Computer Fraud and Abuse Techniques - Pearson Education

Computer Fraud and Abuse Techniques Chapter 6 Copyright 2015 Pearson Education, Inc. 6-1 Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. Copyright 2015 Pearson Education, Inc. 6-2 Types of Attacks Hacking Unauthorized access, modification, or use of an electronic device or some element of a computer system

Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm Copyright 2015 Pearson Education, Inc. 6-3 Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming

Spoofing Makes the communication look as if someone else sent it so as to gain confidential information. Copyright 2015 Pearson Education, Inc. 6-4 Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing Copyright 2015 Pearson Education, Inc. 6-5 Hacking with Computer Code Cross-site scripting (XSS) Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious

code is able to collect data from the user. Buffer overflow attack Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attackers program instructions. SQL injection (insertion) attack Malicious code inserted in place of a query to get to the database information Copyright 2015 Pearson Education, Inc. 6-6 Other Types of Hacking Man in the middle (MITM) Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage podslurping

Copyright 2015 Pearson Education, Inc. 6-7 Hacking Used for Embezzlement Salami technique: Taking small amounts at a time Round-down fraud Economic espionage Theft of information, intellectual property and trade secrets Cyber-extortion Threats to a person or business online through e-mail or text messages unless money is paid Copyright 2015 Pearson Education, Inc. 6-8 Hacking Used for Fraud Internet misinformation E-mail threats Internet auction

Internet pump and dump Click fraud Web cramming Software piracy Copyright 2015 Pearson Education, Inc. 6-9 Social Engineering Techniques Identity theft Assuming someone elses identity Pretexting Using a scenario to trick victims to divulge information or to gain access Posing Creating a fake business to get sensitive information Phishing Sending an e-mail asking the victim to respond to a link that appears legitimate that

requests sensitive data Pharming Redirects Web site to a Copyright 2015 Pearson Education, spoofed Web site Inc. URL hijacking Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging Searching trash for confidential information Shoulder surfing Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card

Eeavesdropping 6-10 Why People Fall Victim Compassion Desire to help others Greed Want a good deal or something for free Sex appeal More cooperative with those that are flirtatious or good looking Sloth Lazy habits Trust Will cooperate if trust is gained Urgency Cooperation occurs when there is a sense of immediate need Vanity More cooperation when appeal to vanity Copyright 2015 Pearson Education,

Inc. 6-11 Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you dont know who is trying to gain access through you Copyright 2015 Pearson Education, Inc. 6-12 Types of Malware Spyware Secretly monitors and collects information Can hijack browser, search requests Adware

Keylogger Software that records user keystrokes Trojan Horse Malicious computer instructions in an authorized and properly functioning program Copyright 2015 Pearson Education, Inc. Trap door Set of instructions that allow the user to bypass normal system controls Packet sniffer Captures data as it travels over the Internet Virus A section of selfreplicating code that attaches to a program or file requiring a human to do something so it can replicate itself

Worm Stand alone self replicating program 6-13 Cellphone Bluetooth Vulnerabilities Bluesnarfing Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging Taking control of a phone to make or listen to calls, send or read text messages Copyright 2015 Pearson Education, Inc. 6-14 Key Terms

Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing E-mail spoofing Caller ID spoofing IP address spoofing MAC Copyright 2015address Pearson Education, Inc. Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS)

Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/ impersonation 6-15 Piggybacking Key Terms (continued) Password cracking War dialing

War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting Copyright 2015 Pearson Education, Inc.

Internet terrorism Internet misinformation E-mail threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing 6-16 Key Terms (continued) Carding Pharming

Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Copyright 2015 Pearson Education, Spyware Inc.

Adware Torpedo software Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing 6-17 Bluebugging

Recently Viewed Presentations

  • Collaboration for Access: Metadata template creation at ...

    Collaboration for Access: Metadata template creation at ...

    Wichita State University Libraries is a medium sized library with a limited number of staff in Technical Services and Special Collections and University Archives. Special Collections consists of the curator, program consultant, project archivist, and a few student employees and...
  • SRR Charts Final - Northrop Grumman

    SRR Charts Final - Northrop Grumman

    TDRS - Supplier Users(CEN Workflow Task - Domestic/ForeignSupplier) Note: The Attachments page displays any attachments associated with the CEN Workflow and allows the Supplier to add any additional attachments needed for completion of the CEN Workflow task. Click browse to...
  • An Introduction to the Finite Element Analysis

    An Introduction to the Finite Element Analysis

    2.0 Finite Element Method. Two interpretations. Physical Interpretation: The continous physical model is divided into finite pieces called elements and laws of nature are applied on the generic element.
  • Language Genres - colaistemuirelearninghub.com

    Language Genres - colaistemuirelearninghub.com

    Language Genres. Aims. ... Persuasive writing . Beautiful/Poetic writing or the Aesthetic Use of Language *You will need to understand not only how to identify the features of each of these genres but how to use them in your own...
  • For Combined Foundation Physics Paper 1, you will need to ...

    For Combined Foundation Physics Paper 1, you will need to ...

    For Combined Higher Physics Paper 1, you will need to revise .. Circuit Symbols and how voltmeters and ammeters are connected in a circuit. Function of LDR, Thermistor, Diode, Variable resistor, and V/I graphs for cell components.
  • Il Naturalismo francese

    Il Naturalismo francese

    Arial Wingdings Impact Arial Narrow Times New Roman Capsule 01069078 1_Capsule 1_01069078 Il Naturalismo francese e il Verismo italiano Il quadro storico-culturale Il precedente di Flaubert Il termine "naturalismo" Tranches de vie L'esordio del naturalismo: i Goncourt Il romanzo sperimentale...
  • KEMENTERIAN PEMBERDAYAAN PEREMPUAN DAN PERLINDUNGAN ANAK REPUBLIK INDONESIA

    KEMENTERIAN PEMBERDAYAAN PEREMPUAN DAN PERLINDUNGAN ANAK REPUBLIK INDONESIA

    PetunjukTeknisbagi DP3A Kab/Kota untukReplikasi. Merencanakan, menggalangdukunganpenganggaranreplikasi, menjadwalkan. MemilihlokasiReplikasi. MenetapkanPetugas DP3A ...
  • UML Use Cases - NASA

    UML Use Cases - NASA

    UML Use Case Diagram Fowler, M., & Scott, K., UML Distilled: Applying the Standard Object Modeling Language, Addison-Wesley, 1997. Research Problem Research has been conducted on writing effective software requirements in a natural language and has resulted in the development...