At OWL Cybersecurity, we believe in the importance of educating everyone on the darknet. Much of the terminology we use to discuss darknet related content is common to those familiar with computer networking and information security, but like a foreign language to the general reader.
Below is the second update to our blog series covering key terms and definitions that we hope you will find helpful as you continue to learn about the darknet. Check out the new terms in the post below, or find them in the full glossary of Darknet 101 Terms in our resources section.
Botnet: A network of computers, or other IoT devices, infected with malware and being used (often unknowingly by device owner(s)) to send spam or support DDoS or other attacks.
Brute Force Attack: The trial-and-error entry of passwords and/or passphrases until the correct one is guessed and entry is gained.
Dark Web: Another way of referring to the darknet.
Encryption: The process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information, including files, storage devices, and data transfers, so that only authorized parties can view it.
Grey Hat: Refers to a hacker who might utilize black hat hacking methods with an ethical, or "white hat," intent.
Malware: Malicious software designed to access a system and perform unwanted actions on behalf of a third party.
Metadata: Refers to data that provides information about a certain item's content. For example, an image may include information that describes how large the picture is or when the image was created, while a text document may contain information about the author of the document, or the IP address of the document's author, and so on.
Open Source: Open source refers to any program or software that is freely available to the public. Unlike commercial software, open source programs can be modified and distributed by anyone and are often developed as a community.
OPSEC: Standing for "Operations Security," OPSEC is a term that originated from military jargon and has since become popular with the information security industry. In general, OPSEC refers to the standards by which a person or organization should function to ensure that a security breach (of any nature) does not occur. For example, leaving the pin code to a company's entrance key pad written on a sticky note where roaming eyes can see it might be considered negligence of company OPSEC.
Payload: Data being carried or transmitted, typically the functional piece of a computer virus.
PhaaS: A new term that refers to a phishing package that is offered in SaaS format. These packages are sold on the darknet and provide everything a novice hacker might need to run a phishing scam, including templates, tech support and tutorials.
Sandbox: An isolated, controlled environment within which potentially dangerous programs are run. In a Sandbox, one can install, open and examine computer applications, potential phishing emails or infected documents without threatening the safety of the rest of the computer (or any place outside of the sandboxed environment).
Social Engineering: Psychological manipulation of people into performing actions or divulging confidential information.
VPN: A Virtual Private Network (VPN) is a means of re-routing a connection to the internet through privacy enhanced "tunnels," providing the subsequent internet traffic with an added layer of security and anonymity.
Zero-day: A security gap or vulnerability in a piece of software or a system that is not yet known to the software or system vendor. Once discovered, it may be exploited by attackers using a zero-day exploit.