: Public domain Contributors: Own work Original artist: Dyfsunctional
File:Folder_Hexagonal_Icon.svg Source: http://upload.wikimedia.org/wikipedia/en/4/48/Folder_Hexagonal_Icon.svg License: Cc-bysa-3.0 Contributors: ? Original artist: ?
File:Free_Software_Portal_Logo.svg Source:
http://upload.wikimedia.org/wikipedia/commons/3/31/Free_and_open-source_
software_logo_%282009%29.svg License: Public domain Contributors: FOSS Logo.svg Original artist: Free Software Portal Logo.svg
(FOSS Logo.svg): ViperSnake151
File:Glider.svg Source: http://upload.wikimedia.org/wikipedia/commons/4/45/Glider.svg License: Public domain Contributors: Hacker
Emblem Original artist: Eric S. Raymond
File:Gnome-mime-sound-openclipart.svg
Source:
Gnome-mime-sound-openclipart.svg License: Public domain Contributors: Own work. Based on File:Gnome-mime-audio-openclipart.
svg, which is public domain. Original artist: User:Eubulides
File:Gufw_10.04.4.png Source: http://upload.wikimedia.org/wikipedia/commons/b/ba/Gufw_10.04.4.png License: GPL Contributors:
http://gufw.tuxfamily.org Original artist: ?
File:Internet_map_1024.jpg Source: http://upload.wikimedia.org/wikipedia/commons/d/d2/Internet_map_1024.jpg License: CC BY
2.5 Contributors: Originally from the English Wikipedia; description page is/was here. Original artist: The Opte Project
File:Internet_map_1024_-_transparent.png Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Internet_map_1024_-_
transparent.png License: CC BY 2.5 Contributors: Originally from the English Wikipedia; description page is/was here. Original artist:
The Opte Project
File:Keylogger-hardware-PS2-example-connected.jpg
Keylogger-hardware-PS2-example-connected.jpg License:
59-430-large.jpg Original artist: http://www.weboctopus.nl
Source:
GFDL
http://upload.wikimedia.org/wikipedia/commons/d/dc/
Contributors:
http://www.weboctopus.nl/webshop/img/p/
189
File:Keylogger-hardware-PS2.jpg Source: http://upload.wikimedia.org/wikipedia/commons/1/11/Keylogger-hardware-PS2.jpg License: Copyrighted free use Contributors: http://www.keylogger-keyloggers.nl/images/keylogger_company_keylogger_hardware_PS2.jpg

