CypherGhost
Page 23
MI-6. Also known as Great Britain’s Secret Intelligence Service.
Mossad. The Institute for Intelligence and Special Operations; originally called the Institute for Coordination; called “the Office” by those who work there.
Ness Ziona. Israeli weapons laboratory, located in Herzliyya, Israel.
neviot. Surveillance specialist for the Mossad.
NI. Intelligence branch of the Israeli navy.
NOC. Non-official cover; the status of a contractor working with the CIA in-country and without sanction or cover from the Agency.
NSA. National Security Agency; formed under the Truman administration and used as the technology management arm of the United States government.
Office, The. The name of the Mossad used by most of its case officers (katsas).
qoph. Communications officer for the Mossad.
RAID. Redundant array of independent disks; used as a physical non-cloud device for backup of high-value data.
RSA. An encryption algorithm, or key, used to safely send messages between parties on the Internet.
S-13 Russian World War II Submarine. S-13 was a Stalinets-class submarine of the Soviet Navy. Her keel was laid down by Krasnoye Sormovo in Gorky on 19 October 1938. She was launched on 25 April 1939 and commissioned on 31 July 1941 in the Baltic Fleet, under the command of Captain Pavel Malantyenko. At about 600 tons, this sub carries 12 torpedoes and 6 torpedo tubes, and has a mounted 100mm machine gun and a 45mm cannon on its deck. S-13 was decommissioned on 7 September 1954.
S-56 Russian World War II Submarine. S-56 was a Stalinets-class submarine of the Soviet Navy. Her keel was laid down by Dalzavod in Vladivostok on 24 November 1936. She was launched on 25 December 1939 and commissioned on 20 October 1941 in the Pacific Fleet. During World War II, the submarine was under the command of Captain Grigori Shchedrin and was moved from the Pacific Fleet to the Northern fleet across the Pacific and Atlantic Oceans via the Panama Canal. At about 840 tons, this sub carries 12 torpedoes and 6 torpedo tubes, and has a mounted 100mm machine gun and a 45mm cannon on its deck. Now decommissioned.
safe house. Apartment or house used covertly for a base of operations.
sayan. A helper for the Mossad. (plural: sayanim.)
Shabak. Also known as GSS or Shin Bet; responsible for internal security and defense of Israeli installations abroad, including embassies, consulates, and other organizations.
siloviki. Russian word (the term silovik, literally translates as “person of force”) for politicians from the security or military services, often the officers of the former KGB, GRU, FSB, SVR, the Federal Drug Control, or other security services who came into power. It can also refer to security-service personnel. Siloviki are used to run errands between the Russian mafiya and the Russian government. Some work for the Russian mafiya.
sitrep. Situation report.
slick. Hiding place for documents.
souk. A Middle Eastern marketplace, usually an open-air farmer’s market that also sells craft items.
surveillance detection route. A method used by covert agents, walking back and forth several city blocks, looking in the reflective surfaces to discern if they are being followed.
SWIFT. The Society for Worldwide Interbank Financial Telecommunications, a European agency that sets standards for global financial messages used by banks for near-real-time settlement of electronic funds transfers. The transaction types (debit memo, credit memo, etc.) have numbers to identify them; e.g., MT100 is a credit memo sent by one bank to another to indicate payment via real-time book entry.
systema. Martial art used primarily in Russian military and covert operations.
Tze’elim. Israel’s Urban Warfare Training Center in the Negev Desert.
Va’adet Rashei Hasherutim. The committee of the heads of service in Israel’s intelligence community. Mossad is a prime member.
virus (computer). A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
Vory. Russian criminal brotherhood, compatriots.
Wahhabi. Puritan doctrine of Islam, founded by Muhammad ibn Abd al-Wahhab (1703–1792) in Saudi Arabia.
wash. Recycling of a valid passport obtained by theft or purchase.
worm (computer). A standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.
yahalom. A covert computer hacker, or cybercriminal working for the Mossad’s Yahalomim unit.
zombie patriot. A person with a terminal disease who decides to sacrifice his or her life to earn money that might benefit surviving loved ones.
Glossary B
From Motherboard, definitions related specifically to hacking:
Attribution. the process of establishing who is behind a hack. Often, attribution is the most difficult part of responding to a major breach since experienced hackers may hide behind layers of online services that mask their true location and identity. Many incidents, such as the Sony hack, may never produce any satisfactory attribution.
Backdoor. Entering a protected system using a password can be described as going through the front door. Companies may build “backdoors” into their systems, however, so that developers can bypass authentication and dive right into the program. Backdoors are usually secret, but may be exploited by hackers if they are revealed or discovered.
Black hat. A black-hat hacker is someone who hacks for personal gain and/or who engages in illicit and unsanctioned activities. As opposed to white-hack hackers (see below), who traditionally hack in order to alert companies and improve services, black-hat hackers may instead sell the weaknesses they discover to other hackers or use them.
Botnet. Is your computer part of a botnet? It could be, and you might not know it. Botnets, or zombie armies, are networks of computers controlled by an attacker. Having control over hundreds or thousands of computers lets bad actors perform certain types of cyberattacks, such as a DDoS (see below). Buying thousands of computers wouldn’t be economical, however, so hackers deploy malware to infect random computers that are connected to the internet. If your computer gets infected, your machine might be stealthily performing a hacker’s bidding in the background without your ever noticing.
Brute force. A brute force attack is arguably the least sophisticated way of breaking into a password-protected system, short of simply obtaining the password itself. A brute force attack will usually consist of an automated process of trial-and-error to guess the correct passphrase. Most modern encryption systems use different methods for slowing down brute force attacks, making it hard or impossible to try all combinations in a reasonable amount of time.
Bug. A bug is a flaw or error in a software program. Some are harmless or merely annoying, but some can be exploited by hackers. That’s why many companies have started using bug bounty programs to pay anyone who spots a bug before the bad guys do.
Cracking. A general term to describe breaking into a security system, usually for nefarious purposes. According to the New Hacker’s Dictionary published by MIT Press, the words “hacking” and “hacker” (see below) in mainstream parlance have come to subsume the words “cracking” and “cracker,” and that’s misleading. Hackers are tinkerers; they’re not necessarily bad guys. Crackers are malicious. At the same time, you’ll see cracking used to refer to breaking, say, digital copyright protections—which many people feel is a just and worthy cause—and in other contexts, such as penetration testing (see below), without the negative connotation.
Crypto. Short for cryptography, the science of secret communication or the procedures and processes for hiding data and messages with encryption (see below).
Chip-off. A chip-off attack requires the hacker to physically remove memory storage chips in a device so that information
can be scraped from them using specialized software. This attack has been used by law enforcement to break into PGP-protected Blackberry phones.
Dark Web. The Dark Web is made up of sites that are not indexed by Google and are only accessible through specialty networks such as Tor (see below). Often, the Dark Web is used by website operators who want to remain anonymous. Everything on the Dark Web is on the Deep Web, but not everything on the Deep Web is on the Dark Web.
DDoS. This type of cyberattack has become popular in recent years because it’s relatively easy to execute and its effects are obvious immediately. DDoS stands for Distributed Denial of Service Attack, which means an attacker is using a number of computers to flood the target with data or requests for data. This causes the target—usually a website—to slow down or become unavailable. Attackers may also use the simpler Denial of Service attack, which is launched from one computer.
Deep Web. This term and “Dark Web” or “Dark Net” are sometimes used interchangeably, though they shouldn’t be. The deep web is the part of the internet that is not indexed by search engines. That includes password-protected pages, paywalled sites, encrypted networks, and databases—lots of boring stuff.
DEF CON. One of the most famous hacking conferences in the US and the world, which started in 1992 and takes place every summer in Las Vegas.
Digital Certificate. A digital passport or stamp of approval that proves the identity of a person, website or service on the internet. In more technical terms, a digital certificate proves that someone is in possession of a certain cryptographic key that, traditionally, can’t be forged. Some of the most common digital certificates are those of websites, which ensure your connection to them is properly encrypted. These get displayed on your browser as a green padlock.
Encryption. The process of scrambling data or messages to make them unreadable and secret. The opposite is decryption, the decoding of the message. Both encryption and decryption are functions of cryptography. Encryption is used by individuals as well as corporations and in digital security for consumer products.
End-to-end encryption. A particular type of encryption in which a message or data gets scrambled or encrypted on one end, for example your computer or phone, and gets decrypted on the other end, such as someone else’s computer. The data are scrambled in a way that, at least in theory, only the sender and receiver—and no one else—can read it.
Evil maid attack. As the name probably suggests, an evil maid attack is a hack that requires physical access to a computer—the kind of access an evil maid might have while tidying his or her employer’s office, for example. By having physical access, a hacker can install software to track your use and gain a doorway even to encrypted information.
Exploit. An exploit is a way or process to take advantage of a bug or vulnerability in a computer or application. Not all bugs lead to exploits. Think of it this way: If your door was faulty, it could be simply that it makes a weird sound when you open it, or that its lock can be picked. Both are flaws but only one can help a burglar get in. The way the criminal picks the lock would be the exploit.
Forensics. On CSI, forensic investigations involve a series of methodical steps in order to establish what happened during a crime. When it comes to a hack, however, investigators are looking for digital fingerprints instead of physical ones. This process usually involves trying to retrieve messages or other information from a device—perhaps a phone, a desktop computer, or a server—used, or abused, by a suspected criminal.
GCHQ. The UK’s equivalent of the US National Security Agency. GCHQ, or Government Communications Headquarters, focuses on foreign intelligence, especially around terrorism threats and cybersecurity. It also investigates the digital child pornography trade. “As these adversaries work in secret, so too must GCHQ,” the organization says on its website. “We cannot reveal publicly everything that we do, but we remain fully accountable.”
Hacker. This term has become—wrongly—synonymous with someone who breaks into systems or hacks things illegally. Originally, hackers were simply tinkerers, or people who enjoyed “exploring the details of programmable systems and how to stretch their capabilities,” as the MIT New Hacker’s Dictionary puts it. Hackers can now be used to refer to both the good guys, also known as white-hat hackers, who play and tinker with systems with no malicious intent (and actually often with the intent of finding flaws so they can be fixed), and cybercriminals, or black-hat hackers, or “crackers.”
Hacktivist. A “hacktivist” uses his or her hacking skills for political ends. A hacktivist’s actions may be small, such as defacing the public website of a security agency or other government department, or large, such as stealing sensitive government information and distributing it to citizens. One often-cited example of a hacktivist group is Anonymous.
Hashing. Say you have a piece of text that should remain secret, like a password. You could store the text in a secret folder on your machine, but if anyone gained access to it you’d be in trouble. To keep the password a secret, you could also “hash” it with a program that executes a function resulting in garbled text representing the original information. This abstract representation is called a hash. Companies may store passwords or facial recognition data with hashes to improve their security.
HTTPS/SSL/TLS, Stands for Hypertext Transfer Protocol, with the “S” for “Secure.” The Hypertext Transfer Protocol (HTTP) is the basic framework that controls how data is transferred across the web, while HTTPS adds a layer of encryption that protects your connection to the most important sites in your daily browsing—your bank, your email provider, and social networks. HTTPS uses the protocols SSL and TLS not only to protect your connection but also to prove the identity of the site, so that when you type https://gmail.com you can be confident you’re really connecting to Google and not an imposter site.
Infosec. An abbreviation of “Information Security.” It’s the inside baseball term for what’s more commonly known as cybersecurity, a term that irks most people who prefer infosec.
Jailbreak. Circumventing the security of a device, like an iPhone or a PlayStation, to remove a manufacturer’s restrictions, generally with the goal to make it run software from non-official sources.
Keys. Modern cryptography uses digital “keys.” In the case of PGP encryption, a public key is used to encrypt, or “lock,” messages and a secret key is used to decrypt, or “unlock,” them. In other systems, there may be only one secret key that is shared by all parties. In either case, if an attacker gains control of the key that does the unlocking, they may have a good chance at gaining access to the contents of the message.
local area network (LAN). A network of computing devices arranged to facilitate communications among the devices and with external-to-the-network devices.
MAC (Medium Access Control). An algorithm for identification of a wireless network. When used in reference to hardware (computers), it is the identifier of a specific computer used in telecommunications. MAC provides encryption possibilities and deals with channel contention by using control packets with RTS (Request To Send) and CTS (Clear To Send) designators.
Lulz. An internet-speak variation on “lol” (short for “laughing out loud”) employed regularly among the black-hat hacker set, typically to justify a hack or leak done at the expense of another person or entity. Sample use: y did i leak all contracts and employee info linked to Sketchy Company X? for the lulz
Malware. Stands for “malicious software.” It simply refers to any kind of a malicious program or software, designed to damage or hack its target. Viruses, worms, Trojan horses, ransomware, spyware, adware, and more are malware.
Man-in-the-middle. A man-in-the-middle, or MitM, is a common attack in which someone surreptitiously puts themselves between two parties, impersonating them. This allows the malicious attacker to intercept and potentially alter their communication. With this type of attack, one can just passively listen in, relaying messages and data between the two parties, or even alter
and manipulate the data flow.
Metadata. Metadata is simply data about data. If you were to send an email, for example, the text you type to your friend will be the content of the message, but the address you used to send it, the address you sent it to, and the time you sent it would all be metadata. This may sound innocuous, but with enough sources of metadata—for example, geolocation information from a photo posted to social media—it can be easy to piece together someone’s identity or location.
NIST. The National Institute of Standards and Technology is an arm of the US Department of Commerce dedicated to science and metrics that support industrial innovation. The NIST is responsible for developing information security standards for use by the federal government, and therefore it’s often cited as an authority on which encryption methods are rigorous enough to use given modern threats.
Nonce. A portmanteau of number and once, nonce literally means “a number only used once.” It’s a string of numbers generated by a system to identify a user for a one-time-use session or specific task. After that session, or a set period of time, the number isn’t used again.
OpSec. OpSec is short for operational security, and it’s all about keeping information secret, online and off. Originally a military term, OpSec is a practice and in some ways a philosophy that begins with identifying what information needs to be kept secret, and whom you’re trying to keep it a secret from. “Good” OpSec will flow from there, and may include everything from passing messages on Post-Its instead of emails to using digital encryption. In other words: Loose tweets destroy fleets.
OTR. What do you do if you want to have an encrypted conversation, but it needs to happen fast? OTR, or Off-the-Record, is a protocol for encrypting instant messages end-to-end. Unlike PGP, which is generally used for email and so each conversant has one public and one private key in their possession, OTR uses a single temporary key for every conversation, which makes it more secure if an attacker hacks into your computer and gets hold of the keys. OTR is also generally easier to use than PGP.