Go on www.4megaupload.com type in wild ones ultimate hack and then click any of the downloads
.hack (video game series)
.hack is a series of single-player, action role-playing video games developed for the PlayStation 2 console by CyberConnect2 and published by Bandai. The series of four games, titled .hack//Infection, .hack//Mutation, .hack//Outbreak, and .hack//Quarantine, features a "game within a game"; a fictional massively multiplayer online role-playing game (MMORPG) called The World which does not require the player to connect to the Internet. Players may transfer their characters and data between games in the series. Each game comes with an extra DVD containing an episode of .hack//Liminality, the accompanying original video animation series which details fictional events that occur concurrently with the games.
The games are part of a multimedia franchise called Project .hack which explores the mysterious origins of The World. Set after the events of the anime series .hack//Sign, the games focus on a player named Kite and his quest to discover why some users have become comatose as a result of playing The World. The search evolves into a deeper investigation of The World and its effects on the stability of the Internet.
Critics gave the series mixed reviews. It was praised for its unique setting and its commitment to preserve suspension of disbelief, as well as the character designs. However, it was criticized for uneven pacing and a lack of improvement between games. The commercial success of the franchise led to the production of .hack//frägment—a remake of the series with online capabilities—and .hack//G.U., another video game trilogy.
.hack simulates a MMORPG; players assume the role of a participant in a fictional game called The World. The player controls the on-screen player character Kite from a third-person perspective but first-person mode is available. The player manually controls the viewing perspective using the game controller. Within the fictional game, players explore monster-infested fields and dungeons, and "Root Towns" that are free of combat. They can also log off from The World and return to a computer desktop interface which includes in-game e-mail, news, message boards, and desktop and background music customization options. The player may save the game to a memory card both from the desktop and within The World at a Save Shop. A Data Flag appears on the save file after the player completes the game, allowing the transfer of all aspects of the player character and party members to the next game in the series.
The series is typical of action role-playing games, in which players attack enemies in real time. The game's action pauses whenever the menu is opened to select magic to cast, items to use, or skills to perform. The player directly controls Kite and the other characters are controlled by artificial intelligence. The player may either provide the computer-controlled characters with guidelines ("attack", "first aid", "magic", etc.) or issue direct commands. Most hostile creatures are contained within magic portals and combat will not begin until the player character approaches the portal and releases the monsters inside. Kite possesses a unique ability called "Data Drain" which allows him to transform these enemies into rare items. Many boss monsters are known as "Data Bugs"—enemies with corrupted data which gives them infinite health. Data Drain is used to repair the damaged monsters' data and render them vulnerable but its use increases Kite's level of infection, randomly causing harmful side effects. The infection can be cured by defeating enemies without Data Drain.
Root Towns are non-combat areas of The World where the player may restock items, buy equipment, or chat and trade with other players of The World. In many towns, the player may also raise a sentient, pig-like creature called a Grunty, which can be ridden in fields and in later games raced for prizes. A blue portal called the Chaos Gate is used to travel between towns (called "servers") and to access the fields and dungeons where battles occur. A three-word password system controls the characteristics of each area; attributes such as the prevalence of monsters or items change depending on the properties of each word in the password phrase. Certain plot-related areas have restricted access, but the player character has an ability called "Gate Hacking" which allows him to access these areas using "Virus Cores" obtained through Data Drain.
The events portrayed in .hack take place in 2010 on an alternate version of Earth. After a computer virus called "Pluto's Kiss" crashes nearly every computer in the world, access to the Internet is closed to the general public to address security concerns. After two years without the Internet and online games, a MMORPG called The World is released. It becomes the most popular online game of all time with over 20 million subscribers. Shortly before the events portrayed in the .hack games, a number of users become comatose as a result of playing The World. However, the developers blame their condition on cyberterrorism.
The World was developed by a German programmer named Harald Hoerwick; its backstory is based on the Epitaph of Twilight, an epic poem by Emma Wielant, whose death inspired Hoerwick to create the game. Elements of the poem are coded into the game's programming. The hidden purpose of Hoerwick's game is to develop the ultimate artificial intelligence (AI), which is capable of making decisions for itself. To this end, Hoerwick inserted functions into the system which monitor and extract behavioral data from millions of the game's players to aid in the AI's learning process. After Hoerwick's death, these pieces of code became black boxes to the current developers, who cannot fathom their purpose, yet are critical to the proper functioning of the game.
The main playable character of .hack is Kite, a new player of The World whose friend Orca becomes comatose under mysterious circumstances. Kite is joined by about twenty other players in his quest to solve the mystery of the coma victims. The players who have the greatest impact on the success of Kite's mission are BlackRose—a fellow newbie to The World whose brother is also in a coma, Balmung—a legendary player who seeks to eliminate sources of corruption in his beloved game, and Wiseman—an information broker who becomes a key strategist for Kite's team. Helba, a professional hacker, and Lios, a reluctant system administrator, also aid in Kite's efforts to rescue the coma victims. Two non-human characters play important roles in the story; Aura seeks to complete her growth into the ultimate AI and Morganna—an AI who rebels against her task of nurturing Aura—acts as the unseen primary antagonist.][
At the beginning of .hack//Infection, Kite's friend Orca invites him to play The World. In the first dungeon they visit, they encounter a girl in white being chased by a humanoid monster. The girl tries to entrust Orca with a book but the monster attacks him, crashing The World's servers. Kite discovers that Orca had fallen comatose after the attack and resolves to discover the cause. Kite meets BlackRose who takes him to a cathedral where they are attacked by a headless swordsman. The legendary player Balmung appears and defeats it but the monster revives itself as a Data Bug. The Book of Twilight which the girl gave to Orca activates and gives Kite the Twilight Bracelet, which uses Data Drain on the swordsman allowing Balmung to kill it. Balmung accuses Kite of causing the viral infection spreading through the game, and leaves. Kite and BlackRose decide to cooperate to help the coma victims. After investigating a number of leads, Kite and BlackRose track down Skeith, the creature that put Orca into a coma. They defeat Skeith but it transforms into a larger enemy called Cubia, from which they escape.
