Cybercrime slang
Bulletin Board System (BBS)
Total or partial availability of information related to:
Explosives
Credit cards
Description of ways to carry out crimes
Copyright protected software
In Portugal, BBSs are neither prohibited nor regulated, except with regard to the technical means used, which must comply with what is recommended by ANACOM – Autoridade Nacional de Comunicações.
However, the content of BBS's and Portuguese Newsgroups cannot incite, help, facilitate or make available data or information that contravenes the law or in any way constitute a risk to personal, national or international safety.
Depending on the case, it assumes the figure of irregular practice or crime, who posts or makes available, in whole or in part, data relating to explosives, credit card numbers, description of ways of committing crimes, software protected by copyright, even if this is compressed by other programs or even if it is made available in parts or incomplete.
BlackBoxing and BlueBoxing
BlueBoxing - Making unpaid phone calls using electronic devices.
BlackBoxing - Interconnection of electronic components that when attached to home phones, allow all incoming calls to be received without charge to the caller.
Carding
Handling and obtaining personal data from the face or from magnetic strips of credit, debit or telecommunications cards.
All forms of data manipulation or identification elements, whether on the face or contained in magnetic strips of credit, debit or telecommunications cards, as well as the implantation of data or identification elements in other technical supports, constitute a crime of forgery, punishable by up to 3 years imprisonment.
The use of identification elements or third-party bank details is a crime of fraud, punishable by a prison sentence of up to 3 years and is aggravated if the amount in question is high or if they continue this conduct more than once.
Abuse of the possibility conferred by the possession of a credit card, even if only for the attempted form, is punishable by up to 3 years imprisonment, which may be aggravated up to 5 years or from 2 to 8 years, if the value is high or pretty high.
Generators and extrapolators
Cracking
The process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form.
Modification of software to remove or disable features which are considered undesirable to the cracker, especially copy protection systems or software annoyances, like adware.
A cracker uses the capabilities to his own advantage while belittling damages to third parties.
The decompilation of programs is punished by the Legal Protection of Computer Programs Law and by the Portuguese Cybercrime Law, by the article 8 on illegitimate reproduction of protected program.
This legislation covers memory resident programs (TSRs), which allow the use of utility software and games in violation of copyright.
Hacking
Intrusion on computer systems in order to understand how they work and gain more knowledge about it.
A hacker is a computerized intellectual who loves to break into other people's systems to simply fill his ego.
Hackers do not destroy, steal or spy on information for money, unlike crackers.
Cracking activities (illegitimate access for the purpose of data destruction) are, under Portuguese law, a crime of illegitimate access.
VUI, NUI, Nuke and Phreaking
VUI’s e NUI’s (Virtual User Interface e Network User Identification)
Improper use of the so-called NUIs and VUIs to access x.25 networks is a crime of illegitimate access, punishable by the Portuguese Cybercrime Law.
Nuke
Name given to programs that prematurely terminate a TCP/IP connection by sending ICMP packets with error messages. Such packages can be directed to the server (server-side nuke) or to the client (client-side nuke).
Phreaking
Act of circumventing public telephones, copying telephones, tapping and even breaking into telephone exchanges by individuals with high knowledge of telephone systems (Phreakers).
In addition to applying the same principles relating to blueboxing activities, the use of communication networks based on the manipulation of telephone exchanges accessed without authorization for that purpose, constitutes the crime of illegitimate access under the Portuguese Cybercrime Law.
Sniffing
Act of listening to or intercepting other people's communications.
It is generally used to discover passwords.
It falls under the crime of illegitimate interception.
The trafficking of wiretapping instruments is also a crime.
SPAM
It consists of sending a large number of unsolicited e-mail messages.
E-mails to publicize products and services, requests for donations of assistance works, lucky chains, proposals to earn easy money, lying rumors, among others.
Basically, it is the simultaneous sending of an e-mail message to several users at the same time. It generally has the following characteristics:
is not requested by the recipient;
the sender's identification is false;
a victim's email server machine is used, be it an ISP or a public or private entity.
