Malicious Code, Pharming, Weak and Default Passwords (AQA GCSE Computer Science): Revision Notes
Cyber security threats: Malicious code, pharming, weak and default passwords
What are cyber security threats?
Cyber security is all about protecting computer networks, devices, and the important information stored on them from attacks and unauthorised access. Think of it like putting locks on your house - we need digital "locks" to keep our data safe from cybercriminals.
There are many different ways that attackers can try to break into computer systems or steal your personal information. Let's look at three major threats you need to understand for your GCSE exam.
Malicious code (malware)
What is malicious code?
Malicious code, more commonly called malware, refers to any harmful software that gets installed on computer systems without permission.
The main goals of malware are to:
- Cause damage to the computer system
- Disrupt how the system normally works
- Steal valuable information like passwords or personal data
Types of malware
While there are many specific types of malware, the main categories include:
- Computer viruses - spread from one computer to another
- Trojans - disguise themselves as legitimate software
- Spyware - secretly monitor and steal user information
Real-world Example: Disguised Malware
Imagine downloading what you think is a free game, but it's actually malware. Once installed, it could steal your social media passwords or make your computer run very slowly by using its resources for criminal activities.
Pharming
What is pharming?
Pharming is a sneaky cyber attack where users think they're visiting a legitimate website, but they're actually being redirected to a fake copy controlled by criminals. It's like being given directions to a bank, but ending up at a fake bank where thieves steal your money.
How pharming works
There are two main methods criminals use for pharming attacks:
-
Malware method: Malicious software gets installed on your computer and changes the IP address settings. When you type in a website address (like your bank's website), the malware redirects you to a fake version instead.
-
DNS server attack: Criminals target the DNS servers that translate website names into IP addresses. By infecting these servers, they can redirect many users at once to fake websites.
Key terms you need to know:
- Domain name: The website address you type in (like www.hoddereducation.co.uk)
- DNS server: A computer system that stores information about which IP addresses correspond to domain names
Why pharming is dangerous
When you visit the fake website, it usually looks identical to the real one. You might enter your login details, credit card information, or other personal data thinking you're safe.
The criminals then capture this information and can use it to access your real accounts - this is particularly dangerous for online banking and shopping websites.
Weak and default passwords
Why passwords matter
Passwords are like digital keys that prevent unauthorised people from accessing networks and computer systems. However, they only work properly if they remain secret and are difficult for others to guess.
What makes a password weak?
A weak password is one that can be easily discovered by people who shouldn't know it. Examples of weak passwords include:
- Dictionary words (like "password" or "football")
- Simple patterns from a keyboard (like "qwerty" or "123456")
- Car registration numbers
- Dates of birth
- Names of family members or pets
Password attack methods
Brute force attacks
A brute force attack involves hackers using computer programmes to systematically try thousands of different combinations of letters, numbers, and symbols until they crack the password.
These attacks are often automated, meaning computers can try massive numbers of combinations very quickly.
The good news? Longer passwords with a mix of different characters take much longer to crack using brute force methods.
Dictionary attacks
Dictionary attacks work slightly differently - instead of trying random combinations, they use lists of commonly used passwords and standard dictionary words. This is why using simple words like "sunshine" or "football" as passwords is so dangerous.
The default password problem
Many computer systems and devices (like routers) come with default passwords set by the manufacturer when you first buy them. Common default passwords might be "admin", "password", or even just "12345".
The problem is that many users never bother to change these default passwords. This leaves systems extremely vulnerable because:
- The default passwords are often listed in instruction manuals
- They might even be printed on the device itself
- Hackers know the common default passwords for different types of equipment
If someone doesn't change a default password, it's like leaving your house key under a doormat that everyone knows about!
Exam tip
Remember that long passwords using a combination of uppercase letters, lowercase letters, numbers, and symbols are much more secure than short, simple ones. A password like "MyDog7Likes2Run!" is much stronger than "password123".
Key Points to Remember:
- Malware is any harmful software designed to damage systems or steal information - it includes viruses, trojans, and spyware
- Pharming redirects users from legitimate websites to fake copies where criminals can steal login details and personal information
- Weak passwords use dictionary words, personal information, or simple patterns that are easy for attackers to guess
- Default passwords that come with new devices must be changed immediately, or systems remain extremely vulnerable to attack
- Brute force and dictionary attacks are two common methods criminals use to crack passwords - longer, more complex passwords provide better protection