In .hack//Mutation, the pair encounter Lios, a system administrator, who declares Kite's bracelet to be an illegal power. He tries to delete Kite's character data but fails because the data is encrypted. Helba, a hacker, intervenes and convinces Lios to watch for the time being. Lios directs them to an area where they find Innis, a monster with the same powers as Skeith. Upon defeating Innis, Kite receives an e-mail from the girl in white, who is actually an AI called Aura. They travel to an area to meet her but are confronted by Cubia, whom they repel with difficulty. Short on leads, they contact an information broker named Wiseman who is intrigued by Kite's bracelet. He suggests that Skeith and Innis are based on the Cursed Wave, an antagonistic force featured in the Epitaph of Twilight, the epic poem upon which The World is based. Wiseman helps grant them access to Net Slum, a place known as a paradise for hackers and wandering AIs. Upon arrival, another Cursed Wave monster called Magus attacks them. They defeat it and return to the Root Town, where they discover that the computer virus has spread to The Worlds main servers and into the real world.
In .hack//Outbreak, Balmung decides to join Kite after realizing that he cannot halt the infection on his own. BlackRose tells Kite that her brother became comatose under similar circumstances as Orca, which renews both characters' determination. Wiseman formulates a plan to combat the Cursed Wave, enlisting the help of Helba. Their teamwork destroys the Wave called Fidchell, but the aftermath causes networks in the real world to malfunction. Aura contacts Kite again, but their meeting is cut short by Cubia's reappearance. Lios, observing Cubia's power, agrees to join Kite, Helba, and the others to combat the Cursed Wave. Operation Breakwater begins as the team pools their resources to defeat another Wave called Gorre, with no repercussions in the real world.
To fix the increasingly unstable server, Helba replaces it with a copy of Net Slum at the start of .hack//Quarantine. At the bottom of a dungeon, Kite encounters Mia, a member of his party whom he discovers to be Macha, a member of the Cursed Wave whom he reluctantly defeats. Cubia continues to grow stronger and Kite's team barely fends off its latest attack. In contrast, Operation Orca is a success as they destroy Tarvos, the next Wave. Kite seeks the advice of Harald Hoerwick, the creator of the game who survives beyond death through his AI incarnations. Aura appears and advises that Cubia is the shadow of Kite's bracelet. Cubia ambushes them and destroys the AI Harald. In their final battle, Kite recalls Aura's advice and has BlackRose destroy the bracelet, causing Cubia to fade away. Without the bracelet, the final Wave member, Corbenik, attacks the party in Net Slum Root Town. With the aid of the spirits of the coma victims, Kite penetrates Corbenik's barrier. Aura sacrifices herself to end the battle, restoring the network to normal and reviving all the coma victims.
Development for .hack began in early 2000 with the aim of shocking and surprising the player and creating a distinctive product. CyberConnect2's president Hiroshi Matsuyama played a key role in developing the concept for the series. A number of core ideas, including "slaying dragons or being a thief in London" were explored, but these were rejected in favor of an "offline/online game". Matsuyama said that this would give young gamers an opportunity to experience online play without paying monthly fees or needing powerful Internet connections. The developers looked at a number of MMORPGs such as Phantasy Star Online, Ultima Online, and Final Fantasy XI for inspiration, and drew influences from the prior works of character designer Yoshiyuki Sadamoto (Neon Genesis Evangelion) and scenario writer Kazunori Itō (Ghost in the Shell). Itō said that casting the player into the role of a subscriber of The World creates a unique story-telling situation which draws the player deeper into the plot.
From the start of its development, .hack was envisioned as a four-part series intended to mirror the four-volume story arcs found in manga. Matsuyama theorized that the act of transferring saved data across the four volumes would help to create a sense of the human drama embodied by the games' story and invest the player into the narrative. The games were developed simultaneously alongside other elements of Project .hack such as .hack//Sign to emphasize the multimedia aspect of the franchise. The three-month gap between each game's release allowed the developers to make minor changes in response to criticisms. The games were packaged with bonus DVDs featuring episodes of .hack//Liminality, an original video animation (OVA) series that depicts events that occur concurrently with the games. The developers intended the OVA series to depict fictional events happening in the real world outside the game. Players in Japan who purchased all four games were rewarded with .hack//Gift, an OVA parodying the .hack series. After the completion of the series, the development team produced .hack//frägment, a game using the same engine as the .hack series with an online multiplayer component. The aims of .hack//frägment were to allow the developers to watch player interactions in an online environment and to gauge interest in an online .hack game.
As of March 2004[update], sales of the .hack games exceeded 1.73 million, with 780,000 copies sold in Japan. Critics gave the series mixed reviews. .hack//Infection received the most positive reviews of the series; critics were intrigued by the games' unique premise. Jeremy Dunham of IGN was impressed by the game's commitment to preserve the illusion of online and praised the character designs and the inclusion of the Japanese voice track, but criticized the camera manipulation and the game's shortness and lack of difficulty. A Game Informer reviewer praised the way it captures the sense of community that a real MMORPG offers.
Many reviewers cited the game's unusual setting as the counterbalance to the mediocre gameplay, repetitive environments and poor camera control. Overall, the first game was moderately well-received, with reviewers overlooking gameplay flaws because of a compelling story. Christian Nutt of Gamespy awarded if four stars out of five and commended Bandai for breaking new ground and Cyber Connect 2 for providing an engrossing RPG experience. Gary Steinman of Official U.S. PlayStation Magazine wrote, "[a]t its core, .hack is not a good game", calling the battle systems "wildly unbalanced" and the graphics "spectacularly underwhelming", but said the "mind-bending" story allowed him to look past its obvious flaws and anticipate future games in the series. Greg Kasavin of GameSpot was less forgiving, deriding .hack//Infection as a sub-par version of Kingdom Hearts.
.hack//Mutation also received mixed reviews, and many critics complained that little was done to address the problems of its predecessor. Fennec Fox of Gamepro said that game, "is simply an extension of Infection", with "muddy graphics, questionable control, and a story concept that’s just interesting enough to keep you going." Greg Kasavin of Gamespot gave it a rating of 6.7 out of 10 and wrote, "not only does it bring you exactly the same sort of repetitive hack-and-slash gameplay, but it's also similarly short and simple and once again offers little in the way of plot or character development." Nutt found the second game to be more addictive than the first, despite its numerous shortcomings such as obvious padding towards the end of the story. He praised the "mixture of cool story and viscerally engaging RPG gameplay", the accelerating story, gameplay progression and memorable boss battles. Other reviewers were encouraged by the MMORPG-oriented details that contribute to the game's presentation and built excitement for the future of the series. IGN also named .hack//Mutation as PlayStation 2 Game of the Month for May 2003.