In Portugal, it is this third paragraph c) that gives the criminal classification to those who send “spam”, since those who use a third-party email server in those terms can be accused of committing the crime of illegitimate access.
The crime of Electronic falsification may also coexist if the falsified address identification referred to in paragraph b) (sender's identification is false) belongs to a specific person.
If the purpose of "spam" is to interfere with the normal functioning of a computer system, it may be considered a crime of computer sabotage, punishable by a five-year prison sentence or a fine.
Phishing
It is an attempt to trick Internet service users into providing their confidential information, such as the username and password to access Home Banking.
Often, these attempts use apparently legitimate emails or instant messages, combined with fake websites, to make fraudulent requests for information (ie, they will "fish" data).
Phishing is a type of online fraud and phishers are nothing less than tech savvy crooks. In a typical phishing scam, phishers send emails that appear to come from a legitimate company in an attempt to trick users into providing their personal information, which will be used for “identity theft”.
Phishers use a variety of sophisticated devices to get the information they want, including pop-up windows, URL masks that simulate real web addresses, and keyboard action readers (keyLoggers, AxisLoggers, ScreenLoggers) that capture account names and passwords.
Social engineering: Electronic falsification
Phishing email dissemination; Hosting of Phishing sites; Aggregation of information collected in Phishing scams.
Intrusion: Illegitimate access
Exploits; SQL Injections; XSS; File Inclusion; Illegal login (Brute-force; Password cracking; Dictionary attacks); Bypass control system. Theft of access credentials.
Pharming
It is an attempt to deceive Internet users by misappropriating or misusing a website's domain name or URL and redirecting its visitors to a fake website where fraudulent requests for information are made.
Phishing and pharming activities are punishable in Portugal, depending on the applicable legal framework, such as Illegitimate access or computer sabotage crimes under the Portuguese Cybercrime Law and also as computer and communications fraud under the Portuguese Penal Code.
Internet Grooming
Internet grooming is the English expression used to generically define the process used by sexual predators on the Internet, ranging from initial contact to sexual exploitation of children and young people.
It is a complex, carefully individualized process, patiently developed through assiduous and regular contacts developed over time and which may involve flattery, sympathy, offering gifts, money or supposed modelling work, but also blackmail and intimidation.
It is, in most situations, the preparatory act for another illegal activity: Child Sexual Abuse (Pedophilia).
Sextortion
Sextortion is a form of blackmail where someone threatens to share intimate images online unless the victim give in to their demands.
These demands are typically for money, more intimate images or sexual favors.
Blackmailers often target people through dating apps, social media, webcams or adult pornography sites.
Datajacking / Ramsomware
Extortion of companies through the action of a hacker who after illegally access the system of that company proceeds to the encryption of the data stored there.
The company is then contacted, and a ransom is required so that they can regain access to the system and information.
It is punished in Portugal, depending on the applicable legal framework, as a crime of illegitimate access or computer sabotage under the Portuguese Cybercrime Law and as a document extortion under de Portuguese Penal Code.
IP spoofing
It is a computer systems subversion technique that consists of masking (spoof) IP packets using spoofed sender addresses.
In the IP protocol, the forwarding of packets is based on a very simple premise: the packet must go to the recipient (destination-address) and there is no verification of the sender — there is no validation of the IP address nor its relationship with the previous router (who forwarded the package). Thus, it becomes trivial to spoof the source address through simple manipulation of the IP header.
In Portugal, it can be penalized as a crime of Electronic falsification under the Portuguese Cybercrime Law or as a computer and communications fraud under the Portuguese Penal Code.
SYN flood (Denial of Service – DoS or DDoS)
SYN attack is a form of denial-of-service attack on computer systems, in which the attacker sends a sequence of SYN (synchronization) requests to a target system.
When a client tries to initiate a TCP connection with a server, the client and server exchange a series of messages, which are typically:
The client requests a connection by sending a SYN (synchronize) to the server.
The server confirms this request by sending a SYN-ACK back to the client.
The client in turn responds with an ACK, and the connection is established.
