Information Security: Barbarians at the Gateway Flashcards

Comprehensive vocabulary and case studies covering information security threats, tactics, and actor motivations as discussed in the lecture notes.

Equifax Breach

A major security failure affecting $143$ million victims in the U.S., U.K., and Canada, occurring after the company failed to patch a known vulnerability for a two-month period.

Target 2013 Breach

A security incident where hackers stole $40$ million credit cards and exposed information for $70$ million consumers because the company ignored FireEye warnings and disabled automatic malware deletion.

Vulnerability Factor: Personnel

A dimension of security weakness involving human error, insider threats, and a lack of training.

Apache Log4j (Log4Shell)

A critical vulnerability in a free, open-source tool embedded in global infrastructure that exposed major firms like Apple, Amazon, and IBM to strategic risk.

Data Harvesters

Cybercriminals who infiltrate systems to collect personal, financial, and credential data at scale with the intent to sell it on dark web marketplaces.

Cash-Out Fraudsters

Criminals who purchase stolen data from harvesters to monetize it by buying goods, opening fraudulent accounts, or laundering funds.

Botnets

Vast networks of surreptitiously infiltrated computers, often called "zombies," which are controlled remotely for spam, click fraud, or DDoS attacks.

DDoS Attacks (Distributed Denial of Service)

An attack that floods a firm's systems with thousands of seemingly legitimate requests to overwhelm servers and shut down services.

Ransomware

A form of cyberattack where criminals encrypt an organization's critical data and demand payment, typically in untraceable cryptocurrency, for the decryption key.

Double Extortion

A ransomware tactic where operators not only lock up data but also threaten to publicly release sensitive information to increase pressure on victims.

Stuxnet

A notorious act of cyberwarfare that infiltrated Iranian nuclear facilities to reprogram industrial control software and physically destroy uranium-enriching centrifuges.

Hacktivists

Protesters who use technology tools like system infiltration and website defacement to make a political point or advance an ideological agenda.

Griefers & Trolls

Malicious pranksters motivated by chaos or entertainment, capable of crashing servers or flooding public services with bogus requests.

Revenge-Seeking Insiders

Disgruntled employees with privileged access who sabotage operations, delete systems, or leak confidential data from within an organization.

Edward Snowden

A former CIA employee and NSA contractor who leaked over $1.7$ million digital documents in $2013$ revealing pervasive government data-monitoring programs.

XKeyscore

A surveillance tool disclosed in the Snowden leaks described as allowing the collection of data on nearly everything a user does on the Internet.

FISA (Foreign Intelligence Surveillance Court)

The legal body from which the NSA is required to obtain a warrant when specifically targeting surveillance within the United States.

White Hat Hackers

Ethical security researchers who uncover system weaknesses without exploiting them in order to contribute to stronger defense and resilience.

Black Hat Hackers

Computer criminals who exploit vulnerabilities for personal gain, espionage, or destruction without authorization.

Red Teams

Authorized groups hired by organizations to act as adversaries, probing for weaknesses and testing defenses before real attackers can exploit them.

Blue Teams

Defensive security professionals responsible for maintaining internal network defenses and responding to security incidents in real time.

RSA Security Breach

A high-profile attack where hackers stole data keys used in commercial authentication devices, compromising infrastructure trusted by thousands of global organizations.