.hack//Outbreak represented a shift in the critical reception of the series as reviewers grew tired of the incremental or nonexistent improvements between titles. Kasavin rated it 6.4 out of 10, and wrote that it "just doesn't make for a satisfying experience". Dunham gave it an overall rating of 8.4 out of 10, praised the battle system and wrote that there had been a great improvement in the artificial intelligence of ally characters and enemies, although he was disappointed by the lack of any other changes. Nutt awarded .hack//Outbreak three stars out of five, writing that the game's "extremely challenging enemies and lots of solo missions give the game an edge that keeps it from becoming boring". However, he criticized the four-part game structure, observing, "we are paying Bandai $200 for one game" and that "the extreme lack of improvements from volume to volume is ... downright exploitative of the fans".
Some critics called the final game, .hack//Quarantine, a satisfying conclusion to a mediocre series, while others said it is a confusing mess of poor pacing and plot holes. Dunham awarded the game 8.3 out of 10 and called the plot twists "shocking and clever". Kasavin rated it 6.1 out of 10 and wrote that, "[o]n its own merits, Quarantine isn't a bad game, and [loyal players] should find it to have a satisfying conclusion that, sure enough, leaves the possibility for further adventures in The World". He also called Bandai's decision to add 60 to 80 hours of padding to the game, split it into four full-priced products, and release these as a series disappointing. Nutt was similarly disappointed with the final game, awarding it two stars out of five. He wrote that the story was well-presented and excellent, but that it was only present in the game's first and last quarters. He was satisfied by the game's ending and loved its story, style, and characters, but grew tired of the game's "endless chains of chambers, these easily-defeated enemies, this total lack of strategy". The Game Informer reviewer hoped to see a more effective implementation of .hacks concept in the future. Japanese magazine Famitsu Weekly gave the .hack games scores in the 29 to 30 out of 40 range, indicating average reviews. However, the Japanese Computer Entertainment Supplier's Association (CESA) honored the series for its combination of different fictional media including games, anime, radio, and manga into a compelling whole at the 2002-2003 CESA Awards.
The .hack video games are part of a multimedia franchise that includes novels, manga, and anime series. Set before the events of the video games, .hack//Sign is an anime television series that establishes The World as a setting. .hack//Another Birth is a series of novels that retells the story of the games from BlackRose's perspective. .hack//XXXX is a manga adaptation of the games' story with changes to some elements, such as Cubia acting as a player character. The first official sequel to the games is the manga and anime series .hack//Legend of the Twilight, which began serializing on July 30, 2002. It tells the story of Shugo and Rena—regular players who win avatars of Kite and BlackRose in a contest—and their exploration of The World and its secrets. .hack//G.U. is a series of video games also released in multiple parts that forms the centerpiece of .hack Conglomerate, a new project set seven years after the events of Project .hack with a new version of The World.
The games' soundtrack, titled .hack//Game Music Perfect Collection, was released as a double album in Japan on April 23, 2003. It features 68 compositions by Chikayo Fukuda, Seizo Nakata, and Norikatsu Fukuda. A special edition of this soundtrack includes a third disc featuring sound effects and clips used in the games. The album was released with fewer tracks in North America as .hack//Game Music Best Collection. Patrick Gann of RPGFan wrote that the second disc, which contains music for cutscenes and special events, was stronger than the first disc's generic town and battle themes. He called the soundtrack "techno meets opera", singled out the volume intro tracks for particular praise. Gann noted that the North American release functions as a "Best of" album, but felt that "a lot of solid music [is] missing" in this release. Other reviewers were less enthusiastic; Paul Koehler of RPGamer called the music "particularly bland" and IGN's Dunham lamented that the second installment did not introduce many new pieces. However, he concluded that "the melodious piano and oboe themes were still brawny enough to convince us that we needed to buy the soundtrack sometime in the near future".
.hack//Game Music Perfect Collection
.hack//Game Music Best Collection
.hack//frägment is a multiplayer online game based on The World. It was released only in Japan on November 23, 2005 and online service ended on January 18, 2007, after being extended two months because of its popularity. Designer Hiroshi Matsuyama described the game as a way to see how players would react to online play. Players explore areas and fight monsters in real time. The game uses the same engine as the .hack video game series and its gameplay, except in online mode, is identical. During online play, the action does not pause when the menu is opened.
Players may create their characters based on a number of preset body shapes and color schemes and may choose a class (such as Wavemaster or Twin Blade) and character name. In online mode, players may enter a lobby and search for a maximum of two other players to join them on an adventure. The game includes an expanded communication interface that allows players to chat, send e-mail, post to an in-game Bulletin Board System, and receive server news updates. It is possible to establish ad-hoc chat rooms separate from the public-access ones. Guilds are permanent, exclusive chat rooms for members. In offline mode, players may level up, obtain items, and learn new skills as one of their online mode characters without the need for an Internet connection. Players may invite characters from the .hack games, .hack//Sign, and .hack//Legend of the Twilight into their party. The "story mode" of .hack//frägment is identical to that of the .hack games, with the player's created character replacing Kite. While offline, players may use a PC utility called "HackServer" to create areas and dungeons and release them online. The creators of the most popular areas are given the ability to add strong monsters for players to defeat.
According to GameStats, Famitsu Weekly awarded .hack//frägment a cumulative score of 29 out of 40 over four reviews.
Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.
Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states. Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics.
Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small and large organizations around the globe to safeguard against malware attacks which helps in identifying and preventing the further spread of malware in the network.
Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used primarily to steal sensitive information of personal, financial, or business importance by black hat hackers with harmful intentions.][
Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware is often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on. Left unguarded, personal and networked computers can be at considerable risk against these threats. (These are most frequently counter-acted by various types of firewalls, anti-virus software, and network hardware).][
Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
Another strictly for-profit category of malware has emerged, called spyware. These programs are designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be packaged together with user-installed software, such as peer-to-peer applications.][
Preliminary results from Symantec published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications." According to F-Secure, "As much malware [was] produced in 2007 as in the previous 20 years altogether." Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for Internet crime, along with the challenge of anti-malware software to keep up with the continuous stream of new malware, has seen the adoption of a new mindset for individuals and businesses using the Internet. With the amount of malware currently being distributed, some percentage of computers will always be infected. For businesses, especially those that sell mainly over the Internet, this means they need to find a way to operate despite security concerns. The result is a greater emphasis on back-office protection designed to protect against advanced malware operating on customers' computers. A 2013 Webroot study shows that 64% of companies allow remote access to servers for 25% to 100% of their workforce and that companies with more than 25% of their employees accessing servers remotely have higher rates of malware threats.