Original artist: www.keylogger-keyloggers.nl
File:Keylogger-screen-capture-example.png
Source:
Keylogger-screen-capture-example.png License: ? Contributors: Own work Original artist: own work
File:Keylogger-software-logfile-example.jpg
Source:
http://upload.wikimedia.org/wikipedia/commons/c/c4/
Keylogger-software-logfile-example.jpg License: GPL Contributors: Own work in combination with the keylogger program
http://pykeylogger.sourceforge.net/ and the text editor http://notepad-plus.sourceforge.net/ Original artist: Own work
File:Lamo-Mitnick-Poulsen.png Source: http://upload.wikimedia.org/wikipedia/commons/f/fa/Lamo-Mitnick-Poulsen.png License:
Public domain Contributors: en:Image:Lmp.jpg Original artist: Matthew Griths
File:Michael_Lynn_Black_Hat_Briefing_Las_Vegas_2005.jpg Source:
http://upload.wikimedia.org/wikipedia/commons/5/5b/
Michael_Lynn_Black_Hat_Briefing_Las_Vegas_2005.jpg License: Public domain Contributors: ? Original artist: ?
File:Monitor_padlock.svg Source: http://upload.wikimedia.org/wikipedia/commons/7/73/Monitor_padlock.svg License: CC BY-SA 3.0
Contributors: Transferred from en.wikipedia; transferred to Commons by User:Logan using CommonsHelper.
Original artist: Lunarbunny (talk). Original uploader was Lunarbunny at en.wikipedia
File:Morris_Worm.jpg Source: http://upload.wikimedia.org/wikipedia/commons/b/b6/Morris_Worm.jpg License: CC BY-SA 2.0 Contributors: Museum of Science - Morris Internet Worm Original artist: Go Card USA from Boston, USA
File:Netfilter-packet-flow.svg Source: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg License: CC
BY-SA 3.0 Contributors: Own work, Origin SVG PNG Original artist: Jengelh
File:PersonalStorageDevices.agr.jpg Source: http://upload.wikimedia.org/wikipedia/commons/8/87/PersonalStorageDevices.agr.jpg
License: CC-BY-SA-3.0 Contributors: I took this photograph of artifacts in my possession Original artist: --agr 15:53, 1 Apr 2005 (UTC)
File:Portal-puzzle.svg Source: http://upload.wikimedia.org/wikipedia/en/f/fd/Portal-puzzle.svg License: Public domain Contributors: ?
Original artist: ?
File:Question_book-new.svg Source: http://upload.wikimedia.org/wikipedia/en/9/99/Question_book-new.svg License: Cc-by-sa-3.0
Contributors:
Created from scratch in Adobe Illustrator. Based on Image:Question book.png created by User:Equazcion Original artist:
Tkgd2007
File:Rkhunter_Ubuntu.png Source: http://upload.wikimedia.org/wikipedia/en/5/5c/Rkhunter_Ubuntu.png License: ? Contributors:
Screenshot taken in Ubuntu
Original artist:
Michael Boelen et al
File:Rkhunter_on_Mac_OS_X.png Source: http://upload.wikimedia.org/wikipedia/commons/c/c0/Rkhunter_on_Mac_OS_X.png License: GPL Contributors: Transferred from en.wikipedia; transferred to Commons by User:IngerAlHaosului using CommonsHelper. Original artist: Original uploader was CyberSkull at en.wikipedia. Later version(s) were uploaded by Eliashc at en.wikipedia.
File:RootkitRevealer.png Source: http://upload.wikimedia.org/wikipedia/en/9/9c/RootkitRevealer.png License: Fair use Contributors:
http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx Original artist: ?
File:Scale_of_justice_2.svg Source: http://upload.wikimedia.org/wikipedia/commons/0/0e/Scale_of_justice_2.svg License: Public domain Contributors: Own work Original artist: DTR
File:Stering.jpg Source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Stering.jpg License: BSD Contributors: Transferred from
en.wikipedia; transferred to Commons by User:IngerAlHaosului using CommonsHelper. Original artist: Original uploader was Lamendoluz
at en.wikipedia
File:U.S._Navy_Cyber_Defense_Operations_Command_monitor.jpg Source: http://upload.wikimedia.org/wikipedia/commons/d/
d6/U.S._Navy_Cyber_Defense_Operations_Command_monitor.jpg License: Public domain Contributors: http://www.navy.mil/
management/photodb/photos/081203-N-2147L-390.jpg Original artist: Mass Communications Specialist 1st Class Corey Lewis , U.S.
Navy
File:Virus_Blaster.jpg Source: http://upload.wikimedia.org/wikipedia/commons/e/ec/Virus_Blaster.jpg License: Public domain Contributors: http://nuevovirus.info/virus-blaster/ Original artist: admin
File:Wiki_letter_w_cropped.svg Source: http://upload.wikimedia.org/wikipedia/commons/1/1c/Wiki_letter_w_cropped.svg License:
CC-BY-SA-3.0 Contributors:
Wiki_letter_w.svg Original artist: Wiki_letter_w.svg: Jarkko Piiroinen
File:Wikibooks-logo-en-noslogan.svg Source: http://upload.wikimedia.org/wikipedia/commons/d/df/Wikibooks-logo-en-noslogan.
svg License: CC BY-SA 3.0 Contributors: Own work Original artist: User:Bastique, User:Ramac et al.
File:Wiktionary-logo-en.svg Source: http://upload.wikimedia.org/wikipedia/commons/f/f8/Wiktionary-logo-en.svg License: Public domain Contributors: Vector version of Image:Wiktionary-logo-en.png. Original artist: Vectorized by Fvasconcellos (talk contribs), based
on original logo tossed together by Brion Vibber
File:Wiktionary-logo.svg Source: http://upload.wikimedia.org/wikipedia/commons/e/ec/Wiktionary-logo.svg License: CC BY-SA 3.0
Contributors: ? Original artist: ?
File:Windows_ActiveX_security_warning_(malware).png Source:
http://upload.wikimedia.org/wikipedia/en/7/71/Windows_
ActiveX_security_warning_%28malware%29.png License: ? Contributors: ? Original artist: ?
33.9.3
Content license
Creative Commons Attribution-Share Alike 3.0

The White Book

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The White Book

Uploaded by

Copyright:

Available Formats

Contents

1949-1980 period (pre-antivirus days) . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1980-1990 period (early days) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1990-2000 period (emergence of the antivirus industry) . . . . . . . . . . . . . . . . . . .

Unexpected renewal costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Rogue security applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Problems caused by false positives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

System and interoperability related issues . . . . . . . . . . . . . . . . . . . . . . . . . . .

Performance and other drawbacks

Hardware and network Firewall

Usage and risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Threats, Attacks, Vulnerabilities, and Countermeasures

Application Threats / Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Mobile application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Security testing for applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Security standards and regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.10 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Object code backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

List of known backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Black Hat Briengs

New conference goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Antics and disclosures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Historical list of botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6.11 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Fraud and nancial crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Combating computer crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.1.11 Social engineering and trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.1.12 Indirect attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.1.13 Computer crime

Utilities and industrial equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Financial cost of security breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Computer protection (countermeasures)

Security and systems design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Hardware protection mechanisms

Secure operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Capabilities and access control lists

8.4.10 Hacking back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Notable computer security attacks and breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Robert Morris and the rst computer worm . . . . . . . . . . . . . . . . . . . . . . . . .

TJX loses 45.7m customer credit card details . . . . . . . . . . . . . . . . . . . . . . . . .

Global surveillance disclosures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Target And Home Depot Breaches by Rescator . . . . . . . . . . . . . . . . . . . . . . . .

Legal issues and global regulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Actions and teams in the US . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cybersecurity Act of 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

International Cybercrime Reporting and Cooperation Act . . . . . . . . . . . . . . . . . .

Protecting Cyberspace as a National Asset Act of 2010 . . . . . . . . . . . . . . . . . . .

White House proposes cybersecurity legislation . . . . . . . . . . . . . . . . . . . . . . .

White House Cybersecurity Summit . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Computer Emergency Readiness Team . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.10 National teams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.10.2 Other countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.11 Cybersecurity and modern warfare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.12 The cyber security job market . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.15 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.16 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.18 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Worms with good intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Protecting against dangerous computer worms . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.2 Delivery vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.3.1 United States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.6 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11.3 Creation of cryptoviruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .