Reverse Deception: Organized Cyber Threat Counter-Exploitation (126 page)

Glossary

ACL (Access Control List)
A list of rules commonly associated with network devices that are designed to allow or deny access to and from defined network sources and destinations.

ACT (Advanced Cyber Threat)
A threat (individual or group) that has a well-funded base to develop, design, or deploy advanced tools and tactics against targeted victims.

APT (Advanced Persistent Threat)
A threat (individual or group) that is consistently and continuously attempting or actively exploiting your enterprise resources with a specific set of goals or objectives in mind.

AV (Antivirus)
A host-based application that attempts to identify known threats on a host prior to download or execution of the malicious code or application.

BIOS (Basic Input/Output Systems)
The basic system in place on a motherboard to help access, run, and manage processes when the system is started.

BPH (Bulletproof Hosting)
A web-hosting provider that caters to shady business practices in support of illegitimate or illegal Internet activities and also does not regularly comply with security vendors or law enforcement.

CCI (Cyber Counterintelligence)
The application of traditional counterintelligence practices to the cyber world in order to identify and track specific threats or criminal campaigns.

CCTV (Closed-Circuit Television)
A video monitoring system for physical and operational security used regularly around the world.

CI (Counterintelligence)
The act of preventing adversarial groups from collecting intelligence or sensitive information on the defending network or organization.

CIO (Chief Information Officer)
The executive who is responsible for an organization’s IT.

CnC (Command and Control)
The Internet location where malware will phone home to receive instructions, updates, and commands from a criminal operator.

COA (Course of Action)
Any sequence of activities that an individual or team may follow.

COG (Center of Gravity)
The source of strength (physical or mental) to act at will.

CSO (Chief Security Officer)
The executive who is responsible for the security of an organization’s information.

D5 (Disrupt, Deny, Degrade, Deceive, and Destroy)
A common term used by the military when discussing levels of damage to an adversary’s cyber or kinetic operating capability.

DDoS (Distributed Denial of Service)
A process of using numerous Internet hosts in coordination to flood a service with large volumes of traffic to an Internet host to generally deny service to the rest of the world to a predefined destination.

DHCP (Dynamic Host Control Protocol)
A networking protocol used around the world to automate the allocation of an IP address to a networked host.

DHS (Department of Homeland Security)
The US government agency responsible for protecting the United States, its citizens, and its infrastructure.

DLL (Dynamic Link Library)
A Microsoft Windows operating system-based system file commonly exploited or used as a file type to hide malware (contained within or attached to a DLL).

DMZ (Demilitarized Zone)
A public-facing portion of the network commonly used to host Internet-facing services, such as WWW, DNS, or other public web services, to the world.

DNS (Domain Name Service)
A service that runs throughout the Internet allowing the mapping of a qualified domain name to an IP address (for example,
www.google.com
maps to 74.125.47.105).

DoD (Department of Defense)
The cabinet-level department of the executive branch charged with deterring war and protecting US interests.

DoS (Denial of Service)
A process of flooding a service with large volumes of traffic to an Internet host to generally deny service to the rest of the world to a predefined destination.

EK (Exploit Kit)
A kit designed as a lightweight web server with modules that are used to exploit the client-side applications of anyone visiting the website where the kit is installed.

FAV (Fake Antivirus)
Commonly referred to as rogue AV, a criminal-based antivirus that shuts down system security settings and holds the victim’s computer for ransom until payments are made.

FEMA (Federal Emergency Management Agency)
The US government agency responsible for responding to natural disasters and catastrophes that affect citizens of the United States.

FISA (Foreign Intelligence Surveillance Act)
A US legal statute that describes procedures for performing surveillance against both suspected physical and electronic assets on agents of foreign powers operating within the boundaries of the United States.

FORSCOM (United States Army, Forces Command)
The US Army command responsible for preparing conventional forces for combat.

FTK (Forensic Toolkit)
A commercially available vendor product that is highly recommended for the purposes of digital forensics or digital media analysis.

FTP (File Transfer Protocol)
An unencrypted file transfer protocol between systems, which is commonly run on port 21.

FUD (Fear, Uncertainty, and Doubt/Doom)
A common term used in the IT industry to reference fear of unknown, speculative, or negative information, and associated with describing disinformation.

FUSAG (First US Army Group)
This fictitious military group was a part of a military operation in World War II before D-Day, which was devised to deceive German forces.

GEN (Generation)
Synonymous with the software term
version
and commonly associated with the evolution of honeynet technologies (such as GENI, GENII, and GENIII), although the term can be associated with a version or release of a software or hardware platform.