On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital. A 2011 study from the University of California, Berkeley, and the Madrid Institute for Advanced Studies published an article in Software Development Technologies, examining how entrepreneurial hackers are helping enable the spread of malware by offering access to computers for a price. Microsoft reported in May 2011 that one in every 14 downloads from the Internet may now contain malware code. Social media, and Facebook in particular, are seeing a rise in the number of tactics used to spread malware to computers.
The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any specific types of behavior. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. On the other hand, a worm is a program that actively transmits itself over a network to infect other computers. These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads itself automatically.
Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file or email to infect the system, would be classified as viruses rather than worms. Some writers in the trade and popular press misunderstand this distinction and use the terms interchangeably.][
For a malicious program to accomplish its goals, it must be able to run without being detected, shut down, or deleted. When a malicious program is disguised as something normal or desirable, users may willfully install it without realizing it. This is the technique of the Trojan horse or trojan. In broad terms, a Trojan horse is any program that invites the user to run it, concealing harmful or malicious code. The code may take effect immediately and can lead to many undesirable effects, such as deleting the user's files or installing additional harmful software.][
One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads from the Internet. When the user installs the software, the spyware is installed along with it. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement that states the behavior of the spyware in loose terms, which users may not read or understand.][
Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read.][
Some malicious programs contain routines to defend against removal, not merely to hide themselves, but to resist attempts to remove them. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:
A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.][
The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods.][
Malware exploits security defects (security bugs, or vulnerabilities) in the design of the operating system, in applications (such as browsers—avoid using Internet Explorer 8 or earlier, e.g. on Windows XP), or in (old versions of) browser plugins such as Adobe Flash Player, Adobe Acrobat / Reader, or Java (see Java SE critical security issues). Sometimes even installing new versions of such plugins does not automatically uninstall old versions. Security advisories from such companies announce security-related updates. Common vulnerabilities are assigned CVE IDs and listed in the US National Vulnerability Database. Secunia PSI is an example of software, free for personal use, that will check a PC for vulnerable out-of-date software, and attempt to update it.
Most systems contain bugs, or loopholes, which may be exploited by malware. A typical example is a buffer-overrun vulnerability, in which an interface designed to store data, in a small area of memory, allows the caller to supply more data than will fit. This extra data then overwrites the interface's own executable structure (past the end of the buffer and other data). In this manner, malware can force the system to execute malicious code, by replacing legitimate code with its own payload of instructions (or data values) copied into live memory, outside the buffer area.
As malware attacks become more frequent, attention has begun to shift from viruses and spyware protection, to malware protection, and programs that have been specifically developed to combat malware. (Other preventive and recovery measures, such as backup and recovery methods, are mentioned in the computer virus article).
A specific component of the Anti virus and anti-malware software commonly referred as the on-access or real-time scanner, hooks deep into the operating system's core or kernel functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system. Any time the operating system accesses a file, the on-access scanner checks if the file is a 'legitimate' file or not. If the file is considered a malware by the scanner, the access operation will be stopped, the file will be dealt by the scanner in pre-defined way (how the Anti-virus program was configured during/post installation) and the user will be notified. This may considerably slow down the operating system depending on how well the scanner was programmed. The goal is to stop any operations the malware may attempt on the system before they occur, including activities which might exploit bugs or trigger unexpected operating system behavior.][
Anti-malware programs can combat malware in two ways:
Real-time protection from malware works identically to real-time antivirus protection: the software scans disk files at download time, and blocks the activity of components known to represent malware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Because many malware components are installed as a result of browser exploits or user error, using security software (some of which are anti-malware, though many are not) to "sandbox" browsers (essentially isolate the browser from the computer and hence any malware induced change) can also be effective in helping to restrict any damage done.][
Examples of Microsoft Windows anti virus and anti-malware software include the optional Microsoft Security Essentials (for Windows XP, Vista and Windows 7) for real-time protection, the Windows Malicious Software Removal Tool (now included with Windows (Security) Updates on "Patch Tuesday", the second Tuesday of each month), and Windows Defender (an optional download in the case of Windows XP). Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use). A test has found a free program to be competitive with commercial competitors. Microsoft's System File Checker can be used to check for and repair corrupted system files.
Some viruses disable System Restore and other important Windows tools such as Task Manager and Command Prompt. Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking, and then using system tools or Microsoft Safety Scanner.
Typical malware products detect issues based on heuristics or signatures – i.e., based on information that can be assessed to be bad. Some products take an alternative approach when scanning documents such as Word and PDF, by regenerating a new, clean file, based on what is known to be good from schema definitions of the file (a patent for this approach exists).
As malware also harms the compromised websites (by breaking reputation, blacklisting in search engines, etc.), some websites offer vulnerability scanning. Such scans check the website, detect malware, may note outdated software, and may report known security issues.
Over-privileged code dates from the time when most programs were either delivered with a computer or written in-house, and repairing it would serve to render most antivirus software essentially redundant. It would, however, have appreciable consequences for the user interface and system management.][
The system would have to maintain privilege profiles, and know which to apply for each user and program.][
In the case of newly installed software, an administrator would need to set up default profiles for the new code.][
Eliminating vulnerability to rogue device drivers is probably harder than for arbitrary rogue executable. Two techniques, used in VMS, that can help are memory mapping only the registers of the device in question and a system interface associating the driver with interrupts from the device.][
Other approaches are][:
Such approaches, however, if not fully integrated with the operating system, would reduplicate effort and not be universally applied, both of which would be detrimental to security.][
Grayware (or greyware) is a general term that refers to applications or files that are not directly classified as malware (like worms or trojan horses), but can still negatively affect the performance of computers and involve significant security risks.
It describes applications that behave in an annoying or undesirable manner, and yet are less serious or troublesome than malware. Grayware encompasses spyware, adware, dialers, joke programs, remote access tools and any other program apart from a virus, that is designed to harm the performance of computers. The term is in use since around 2004.
Another term is PUP which stands for Potentially Unwanted Program. Applications unwanted despite have been downloaded by the user, users may fail to read a download agreement. PUPs include spyware, adware, and dialers.
Before Internet access became widespread, viruses spread on personal computers by infecting the executable boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these executables, a virus causes itself to be run whenever a program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot-able floppies and thumb drives so they spread rapidly in computer hobbyist circles.][
The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes (vulnerabilities) in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.][
With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code.][
Today, worms are most commonly written for the Windows OS, although a few like Mare-D and the Lion worm are also written for Linux and Unix systems. Worms today work in the same basic way as 1988's Internet Worm: they scan the network and use vulnerable computers to replicate. Because they need no human intervention, worms can spread with incredible speed. The SQL Slammer infected thousands of computers in a few minutes.
The notion of a self-reproducing computer program can be traced back to initial theories about the operation of complex automata. John von Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate and investigated other properties of malware such as detectability, self-obfuscation using rudimentary encryption, and others. His Doctoral dissertation was on the subject of computer viruses.
Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. The term is sometimes used to refer to software that displays unwanted advertisements.
In legitimate software, the advertising functions are integrated into or bundled with the program. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. The income derived from presenting advertisements to the user may allow or motivate the developer to continue to develop, maintain and upgrade the software product. The use of advertising-supported software in business is becoming increasingly popular, with a third of IT and business executives in a 2007 survey by McKinsey & Company planning to be using ad-funded software within the following two years.
Some software is offered in both an advertising-supported mode and a paid, advertisement-free mode. The latter is usually available by an online purchase of a license or registration code for the software that unlocks the mode, or the purchase and download of a separate version of the software.
Some software authors offer advertising-supported versions of their software as an alternative option to business organizations seeking to avoid paying large sums for software licenses, funding the development of the software with higher fees for advertisers.
Examples of advertising-supported software include the Windows version of the Internet telephony application Skype, and the Amazon Kindle 3 family of e-book readers, which has versions called "Kindle with Special Offers" that display advertisements on the home page and in sleep mode in exchange for substantially lower pricing.
In 2012, Microsoft and their advertising division, Microsoft Advertising, announced that Windows 8, the forthcoming major release of the Microsoft Windows operating system, would provide built-in methods for software authors to use advertising support as a business model. The idea had been considered since as early as 2005.
Support by advertising is a popular business model of software as a service (SaaS) on the Web. Notable examples include the email service Gmail and other Google Apps products, and the social network Facebook. Microsoft has also adopted the advertising-supported model for many of its social software SaaS offerings. The Microsoft Office Live service was also available in an advertising-supported mode.
According to Federal Trade Commission staff’s view, there appears to be general agreement that software should be considered "spyware” only if it is downloaded or installed on a computer without the user’s knowledge and consent. However, unresolved issues remain concerning how, what, and when consumers need to be told about software installed on their computers for consent to be adequate. For instance, distributors often disclose in an End User Licensing Agreement (EULA) that there is additional software bundled with primary software, but some panelists and commenters did not view such disclosure as sufficient to infer consent to the installation of the bundled software.
The term adware is frequently used to describe a form of malware (malicious software), usually that which presents unwanted advertisements to the user of a computer. The advertisements produced by adware are sometimes in the form of a pop-up.
When the term is used in this way, the severity of its implication varies. While some sources rate adware only as an "irritant", others classify it as an "online threat" or even rate it as seriously as computer viruses and trojans. The precise definition of the term in this context also varies. Adware that observes the computer user's activities without their consent and reports it to the software's author is called spyware.
Programs have been developed to detect, quarantine, and remove advertisement-displaying malware, including Ad-Aware, Malwarebytes' Anti-Malware, Spyware Doctor and Spybot - Search & Destroy. In addition, almost all commercial antivirus software currently detect adware and spyware, or offer a separate spyware detection package.
Social engineering (security)
Downloadable content (DLC) is additional content for a video game distributed through the Internet by the game's official publisher or other third party content producers. Downloadable content can be of several types, ranging from aesthetic outfit changes to a new, extensive storyline, similar to an expansion pack. As such, DLC may add new game modes, objects, levels, challenges or other features to a complete an already released game.
DLC and a content creating and sharing user base are essential long-term needs in more complex simulator products such as V-scale model railroading applications (such as Trainz, RailWorks, and MSTS) where in the long term, much of the allure comes from the ability to build new layouts or expand others, including writing customized the "game play" like operating modules. Since 3D asset generation is typically a technically demanding and time consuming activity—a steam locomotive can take 2–4 full months of time to implement, and a long large route can consume years of development—such emulations only grow through the power of numbers of the many producing and sharing assets in the hobby community.
In the case of episodic video games, a new episode may come in the form of downloadable content, whereas music video games utilize this media to offer new songs for the players. Downloadable content became prevalent in the 21st century, and especially with the proliferation of Internet-enabled, sixth-generation video game consoles. Special edition or Game of the Year re-releases of games often incorporate previously released DLC along with the main title in a physical package.
The earliest form of downloadable content were offerings of full games, such as on the Atari 2600's GameLine service, which allowed users to download games using a telephone line. A similar service, Sega Channel, allowed for the downloading of games to the Sega Genesis over a cable line. While the GameLine and Sega Channel services allowed for the distribution of entire titles, they did not provide downloadable content for existing titles.
As the popularity and speed of internet connections rose, so did the popularity of using the internet for digital distribution of media. User-created game mods and maps were distributed exclusively online, as they were mainly created by people without the infrastructure capable of distributing the content through physical media.
In 1997 Cavedog offered for their Real-time strategy computer game Total Annihilation free downloadable additional created content, a new unit every month.
The Dreamcast was the first console to feature online support as a standard; DLC was available, though limited in size due to the narrowband connection and the size limitations of a memory card. These online features were still considered a breakthrough in video games, but the competing PlayStation 2 did not ship with a built-in network adapter.][
With the advent of the Xbox, Microsoft was the second company to implement downloadable content. Many original Xbox Live titles, including Splinter Cell, Halo 2, and Ninja Gaiden, offered varying amounts of extra content, available for download through the Xbox Live service. Most of this content, with the notable exception of content for Microsoft-published titles, was available for free.
With the Xbox 360, Microsoft integrated downloadable content more fully into their console, devoting an entire section of the console's user interface to the Xbox Live Marketplace. They also partially removed the need for credit cards by implementing their own Microsoft Points currency, which could be bought either with a credit card online or as redeemable codes in game stores. This is a strategy that would be adopted by Nintendo with Nintendo Points and Sony with the PlayStation Network Card. One of the most infamous examples of DLC on consoles was the Horse Armor DLC pack released on the Xbox Live Marketplace for the Bethesda Softworks game The Elder Scrolls IV: Oblivion.
Sony adopted much of the Xbox Live Marketplace's features into their downloadable hub, the PlayStation Store. With Gran Turismo HD, Sony planned an entirely barebones title, with the idea of requiring the bulk of the content to be purchased separately via many separate online microtransactions. The project was later canceled. Nintendo has featured a sparser amount of downloadable content on their Wii Shop Channel, the bulk of which is accounted for by digital distribution of emulated Nintendo titles from previous generations.
Music video games such as Guitar Hero and Rock Band have taken significant advantage of downloadable content. Harmonix claimed that Guitar Hero II would feature "more online content than anyone has ever seen in a game to this date." Rock Band features the largest number of downloadable items of any console video game, with a steady number of new songs being added weekly. Acquiring all the downloadable content for Rock Band would, as of July 12, 2012, cost $5,880.10.
Through use of the Nintendo Wi-Fi Connection users can download DLC to the Nintendo DS handheld for certain games. A good example is Picross DS, in which users can download puzzle "packs" of classic puzzles from previous Picross games (such as Mario's Picross) as well as downloadable user generated content. Professor Layton and the Curious Village was thought to have "bonus puzzles" that can be "downloaded" using the Nintendo Wi-Fi Connection, however connecting to Nintendo Wi-Fi Connection simply unlocked the puzzles which were already stored in the game. Similarly, Moero! Nekketsu Rhythm Damashii Osu! Tatakae! Ouendan 2 had hidden costumes that were unlocked using DS Download Stations for a limited time.
Due to the Nintendo DS's use of cartridges and lack of a hard drive there is limited space for DLC and developers would have to plan for storage space on the cartridge. Picross DS itself only has room for 10 puzzle packs, and Professor Layton's and Ouendan 2's DLC is already on the cartridge and is simply unlocked with a weekly code.
The Nintendo DS's downloadable content is distinct as it is currently being offered at no cost. However, the Nintendo DSi contains a Shop similar to that of the Wii that contains games and applications, most of which must be bought using Nintendo Points. It is also worth noting that, using the Wii's Nintendo Channel, various DS files, such as Game Demo's and videos can be downloaded onto the Wii console and transferred via wireless to a DSi handheld.
The Nintendo 3DS will also have downloadable content starting with its latest system update (188.8.131.52U), as confirmed by Nintendo with the release of Theatrhythm Final Fantasy, which was the first 3DS game to have paid downloadable content, followed by Fire Emblem: Awakening after two months. It is with all likelihood that newer 3DS releases will also contain paid downloadable content.
Starting with Apple's iPhone OS version 3.0 release, & Apple's iPhone 4, downloadable content became available for the platform via applications bought from the App Store. While this ability was initially only available to developers for paid applications, Apple eventually allowed for developers to offer this in free applications as well in October 2009.
Pricing for Downloadable Content generally varies from free to $20, though significantly more expensive DLC has existed, as high as £50,000. In addition to individual content downloads, video game publishers sometimes offer a DLC season pass, which allows users to purchase packs of downloadable content for a video game at a lower price than it would cost to buy each one separately. Season passes may be available before each contained content pack is available. In this case, the player will get access to the content as it is released. Downloadable content can also be included in a game purchase, such as with pre-order bonuses or bundled into re-releases of the full game such as "Game of the Year" and "Ultimate" editions.
Microsoft and Nintendo use points systems to purchase downloadable content and have been criticized for selling only specific amounts of their currency. For example, if someone wants to purchase a $15 item, they are forced to spend $20 just to buy enough currency to buy the $15 item. 80 Xbox Live Marketplace Points are equivalent to one dollar, and 100 Wii point is equal to one dollar. Both companies have been criticized for taking advantage of currency parity, and keeping consumers from realizing the actual cost of items. Like Disney Dollars, the idea is that gamers will be more ready to spend a certain amount of "points" than a specific dollar amount. Downloadable content on the PlayStation Store is sold at prices reflecting real world currency.
Since Facebook games popularized the business model of microtransactions, some have criticized downloadable content as being overpriced, and an incentive for developers to leave items out of the initial release.
Certain items are provided for free. Providing free DLC can also provide revenue for game companies at the expense of users' convenience. For example, Naruto: Ultimate Ninja Storm for the PlayStation 3 was shipped with certain features disabled. However, users can freely download packs to re enable the missing content from the PlayStation Store. Consequently, users are exposed to advertisements and potential purchases. There is also the additional marketing benefit that users may believe that there is continuing support for the product if there is an apparent flow of such patches.
Where a normal software disc may allow its license sold or traded, DLC is generally locked to a specific user's account and does not come with the ability to transfer that license to another user.
Microsoft has been known to require developers to charge for their content, when the developers would rather release their content for free. Some content has even been withheld from release because the developer refused to charge the amount Microsoft required. Epic Games, known for continual support of their older titles with downloadable updates, believed that releasing downloadable content over the course of a game's lifetime helped increase sales throughout, and had succeeded well with that business-model in the past, but was required to implement fees for downloads when releasing content for their Microsoft-published game, Gears of War.
Some content is delivered exclusively through online services, but the extra content may be on the game disc. Some criticism stems from the fact that many of the items sold on sites like Xbox Live Marketplace are not downloadable content at all, but are instead content keys used to unlock content already on the game disk. Because of this, many people feel as if they are paying to unlock content they already purchased when they bought the game itself. For instance, criticism arose over the downloadable characters for Street Fighter X Tekken, which were found to already be on the game discs.
Publishers may also choose to re-release certain titles with previously available downloadable content bundled. There is also criticism concerning the exclusivity of downloadable contents, as some of these contents are frequently added to new disc version of the game. Buyers of the Resident Evil 5 : Gold Edition would have access to contents previously exclusives as downloadable content without having to pay any extra fee. The Star Wars: The Force Unleashed re-release "Ultimate Sith Edition" featured an additional level that was later released as DLC, despite LucasArts stating it was exclusive to the re-released version.
Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud scheme.
"Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer and information security professionals.
All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here:
Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.
This technique can be used to fool a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.
Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the East End of London.
In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, "round the corner".
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank, or credit card company—requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card's PIN.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond.
Phone phishing (or "vishing") uses a rogue interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided in order to "verify" information. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. More advanced systems transfer the victim to the attacker posing as a customer service agent for further questioning.
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim.
In this attack, the attacker leaves a malware infected floppy disk, CD-ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.
For example, an attacker might create a disk featuring a corporate logo, readily available from the target's web site, and write "Executive Salary Summary Q2 2012" on the front. The attacker would then leave the disk on the floor of an elevator or somewhere in the lobby of the targeted company. An unknowing employee might find it and subsequently insert the disk into a computer to satisfy their curiosity, or a good samaritan might find it and turn it in to the company.
