Articles by the cybersecurity community

Showing posts with label book. Show all posts
Showing posts with label book. Show all posts

Excerpt from book Unmasking the Hacker - phishing



The term phishing originates in 1996 with the
AOHell scammers and it is a type of technology-based
fraud where emails are made to appear as being sent
from legitimate companies or familiar people in order
to trick the recipients. There is nothing mystical in
why phishing is successful, and neither are the perpetrators
of this type of cybercrime shadowy figures in
hoodies. Phishing emails exploit human psychology,
using social engineering techniques, to trick the recipient
into providing their account credentials or paying
spoofed invoices. Common syntax in phishing emails,
for example, is designed to make the recipient act fast
without thinking their actions through, with their call
to immediate action, spoofed believable entities and
appeal to people to do the right thing. Phishing emails,
for example, often convey a sense of urgency2 which
encourages recipients to make panicked hurried decisions,
where they do not take the time to think
whether the message is legitimate.
Successful phishing emails rely on being believable,
playing to emotions and the false sense of security of
the recipient. These scam emails whether they are
baiting for credentials, money or intellectual property,
rely on being believable, they spoof trusted brands or
people and relate to everyday topics such as invoices,
correcting log in issues or post deliveries. Phishing
emails play to emotions with subject lines designed to
scare or promote a sense of urgency in the recipient, or
by cajoling or encouraging the recipient to do the right
thing and click the link to fix a payment for example.
Phishing emails also have success as end users may have
a false sense of security believing that spam filters will
block all malicious emails.


For more infomration on this book and where to buy it please visit this page > Demystify Cyber Book Launch <

Excerpt from book Unmasking the hacker - protect yourself from #phishing

It is Sunday 5 January 2020 as this is published and I am working on editing and writing more for my book and hope to have it in a good state to self publsh by end January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated with them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is about protecting yourself from phishing.


......................  As phishing emails tend to be a main way for criminals to compromise accounts, steal money and information and introduce malware into their targets’ computers, it pays to understand simple ways to help protect ourselves from this type of scam. When an email is spoofed, the display name and actual email address are different, so take care to check that the display name matches the sender’s email address.

If there are hyperlinks in an email, hover over them with the mouse but do not click, when you hover over the link, have a look at what the actual link is. Take a moment to think about what the email says, check that it is written in the usual way that individual or company writes when you receive email from them. Be wary when an email subject line or message body contains urgent or threatening language, consider if this is the way the company or person would normally address you or the situation.

If an email contains an attachment, consider whether or not you were expecting one form the sender or if the attachment is something you would normally receive. If an email requests money to be transferred or sensitive information to be provided check with the purported sender via other means before actioning the request to verify the email is legitimate.

While spam filters, email gateways and anti-virus applications provide some layers of security, it is important to not allow a false sense of security in them or your own abilities in spotting a scam. Just because your company, or even you as an individual, may be using the best spam filters and other security software, does not means you will not receive a malicious email. ......

Excerpt from book Unmasking the Hacker - DDoS and Botnets

It is Sunday 15 December 2019 as this is published and I am working on editing and writing more for my book and hope to have it in a good state to self publsh by by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated with them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is about DDoS and Botnets



A way for criminals to cause major disruptions to the networks or websites of businesses for malicious reasons such as hacktivism or financial gain, is a type of cybercrime called a Distributed Denial of Service (DDoS) attack. The criminals behind these DDoS incidents may not have created the malware themselves, as they may have purchased from others who have created it to sell as a type of malware as a service (MaaS), and they may not actually perform the DDoS themselves, as they may purchase the services from other criminals as a DDoS for hire. 

As many computers are needed to create the network traffic to cause a DDoS, criminals infect the computers of individuals and businesses, via malicious attachments in spam emails for example, to act as their slaves, or bots. These infected computers, which collectively form a botnet, are not just used to deliver DDoS however, as criminals also use them to send spam emails and malware.

An example of a denial of service incident occurred in 2012, when DDoS attacks were launched against the websites of both the United Kingdom Home Office and politician Theresa May. These attacks prevented legitimate visitors to those websites and, the decentralised hacktivist group, Anonymous publicly declared it was in response to a proposed extradition of Wikileaks founder Julian Assange to Sweden1. In November 2012 a man was arrested in England due to his alleged association2 with these cybercrime incidents.  

Another example of hacktivism, in this case allegedly to demonstrate that certain game console companies hadn’t invested enough in cybers security, occurred towards the end of 2015. A hacker group calling themselves the Phantom Squad used the social media platform Twitter to share its alleged motivations to take down the gaming networks of two large companies, in a DDoS attack in a similar manner to another group, the Lizard squad.


