The world of cybersecurity is full of jargon and jargon. At TechCrunch, we've been writing about cybersecurity for years, but we still need to refresh our memory from time to time to see what exactly certain words and phrases mean. So we've created this glossary, which contains some of the most common (and not-so-common) words and phrases we use in our articles, along with explanations of how and why we use them.
This is a developing overview and will be updated regularly.
The ability to execute commands or malicious code on an affected system, often due to a security vulnerability in the system's software. Arbitrary code execution can be performed remotely or with physical access to the affected system (such as someone's device). When arbitrary code execution can be performed over the internet, security researchers typically refer to it as remote code execution.
Code execution is often used as a means to plant a backdoor to maintain long-term, persistent access to a system, or as a means to run malware that can be used to access deeper parts of the system or other devices on the same network.
(See: Remote Code Execution)
A botnet is a network that attempts to hijack internet-connected devices, such as webcams or home routers, in order to inject them with malware (or sometimes weak or default passwords) and use them in cyber attacks. Botnets consist of hundreds or thousands of devices and are typically controlled by a command-and-control server that sends commands to the captured devices. Botnets can be used for a variety of malicious purposes, using a distributed network of devices to hide internet traffic for cybercriminals, distribute malware, or utilize the entire bandwidth of devices to maliciously crash websites and online services with large amounts of junk internet traffic.
(See also: command and control servers, distributed denial of service)
A bug is essentially a software glitch, an error or issue that causes the software to crash or behave unexpectedly. In some cases, a bug can also be a security vulnerability.
The term “bug” was coined in 1947 when early computers were the size of a room and consisted of heavy mechanical and moving devices. The first known instance of a bug in a computer was when a moth destroyed the electronic components of a room-sized computer.
(See also Vulnerability)
Command and control servers, also known as C2 servers, are used by cybercriminals to remotely manage and control fleets of compromised devices and carry out cyber attacks such as delivering malware over the internet or launching distributed denial of service attacks.
(See also: Botnet, Distributed Denial of Service)
When we talk about a data breach, we ultimately mean that data has been improperly taken away from where it belongs. But context matters, and the terminology we use to describe a particular incident can change.
A data breach is when protected data is confirmed to have been inappropriately released from the system on which it was originally stored, usually identified when the compromised data is discovered. It often refers to data exfiltration by malicious cyber attackers, or data exfiltration detected as a result of an inadvertent leak. Depending on what is known about the incident, we may use more specific terms to describe it if more details are known.
(See also: data exposure, data leak)
A data leak (a type of data breach) is when protected data is stored on a system with no access controls, either through human error or misconfiguration. This includes when a system or database is connected to the internet but has no password. Although data is leaked, it does not mean that the data was actively discovered, but it may still be considered a data breach.
A data leak (a type of data breach) is when protected data stored in a system is leaked due to an unknown vulnerability in the system or insider (e.g. employee) access. A data leak means that data may have been stolen or collected, but this cannot be confirmed with certainty through technical measures such as logs.
An orchestrated distributed denial of service (DDoS) is a type of cyber attack that floods targets on the internet with junk web traffic, overloading or crashing servers and taking down services for websites, online stores, gaming platforms and more.
DDoS attacks are launched by botnets, which consist of a network of hacked internet-connected devices (such as home routers or webcams) that a malicious operator can control remotely, usually from a command-and-control server. A botnet can consist of hundreds or even thousands of hijacked devices.
Although DDoS is a type of cyber attack, these data flooding attacks are not “hacking” in themselves, as they do not involve the compromise or exfiltration of data from the target, but rather cause a “denial of service” event for the affected services.
(See also Botnet, Command and Control Server)
Most modern systems are protected by multiple layers of security, including the ability to set up user accounts with more limited access to the underlying system configuration and settings. This prevents these users, or someone with unauthorized access to one of these user accounts, from tampering with the underlying core systems. However, a “privilege escalation” event can involve exploiting a bug or tricking the system into granting a user more access than they should have.
Malware can exploit bugs and flaws that allow for privilege escalation to gain deeper access to a device or connected network, allowing the malware to spread.
An exploit is a means of misusing or taking advantage of a vulnerability, usually to gain access to a system.