In either case, as a consequence of merely inserting the disk into a computer to see the contents, the user would unknowingly install malware on it, likely giving an attacker unfettered access to the victim's PC and, perhaps, the targeted company's internal computer network.
Unless computer controls block the infection, PCs set to "auto-run" inserted media may be compromised as soon as a rogue disk is inserted.
Hostile devices, more attractive than simple memory, can also be used. For instance, a "lucky winner" is sent a free digital audio player that actually compromises any computer it is plugged to.
Quid pro quo means something for something:
An attacker, seeking entry to a restricted area secured by unattended, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access. Following common courtesy, the legitimate person will usually hold the door open for the attacker. The legitimate person may fail to ask for identification for any of several reasons, or may accept an assertion that the attacker has forgotten or lost the appropriate identity token. The attacker may also fake the action of presenting an identity token.
Common confidence tricksters or fraudsters also could be considered "social engineers" in the wider sense, in that they deliberately deceive and manipulate people, exploiting human weaknesses to obtain personal benefit. They may, for example, use social engineering techniques as part of an IT fraud.
A very recent type of social engineering technique includes spoofing or cracking IDs of people having popular e-mail IDs such as Yahoo!, GMail, Hotmail, etc. Among the many motivations for deception are:
Organizations reduce their security risks by:
More than 30 California police departments mail out fake red light camera "tickets," also called "snitch tickets," in an effort to bluff registered owners into revealing the identity of the person who was driving the vehicle at the time of the alleged violation. Because these "tickets" have not been filed at court, they carry no legal weight and (in the US) the registered owner has the right to remain silent and is under no obligation to respond in any manner. In California, a genuine ticket bears the name and address of the local branch of the Superior Court and directs the recipient to contact that Court, while fake "tickets" generated by the police do not.
Reformed computer criminal and later security consultant Kevin Mitnick points out that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.
Security professional that wrote the first framework. He is also the author of the book. He is the creator of the DEFCON Social Engineer Capture the Flag and the Social Engineer CTF for Kids.
Brothers Ramy, Muzher, and Shadde Badir—all of whom were blind from birth—managed to set up an extensive phone and computer fraud scheme in Israel in the 1990s using social engineering, voice impersonation, and Braille-display computers.
The white hat hacker, computer security consultant, and writer for Phrack Magazine, Archangel (nicknamed "The Greatest Social Engineer of All Time") has demonstrated social engineering techniques to gain everything from passwords to pizza to automobiles to airline tickets.
Security Consultant for Secure Network Technologies. Inventor of the USB thumb drive test where USB sticks contained exploits to test if employees would run them from within their business environments. This attack is now one of the most popular social engineering techniques in existence and is used to test the human element of security around the world.
Principal Consultant for Bancsec, Inc., and one of the world's top experts in banking cybersecurity, developed and proved in over 50 U.S. bank locations "the most efficient social engineering attack in history." This attack vector, primarily utilizing email, allows a social engineer to make unauthenticated, unauthorized, large cash withdrawals from bank branches with an extraordinarily high success rate (over 90%) while enjoying low probabilities of immediate detection or subsequent incarceration. Among his other successful bank social engineering test accomplishments is wire transfer through a combination of emails and telephone pretexting.
Security consultant for IOActive, published author, and speaker. Emphasizes techniques and tactics for social engineering cold calling. Became notable after his talks where he would play recorded calls and explain his thought process on what he was doing to get passwords through the phone.
Other social engineers include Frank Abagnale, David Bannon, Peter Foster, Mehdi Zilaoui, "Cosmo the God", and Steven Jay Russell.
In common law, pretexting is an invasion of privacy tort of appropriation.
In December 2006, United States Congress approved a Senate sponsored bill making the pretexting of telephone records a federal felony with fines of up to $250,000 and ten years in prison for individuals (or fines of up to $500,000 for companies). It was signed by president George W. Bush on 12 January 2007.
The 1999 "GLBA" is a U.S. Federal law that specifically addresses pretexting of banking records as an illegal act punishable under federal statutes. When a business entity such as a private investigator, SIU insurance investigator, or an adjuster conducts any type of deception, it falls under the authority of the Federal Trade Commission (FTC). This federal agency has the obligation and authority to ensure that consumers are not subjected to any unfair or deceptive business practices. US Federal Trade Commission Act, Section 5 of the FTCA states, in part: "Whenever the Commission shall have reason to believe that any such person, partnership, or corporation has been or is using any unfair method of competition or unfair or deceptive act or practice in or affecting commerce, and if it shall appear to the Commission that a proceeding by it in respect thereof would be to the interest of the public, it shall issue and serve upon such person, partnership, or corporation a complaint stating its charges in that respect."
The statute states that when someone obtains any personal, non-public information from a financial institution or the consumer, their action is subject to the statute. It relates to the consumer's relationship with the financial institution. For example, a pretexter using false pretenses either to get a consumer's address from the consumer's bank, or to get a consumer to disclose the name of his or her bank, would be covered. The determining principle is that pretexting only occurs when information is obtained through false pretenses.
While the sale of cell telephone records has gained significant media attention, and telecommunications records are the focus of the two bills currently before the United States Senate, many other types of private records are being bought and sold in the public market. Alongside many advertisements for cell phone records, wireline records and the records associated with calling cards are advertised. As individuals shift to VoIP telephones, it is safe to assume that those records will be offered for sale as well. Currently, it is legal to sell telephone records, but illegal to obtain them.
U.S. Rep. Fred Upton (R-Kalamazoo, Michigan), chairman of the Energy and Commerce Subcommittee on Telecommunications and the Internet, expressed concern over the easy access to personal mobile phone records on the Internet during Wednesday's E&C Committee hearing on "Phone Records For Sale: Why Aren't Phone Records Safe From Pretexting?" Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists, Inc., on 20 January, a spokeswoman for Madigan's office said. The Florida-based company operates several Web sites that sell mobile telephone records, according to a copy of the suit. The attorneys general of Florida and Missouri quickly followed Madigan's lead, filing suit on 24 and 30 January, respectively, against 1st Source Information Specialists and, in Missouri's case, one other records broker – First Data Solutions, Inc.