1 https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange
2 https://www.scmagazineuk.com/article/1483374

Sample page of book Unmasking the Hacker

Excerpt from book Unmasking the hacker - The world of the web


It is Sunday 01 December 2019 as this is published and I am working on editing and writing more for my book and hope to have it in a good state to self publsh by by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated wiht them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is on the world wide web.

“The Web as I envisaged it, we have not seen it yet. The future is still so much bigger than the past.” – Sir Tim Berners-Lee[i]
Cybercrime, hackers and the dark web are often terms used together and, the idea of a part of the internet that is used for criminal activities by these shadowy hackers sounds both horrifying and mysterious. The internet brings information from all over the world, crossing geographical boundaries, to the computers of individuals and businesses, and it also used to commit crimes and drop malware. To help demystify cybercrime it helps to include a basic explanation of the internet, including a brief history of the world wide web and then look at the differences between the dark, deep and surface web.
Although the terms are sometimes used interchangeably, the internet and the world wide web are not the same thing. The internet is the structure in which the world wide web communication and retrieval framework exists. The internet dates back to at least fifty years with the Advanced Research Projects Agency Network (ARPANET)[ii] when the United States Defense Advanced Research Projects Agency (DARPA) researched ways for computers to communicate with each other[iii]. The research was referred to as the internetting project which gradually evolved into the term internet. Over the years the researchers developed a way for the computers to transmit data via linked packet systems with the transmission control protocol (TCP) and the internet protocol (IP).
The concept of the world wide web was proposed in 1989 by Sir Tim Berners-Lee to establish a more efficient way to share information between researchers and universities. By 1990, he and his colleagues at CERN had developed a better way for the internet to be navigated, with the Hyper Text Markup Language (HTML) that created a standardised internet communication framework. The use of hypertext links, also known as hyperlinks, however, dates back much further to the 1960s. The online system, that used hypertext links, was known by the acronym NLS and was created by Douglas Englebert and implemented by the Augmentation Research Centre (ARC)[iv]. As an aside this system was also known for its windowed screens and the use of a mouse. Hyper Text Transfer Protocol (HTTP), also developed at CERN in work initiated by Berners-Lee, is the framework in which computers transmit and receive information over the internet. The first iteration of this protocol had one method, called GET, to obtain a web page.
By 1991, the World Wide Web was open for anyone to use and was, as we know, later keenly adopted.



[i] ilva, D. (2009, April 22). Internet has only just begun, say founders. Retrieved from Phys Org: https://phys.org/news/2009-04-internet-begun-founders.html

[ii] Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., ... & Wolff, S. S. (1997). The past and future history of the Internet. Communications of the ACM40(2), 102-108.

[iii] Friedman, L. W., & Friedman, H. H. (2015). Connectivity and convergence: A whimsical history of Internet culture. Available at SSRN 2628901.

[iv] Press, L. (1986). The ACM conference on the history of personal workstations. ACM SIGSMALL/PC Notes12(4), 3-10.


Excerpt from book Unmasking the Hacker - phishing

It is Sunday 24 November 2019 as I write this. I am working on the draft of my book and hope to have it in a good state to do edits and rewrites in December to have it published by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated wiht them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is on phishing.


The term phishing dates back to 1996 with the AOHell scammers and it is a type of technology-based scam where emails are made to appears as being sent from legitimate companies or familiar people in order to trick the recipients. There is nothing mystical in why phishing is successful, and neither are the perpetrators of this type of cybercrime shadowy figures in hoodies. Phishing emails exploit human psychology, using social engineering techniques, to trick the recipient into providing their account credentials or paying spoofed invoices. Common syntax in phishing emails, for example, is designed to make the recipient act fast without thinking their actions through, with their call to immediate action, spoofed believable entities and appeal to people to do the right thing. Phishing emails, for example, often convey a sense of urgency[i] which encourages recipients to make panicked hurried decisions, where they do not take the time to think whether or not the message is legitimate.

Successful phishing emails rely on being believable, playing to emotions and the false sense of security of the recipient. These scam emails whether they are baiting for credentials, money or intellectual property, rely on being believable, they spoof trusted brands or people and relate to everyday topics such as invoices, correcting log in issues or post deliveries. Phishing emails play to emotions with subject lines designed to scare or promote a sense of urgency in the recipient, or by cajoling or encouraging the recipient to do the right thing and click the link to fix a payment for example. Phishing emails also have success as end users may have a false sense of security believing that spam filters will block all malicious emails, or maybe having an over confidence in their own abilities to spot scams. Criminals send, or use bots to send, bulk phishing emails that they know will have success somewhere as so many are sent.



[i] Ferreira, A., & Lenzini, G. (2015, July). An analysis of social engineering principles in effective phishing. In 2015 Workshop on Socio-Technical Aspects in Security and Trust (pp. 9-16). IEEE.