This is called the Three-Way Handshake.
A malicious client may not send this last ACK message.
The server will wait for this for a while, as simple network congestion can be the cause of the missing ACK.
This so-called semi-open connection can take up resources on the server or cause losses for companies using licensed software per connection.
It might be possible to occupy all the resources of the machine, with several SYN packages.
Once all resources are occupied, no new connections (legitimate or otherwise) can be made, resulting in a denial of service.
It is penalized as a crime of computer sabotage under the Portuguese Cybercrime Law.
Cyberterrorism
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.
The 2007 cyberattacks on Estonia were a series of cyberattacks which began on 27 April 2007 and targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution.
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games.
In late November 2014, Sony Pictures Entertainment was hacked by a group calling itself the Guardians of Peace. The hackers, who are widely believed to be working in at least some capacity with North Korea, stole huge amounts of information off of Sony's network.
Malware
Crime of computer sabotage under the Portuguese Cybercrime Law.
Infection; Dissemination; Web hosting or Server; Replication.
Non-availability and sabotage
Crime of computer sabotage under the Portuguese Cybercrime Law.
DoS; Disruption of processing and response capacity; Package Flood; Exploit.
Illicit information collection
Crime of illegitimate interception under the Portuguese Cybercrime Law. Scan; Probe to system; Network scan; DNS zone transfer; Sniffing; Wiretapping.
Smurf Attack
Like the SYN flood attack, although it involves a forged ICMP (Ping Service Protocol) packet sent to a broadcast address, targeted to most operating systems and routers.
The Smurf attack is a category of network-level attacks perpetrated against hosts with the aim of denying services.
The attacker sends large amounts of ICMP traffic echo requests (ping) to a network broadcast IP using a source address (spoofed IP) of the victim.
In a multi-access broadcast network, it can cause a few hundred computers on the network to respond to the request for each packet, which causes the computers on the network to bombard the victim with a response to the forged request.
The Fraggle attack is a variation of the Smurf attack that sends large amounts of UDP packets to ports 7 (Echo) and 19 (Chargen).
Currently, the machines most affected by this type of attacks are IRC servers and their suppliers. This type of attack is penalized in Portugal just like SYN flood attacks.
Cybersquatting
Malicious practice which consists of registering domains relating to large companies or famous people (domain name) with the intention of taking advantage of the popularity of the person or the company's trademark, also known as domain trafficking.
Cybersquatters often register these domains before the target company, thus forcing the target company to buy the domain from them at a higher price.
Cybersquatting comes from the term “squatting”, which describes the act of occupying a space or building, abandoned or uninhabited, without permission from its legal owners.
In some cases, the domain name is used to post derogatory comments about the target company. The legitimate company or person has no other option than to buy the domain name at ridiculously high prices.
This practice can be penalized as extortion in the Portuguese Penal Code.
Website defacement
Website defacement is an attack on a website that changes the visual appearance of a website or a web page.
These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own.
It is penalized as a crime of damage relating to programs or other computer data under the Portuguese Cybercrime Law.
Warez
Term derived from the English language, second half of the word software in the plural, under an l33t (elitist) pronunciation: wares /ˈwɛərz/.
It is Software that is illegally distributed over the Internet. The "Z" is purposeful, serving to indicate something that is illegal. It can also be used in other terms such as Gamez (pirated games), Romz (video games for PC through emulators, but also illegal), i.e., the term refers to the illegal trade (piracy) of copyrighted products used in general in the within organized groups, making use of peer-to-peer networks, sharing files among friends or among large groups of people with similar interests.
Penalized in Portugal as the crime of usurpation under the Portuguese Code of Copyright and Related Rights and as a crime of illegitimate reproduction of a protected program, under the the Portuguese Cybercrime Law.
Copying and distributing to third party computer programs protected by law - copyright - are prohibited and punishable by law up to three years in prison. Attempted copying or distribution is also punishable.
This law covers the total or partial distribution of computer programs, even if compressed by other programs, in newsgroups, IRC's, www, ftp, etc.
Last updated