Fishing is something your dad does; ‘phishing’ is when a hacker baits and hooks you with deceptive messaging. Getting ‘whaled’ sounds like something undergrads do on the weekend — not CEO fraud. Trying to keep up with pop cultural terms like the nuances between eyebrows that are “on fleek”, sneakers that are “fire” and what that eggplant emoji symbolizes is practically a full-time job. Throw in all these cyber metaphors and your brain could be headed for a system crash.
But as technology infuses itself further into our daily lives, so too will cyber security become part of the popular vernacular. From Mr. Robot to presidential policy, people need to keep it square and familiarize themselves with the jargon.
Everybody has heard of worms and viruses, but what about ‘drive-by downloads’ or a ‘sandbox’? With etymologies leading back to hacker forums, the semantics of cyber are understandably confusing to those not fluent in IT — and many of those who are.
To protect you from cyber security metaphor overload, we have added a new offering to our arsenal: Advanced Metaphor Protection (AMP). Think of it as less of a formal service and more of a public service. Start with this glossary to ‘amp’ up your vocabulary with the most hazy hacking terms.
Angling or Angler Phishing
IRL meaning: The term comes from the anglerfish, a deep sea predator that lures prey with a glowing organ hanging from a modified dorsal fin — like Mother Nature Macgyvering a flash light and a fishing rod. It also has giant razor sharp teeth and made a cameo appearance in the film Finding Nemo, traumatizing children everywhere.
URL meaning: The only thing scarier than the anglerfish is Angler Phishing, or “angling”. Fortune describes it as cyber criminals impersonating banks’ and retailers’ social media teams in order to trick consumers into disclosing sensitive personal information. We’ll take the monster Macgyver fish any day.
Cyber 9/11 (… or Cyber Pearl Harbor or Cyber Armageddon)
IRL meaning: The worst terrorist attack in American history, an act of war or the end of the world, respectively.
URL meaning: At best this is melodramatic; at worst, it’s insulting. In general, Cyber 9/11 refers to cyber criminals or organizations using hacking to commit acts of terrorism. Everyone from the U.S. Homeland Security Secretary and CNet have helped popularize the term, particularly in reference to groups such as ISIS.
Demilitarized Zone or DMZ
IRL meaning: An area where laws or treaties ban military presence, activities or installations. Think: the Korean DMZ between North Korea and South Korea.
URL meaning: No clashes of capitalism and communism, no barbed wire — just a subnetwork that opens up an organization’s external services (i.e. mail and web servers) to a larger, untrusted network like the Internet. Underwhelming, right?
IRL meaning: A drive-by shooting is a hit-and-run assault from a vehicle— with “hit” more in the assassination sense of the term. Think the mafia or gangs.
URL meaning: A drive-by download can be like someone taking out a hit on your system — and you won’t see it coming. Usually, it occurs when you click a link in a fraudulent email, visit a compromised website or close or click a button on a deceptive pop-up. Before you know it, you’ve unintentionally downloaded malware onto your computer or mobile device… and there’s a horse head in your bed.
IRL: A wall meant to stop or inhibit the spread of fire. Or, more recently, the group of states that were supposed to get Hillary Clinton elected President of the United States. To borrow from the cyber metaphor, the system was infected.
URL: A security system meant to screen hackers and malware from accessing a private network while still allowing an outward flow of communication. Hopefully yours never gets “trumped”.
IRL: A series of regular personal cleanliness habits such as bathing, hand washing and brushing to maintain health — and dignity.
URL: A series of daily habits and programs for online safety. Analogous with personal health — except for your network. Actions could include anti-virus programs, running scans, updating passwords, etc.
IRL: “Fishing” is the sport or action of trying to catch a fish. Generally, through the use of bait, a line and a rod or nets.
URL: “Phishing” is when hackers bait users with creative graphic design and copy that appears like a trusted source. Once they have you hooked, usually through the click of an embedded like, they reel you to gut you AKA steal your sensitive personal, financial and company data or infect your system with malware.
IRL: A box filled with sand for children to play in. Telling someone to “play nice in the sandbox” generally means to be kind to an individual or others.
URL: A place to see if programs will play nice — or not. Technically, sandboxes in cyber security are tightly controlled environments where untested or untrusted programs can be run. Users can then see if it contains malware without allowing it to have access and harm the host network.
IRL: Junk mail. Or, an equally undesirable variety of canned meat.
URL: Junk mail. Unsolicited, unwanted and sometimes illegal emails or messaging. Often, these communications contain embedded links or attachments from hackers that are either phishing scams or malware. SPAM has also turned into a compound acronym, meaning Spam Phishing Attachments Malware.
IRL: Catching fish one-by-one by stabbing them with a spear. Tom Hanks got pretty good at it after a while in ‘Castaway’.
URL: Despite the marvelous mental image, hackers do not use snorkels and pointed sticks. Instead they have razor-sharp design and copy. As opposed to regular phishing attacks, which cast a wide net hoping to ensnare a few people among many, spear phishing attacks are highly researched, specific assaults on a specific target or organization.
IRL: A virus is a microscopic organism that invades living cells to replicate. It can only survive inside these cells, and being infected with a virus often leads to illness or a threat to health.
URL: We love our computers systems, we rely on them and when they get “sick”, we talk about them like they are people. They can get “infected” with a virus, which affects their “health” and “hygiene”. The only thing missing is the chicken soup. For many outside the cybersecurity and IT communities, the term ‘virus’ could refer to any computer infection. It’s actually under the umbrella term of malware, and is a malicious program that replicates itself, but is initiated by user interaction.
IRL: The dangerous, lengthy process of hunting whales for valuable blubber, meat and oil. (Think: Herman Melville’s classic “Moby Dick”.) The best defence against IRL whaling is Greenpeace.
URL: Clearly whoever comes up with these metaphors needs a basic biology lesson. While whaling may be phishing for the largest of targets, whales are not in fact fish — they are mammals. Whaling is a highly targeted form of phishing. Also known as business email compromise (BEC) or CEO fraud, victims are high-profile employees difficult to access. Hackers, much like Captain Ahab, go to great lengths to chase down these targets and harpoon the biggest rewards.
IRL: Cylindrical, limbless, soft-bodied invertebrates that live either in water, underground, in host bodies. There are parasitic worms, such as tapeworms and flatworms, which often live in their hosts’ intestinal tracts.
URL: Similar to their parasitic namesakes, worms are form of malware that lives in and drains energy from a host system. Self-replicating, they do not need to attach themselves to existing programs like viruses do. Though less common, they can still be dangerous and crippling to organizations. Worms can delete files in their host system, encrypt files for ransomware, export sensitive data or open backdoors that allow hackers to remotely control the targeted computer systems.