HIDS (Host Intrusion Detection System)
A host-based security engine that analyzes, detects, and alerts on malicious network traffic and activity or execution of code within a host’s local operating system.

HIPS (Host Intrusion Prevention System)
A host-based security engine that analyzes, detects, alerts, and attempts to prevent the execution of malicious execution or activity within a host’s local operating system.

HOIC (High Orbit Ion Cannon)
Commonly used by the hacktivist group Anonymous and Anti-Sec, a second-generation DoS tool that evolved from LOIC and uses custom code, referred to as
boosters
, to amplify the strength and capability of the tool (regularly used by Anonymous in a coordinated fashion, which then becomes a DDoS activity).

HTTP (Hypertext Transfer Protocol)
The primary protocol used for presenting web-based content to website visitors.

HUMINT (Human Intelligence)
The skill or tradecraft of espionage via human actions in the real world that can be used in the cyber realm to help with attribution.

IAD (Information Assurance Directorate)
One of the two primary divisions of the US National Security Agency whose role and mission is to prevent foreign adversaries from obtaining classified or sensitive information.

ID (Identification)
A common term used to refer to an electronic or a physical identifier for an individual’s personally identifiable information (PII).

IDS (Intrusion Detection System)
A network-based security system that monitors, analyzes, and alerts based on a predefined set of rules meant to detect malicious network activity within an organization’s enterprise.

IOS (Internetworking Operating System)
Commonly used to refer to Cisco Corporation’s router operating system platform.

IP (Internet Protocol)
A series of digital languages or protocols that enable communication across the Internet.

IPS (Intrusion Prevention System)
A network-based security system that monitors, analyzes, alerts, and attempts to prevent malicious network traffic based on predefined rules put in place by an organization to help automate threat mitigation.

IRC (Internet Relay Chat)
A system designed to provide global chat services between individuals or groups; generally considered to be used by those who wish to remain in the underground or not use more modern (and monitored) platforms for chats.

ISP (Internet Service Provider)
A company that provides Internet connectivity to businesses and residents around the world (such as Vodafone, Comcast, Verizon, AT&T, and British Telecom).

IT (Information Technology)
Commonly refers to various platforms and standards associated with information systems and modern computing.

IWM (Information Warfare Manual)
A set of cyber or information technology based manuals for conducting computer network attack, defense, and exploitation possessed by every world government.

LOIC (Low Orbit Ion Cannon)
The first version of the DoS tool used by the international hacktivist group called Anonymous.

LULZ
Digital slang that became popular due to the international hacktivist group called Anonymous, which references the twisted or warped humor of laughing out loud (LOL).

MILDEC (Military Deception)
A series of processes and procedures that enable military-based deception ranging from offensive to defensive deception of one’s adversaries.

MX (Message Exchanger)
One of the original terms used to reference an e-mail server or mail exchange.

NCIX (National Counterintelligence Executive)
An independent agency of the US government executive branch responsible for counterintelligence and security interests of federal agencies.

NSA (National Security Agency)
Member of the US intelligence community responsible for signals intelligence (SIGINT).

OPSEC (Operational Security)
The process of protecting unclassified information.

OS (Operating System)
Programs and protocols that manage a computer’s hardware resources and also provide for the operation of common services.

P2P (Peer-to-Peer)
A computer in a network that can perform as either a client or host that connects directly to another computer with the same stipulations.

P2V (Physical-to-Virtual)
The method of converting a physical system image to a virtual machine manager guest OS image.

PBX (Private Branch Exchange)
A telephone system that allows local users to freely use the system and allows the same users to access a limited number of external lines (usually as a cost-saving measure).

PCAP (Packet Capture)
The process of obtaining flow data from a network.

PID (Process Identifier)
A number used by the kernel to identify a process.

PII (Personally Identifiable Information)
Uniquely identifiable information of an individual stored in information systems (coveted as the crown jewels to most cyber criminals or organized threats).

PLA (People’s Liberation Army)
The National Army of the People’s Republic of China (PRC).

PLC (Programmable Logic Controller)
A computer used to automate mechanical processes.

POF (Passive OS Fingerprinting)
The ability to identify the operating system of a computer system by analyzing the TCP/IP stack.

POP (Point of Presence)
An access point to the Internet, which is a physical location that holds ATM switches, routers, servers, and call aggregators.

PRC (People’s Republic of China)
Most populated country in the world run by a single party, the Communist Party of China.

PT (Persistent Threat)
A number of tools that are able to exploit a given vulnerability in a specified computer system over a period of time.