(See also Bugs, Vulnerabilities)
An abbreviation for “information security.” An alternative term used to describe defensive cybersecurity focused on protecting data and information. While industry veterans may prefer “infosec,” the term “cybersecurity” is more widely accepted. In modern times, the two terms are nearly interchangeable.
Jailbreaking is used in different contexts to mean using exploits or other hacking techniques to circumvent a device's security or remove restrictions that the manufacturer places on the hardware or software. For example, in the context of the iPhone, jailbreaking is a technique to remove Apple's restrictions on installing apps outside of its so-called “walled garden” or to gain the ability to conduct security research on Apple devices, which is usually highly restricted. In the context of AI, jailbreaking means figuring out how to get a chatbot to give out information it shouldn't.
Malware is a broad, umbrella term for any malicious software. Malware can come in many different forms and be used to exploit systems in many different ways. As such, malware used for a specific purpose is often called its own subcategory. For example, a type of malware used to monitor people's devices is also known as “spyware,” while malware that encrypts files and extorts money from victims is also known as “ransomware.”
(See also Spyware)
Metadata is information about digital content, but not the content itself. Metadata includes details such as the size of a file or document, who created it, when it was created, and, in the case of a digital photograph, information about where the image was taken and the device that took it. Metadata may not identify the content of a file, but it may help identify the origins of a document or who created it. Metadata can also refer to information about an interaction, such as who called or texted you, but not the content of the call or message itself.
Remote code execution refers to the ability to run commands or malicious code (such as malware) on a system over a network, often the Internet, without the need for human interaction. Remote code execution attacks vary in complexity, but can be extremely damaging if a vulnerability is exploited.
(See: Arbitrary Code Execution)
Like malware, it is a broad term that covers a variety of surveillance monitoring software. Spyware typically refers to malware created by private companies and sold to government agencies, such as NSO Group's Pegasus, Intellexa's Predator, and Hacking Team's Remote Control System. In more general terms, these types of malware are like remote access tools that allow operators, usually government agencies, to spy on and monitor their targets, accessing their device's camera and microphone, and exfiltrating data. Spyware is also known as commercial or government spyware, or mercenary spyware.
(Also see stalkerware)
Stalkerware is a type of surveillance malware (and a type of spyware) that is usually sold to consumers under the guise of child or employee monitoring software, but is often used to spy on the phones of strangers, often spouses or same-sex partners. Spyware allows access to the target's messages, location, etc. Stalkerware typically requires physical access to the target's device, which allows the attacker to often know the target's passcode so they can install it directly on the target's device.
(See: Spyware)
What are you trying to protect? Who are you worried about who could target you and your data? How could an attacker get access to your data? The answers to these questions lead to the creation of a threat model. In other words, threat modeling is a process that organizations and individuals must go through to design secure software and devise techniques to protect it. Threat models can be as focused or specific as your situation requires. For example, a human rights activist in an authoritarian country will have different adversaries and data to protect than a large corporation in a democratic country worried about ransomware.
“Unauthorized” access refers to gaining access to a computer system by defeating a security feature, such as a login prompt or password, which is considered illegal under the Computer Fraud and Abuse Act (CFAA). The Supreme Court clarified the CFAA in 2021, holding that access to a system without a means of authentication (e.g., a database without a password) is not illegal because a non-existent security feature cannot be defeated.
Note that “fraud” is a widely used term and is often used subjectively by companies, so it is used to describe a malicious hacker who steals someone's password to gain internal access or incidents of employee misuse.
A vulnerability (also known as a security flaw) is a type of bug that can cause software to crash or behave unexpectedly, affecting the security of a system and its data. Two or more vulnerabilities may be used in conjunction with each other, known as “vulnerability chaining,” to gain deeper access into a targeted system.
(See also Bug, Exploit)
A zero-day is a specific type of security vulnerability that has already been discovered or exploited, but the vendors that manufacture the affected hardware or software have not been given time to fix the issue (or “zero-day”). Therefore, there may not be an immediate fix or mitigation to prevent the affected systems from being compromised. This can be especially problematic for internet-connected devices.
(See also Vulnerability)