Several wireless providers, including T-Mobile, Verizon, and Cingular filed earlier lawsuits against records brokers, with Cingular winning an injunction against First Data Solutions and 1st Source Information Specialists on 13 January. U.S. Senator Charles Schumer (D-New York) introduced legislation in February 2006 aimed at curbing the practice. The Consumer Telephone Records Protection Act of 2006 would create felony criminal penalties for stealing and selling the records of mobile phone, landline, and Voice over Internet Protocol (VoIP) subscribers.
Patricia Dunn, former chairwoman of Hewlett Packard, reported that the HP board hired a private investigation company to delve into who was responsible for leaks within the board. Dunn acknowledged that the company used the practice of pretexting to solicit the telephone records of board members and journalists. Chairman Dunn later apologized for this act and offered to step down from the board if it was desired by board members. Unlike Federal law, California law specifically forbids such pretexting. The four felony charges brought on Dunn were dismissed.
Hacker (computer security)
A download manager is a computer program dedicated to the task of downloading (and sometimes uploading) possibly unrelated stand-alone files from (and sometimes to) the Internet for storage. Some download managers can also be used to accelerate download speeds by downloading from multiple sources at once. Although web browsers may have download managers incorporated as a feature, they are differentiated by the fact that they do not prioritize accurate, complete and unbroken downloads of information.][
Download managers, were among the first adware applications displaying a banner ad in the user interface. Adobe Download Manager is now exhibiting this same feature, while installing such software as Adobe Acrobat.
Most download managers come with a features like video and audio grabbing from popular sites like YouTube etc., They also support website grabbing. Queue processing is another important feature of download managers. They also have the ability to pause and resume downloads, and impose speed restrictions as well. This features come very useful in regions where power failures are frequent. Additionally, most of the commercial download managers can download following user planned schedules and download accordingly. A few download managers claim to increase the download speed by a factor of many times. Download managers also have very tight integration with browsers. Mostly they do this by installing an extension to the user's browser.
Intrenet download managers are not suitable for downloading from file sharing sites like Rapidshare,4shared as these sites impose a download limitation based on IPs and do not allow re-downloading of the same file within a specific period. Most of the file sharing sites do not support multiple parallel connections to a single IP address thereby voiding the advantage of using a download manager.
Related to download managers are two other breeds of Internet programs, file-sharing peer-to-peer applications (eMule, BitTorrent, Gnutella) and stream recorders (such as StreamBox VCR). While download managers are designed to give users greater control over downloads, some downloaders are created to give that control to content distributors instead. Some software companies, for example Adobe , provide such downloaders for downloading software on their own site. Presumably this increases reliability and reduces their technical support costs. A possible reason is increasing the control over redistribution of their software (even when the software is freeware).
Download acceleration, also known as multipart download, is a term for the method employed by software such as download managers to download a single file by splitting it in segments and using several simultaneous connections to download these segments from a single server.
The reason for doing so is to circumvent server side limitations of bandwidth per connection. Because in normal networking situations all individual connections are treated equally, rather than actual file transfers, multiple connections yields an advantage on saturated links over simple connections, both in terms of total bandwidth allocation and resilience. Many servers, however, implement a maximum number of simultaneous connections per client in order to mitigate this.
This is not to be confused with segmented downloading, which allows a client to download segments of a file simultaneously from multiple servers.
In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community. While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker, not making a difference between computer criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.
Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter.][ TAP was a phone phreaking newsletter that taught the techniques necessary for the unauthorized exploration of the phone network. Many people from the phreaking community are also active in the hacking community even today, and vice versa.][
Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree.
Eric S. Raymond (author of The New Hacker's Dictionary) advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as one wider hacker culture, a view harshly rejected by Raymond himself. Instead of a hacker/cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker for more malicious activity.
According to (Clifford R.D. 2006) a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system". These subgroups may also be defined by the legal status of their activities.
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, course-ware, classes, and online training covering the diverse arena of Ethical Hacking.
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.
A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.
A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits will circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.
A script kiddie (also known as a skid or skiddie) is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept—hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature).
A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.
A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.
A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.
Intelligence agencies and cyberwarfare operatives of nation states.
Criminal activity carried on for profit.
Bots are automated software tools, some freeware, that are available for the use of any type of hacker.][
A typical approach in an attack on Internet-connected system is:
In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.
A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.
When a hacker, typically a black hat, is in the second stage of the targeting process, he or she will typically use some social engineering tactics to get enough information to access the network. A common practice for hackers who use this technique, is to contact the system administrator and play the role of a user who cannot get access to his or her system. Hackers who use this technique have to be quite savvy and choose the words they use carefully, in order to trick the system administrator into giving them information. In some cases only an employed help desk user will answer the phone and they are generally easy to trick. Another typical hacker approach is for the hacker to act like a very angry supervisor and when the his/her authority is questioned they will threaten the help desk user with their job. Social engineering is very effective because users are the most vulnerable part of an organization. All the security devices and programs in the world won't keep an organization safe if an employee gives away a password. Black hat hackers take advantage of this fact. Social engineering can also be broken down into four sub-groups. These are intimidation, helpfulness, technical, and name-dropping.
The computer underground has produced its own slang and various forms of unusual alphabet use, for example 1337speak. Political attitude usually includes views for freedom of information, freedom of speech, a right for anonymity and most have a strong opposition against copyright.][ Writing programs and performing other activities to support these views is referred to as hacktivism. Some go as far as seeing illegal cracking ethically justified for this goal; a common form is website defacement. The computer underground is frequently compared to the Wild West. It is common among hackers to use aliases for the purpose of concealing identity, rather than revealing their real names.
The computer underground is supported by regular real-world gatherings called hacker conventions or "hacker cons". These draw many people every year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), ShmooCon (February), BlackHat, AthCon, Hacker Halted, and H.O.P.E..][. Local Hackfest groups organize and compete to develop skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a wider scale. In the early 1980s Hacker Groups became popular, Hacker groups provided access to information and resources, and a place to learn from other members. BBS systems like Utopias provided a platform for information sharing via dialup. Hackers could also gain credibility by being affiliated with an elite group.
Maximum imprisonment is one year or a fine of the fourth category.
The most notable hacker-oriented magazine publications are Phrack, Hakin9 and 2600: The Hacker Quarterly. While the information contained in hacker magazines and ezines was often outdated, they improved the reputations of those who contributed by documenting their successes.
Hackers often show an interest in fictional cyberpunk and cyberculture literature and movies. Absorption of fictional pseudonyms, symbols, values, and metaphors from these fictional works is very common.][
Books portraying hackers:
Films also portray hackers: