Scribd Logo
Upload

Welcome to Scribd!

  • Computer Fraud and Abuse Techniques

    Uploaded by

    Waya Lapian
    15 views17 pages

    Original Title

    romney_ais13_ppt_06.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views17 pages

    Computer Fraud and Abuse Techniques

    Uploaded by

    Waya Lapian

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Computer Fraud and Abuse

    Techniques

    Chapter 6

    Copyright © 2015 Pearson Education, Inc.


    6-1
    Learning Objectives

    • Compare and contrast computer attack and


    abuse tactics.

    • Explain how social engineering techniques are


    used to gain physical or logical access to
    computer resources.

    • Describe the different types of malware used to


    harm computers.
    Copyright © 2015 Pearson Education, Inc. 6-2
    Types of Attacks

    • Hacking
    ▫ Unauthorized access, modification, or use of an
    electronic device or some element of a computer
    system
    • Social Engineering
    ▫ Techniques or tricks on people to gain physical or
    logical access to confidential information
    • Malware
    ▫ Software used to do harm

    Copyright © 2015 Pearson Education, Inc. 6-3


    Hacking

    ▫ Hijacking
     Gaining control of a computer to carry out illicit
    activities
    ▫ Botnet (robot network)
     Zombies
     Bot herders
     Denial of Service (DoS) Attack
     Spamming
     Spoofing
     Makes the communication look as if someone else sent
    it so as to gain confidential information.

    Copyright © 2015 Pearson Education, Inc. 6-4


    Forms of Spoofing

    • E-mail spoofing
    • Caller ID spoofing
    • IP address spoofing
    • Address Resolution (ARP) spoofing
    • SMS spoofing
    • Web-page spoofing (phishing)
    • DNS spoofing

    Copyright © 2015 Pearson Education, Inc. 6-5


    Hacking with Computer Code
    • Cross-site scripting (XSS)
    ▫ Uses vulnerability of Web application that allows
    the Web site to get injected with malicious code.
    When a user visits the Web site, that malicious
    code is able to collect data from the user.
    • Buffer overflow attack
    ▫ Large amount of data sent to overflow the input
    memory (buffer) of a program causing it to crash
    and replaced with attacker’s program instructions.
    • SQL injection (insertion) attack
    ▫ Malicious code inserted in place of a query to get
    to the database information
    Copyright © 2015 Pearson Education, Inc. 6-6
    Other Types of Hacking
    • Man in the middle (MITM)
    ▫ Hacker is placed in between a client (user) and a
    host (server) to read, modify, or steal data.
    • Piggybacking
    • Password cracking
    • War dialing and driving
    • Phreaking
    • Data diddling
    • Data leakage
    • podslurping
    Copyright © 2015 Pearson Education, Inc. 6-7
    Hacking Used for Embezzlement

    • Salami technique:
    ▫ Taking small amounts at a time
     Round-down fraud
    • Economic espionage
    ▫ Theft of information, intellectual property and
    trade secrets
    • Cyber-extortion
    ▫ Threats to a person or business online through
    e-mail or text messages unless money is paid

    Copyright © 2015 Pearson Education, Inc. 6-8


    Hacking Used for Fraud
    • Internet misinformation
    • E-mail threats
    • Internet auction
    • Internet pump and dump
    • Click fraud
    • Web cramming
    • Software piracy

    Copyright © 2015 Pearson Education, Inc. 6-9


    Social Engineering Techniques
    • Identity theft • URL hijacking
    ▫ Assuming someone else’s ▫ Takes advantage of
    identity typographical errors entered in
    for Web sites and user gets
    • Pretexting
    invalid or wrong Web site
    ▫ Using a scenario to trick
    victims to divulge information
    • Scavenging
    or to gain access ▫ Searching trash for confidential
    information
    • Posing
    ▫ Creating a fake business to get
    • Shoulder surfing
    sensitive information ▫ Snooping (either close behind
    the person) or using technology
    • Phishing
    to snoop and get confidential
    ▫ Sending an e-mail asking the information
    victim to respond to a link that
    appears legitimate that
    • Skimming
    requests sensitive data  Double swiping credit card
    • Pharming • Eeavesdropping
    ▫ Redirects Web site to a spoofed
    Web site
    Copyright © 2015 Pearson Education, Inc. 6-10
    Why People Fall Victim
    • Compassion
    ▫ Desire to help others
    • Greed
    ▫ Want a good deal or something for free
    • Sex appeal
    ▫ More cooperative with those that are flirtatious or good looking
    • Sloth
    ▫ Lazy habits
    • Trust
    ▫ Will cooperate if trust is gained
    • Urgency
    ▫ Cooperation occurs when there is a sense of immediate need
    • Vanity
    ▫ More cooperation when appeal to vanity

    Copyright © 2015 Pearson Education, Inc. 6-11


    Minimize the Threat of Social
    Engineering

    • Never let people follow you into restricted areas


    • Never log in for someone else on a computer
    • Never give sensitive information over the phone
    or through e-mail
    • Never share passwords or user IDs
    • Be cautious of someone you don’t know who is
    trying to gain access through you

    Copyright © 2015 Pearson Education, Inc. 6-12


    Types of Malware
    • Spyware • Trap door
    ▫ Secretly monitors and collects ▫ Set of instructions that allow
    information the user to bypass normal
    ▫ Can hijack browser, search system controls
    requests • Packet sniffer
    ▫ Adware ▫ Captures data as it travels
    • Keylogger over the Internet
    ▫ Software that records user • Virus
    keystrokes ▫ A section of self-replicating
    • Trojan Horse code that attaches to a
    program or file requiring a
    ▫ Malicious computer
    human to do something so it
    instructions in an authorized
    can replicate itself
    and properly functioning
    program • Worm
    ▫ Stand alone self replicating
    program 6-13
    Copyright © 2015 Pearson Education, Inc.
    Cellphone Bluetooth Vulnerabilities

    • Bluesnarfing
    ▫ Stealing contact lists, data, pictures on bluetooth
    compatible smartphones
    • Bluebugging
    ▫ Taking control of a phone to make or listen to
    calls, send or read text messages

    Copyright © 2015 Pearson Education, Inc. 6-14


    Key Terms
    • Hacking • Address Resolution Protocol
    • Hijacking (ARP) spoofing
    • Botnet • SMS spoofing
    • Zombie • Web-page spoofing
    • Bot herder • DNS spoofing
    • Denial-of-service (DoS) attack • Zero day attack
    • Spamming • Patch
    • Dictionary attack • Cross-site scripting (XSS)
    • Splog • Buffer overflow attack
    • Spoofing • SQL injection (insertion)
    attack
    • E-mail spoofing
    • Man-in-the-middle (MITM)
    • Caller ID spoofing
    attack
    • IP address spoofing
    • Masquerading/impersonation
    • MAC address
    • Piggybacking
    Copyright © 2015 Pearson Education, Inc. 6-15
    Key Terms (continued)
    • Password cracking • Internet terrorism
    • War dialing • Internet misinformation
    • War driving • E-mail threats
    • War rocketing • Internet auction fraud
    • Phreaking • Internet pump-and-dump
    • Data diddling fraud
    • Data leakage • Click fraud
    • Podslurping • Web cramming
    • Salami technique • Software piracy
    • Round-down fraud • Social engineering
    • Economic espionage • Identity theft
    • Cyber-extortion • Pretexting
    • Cyber-bullying • Posing
    • Sexting • Phishing
    Copyright © 2015 Pearson Education, Inc. • vishing 6-16
    Key Terms (continued)
    • Carding • Adware
    • Pharming • Torpedo software
    • Evil twin • Scareware
    • Typosquatting/URL hijacking • Ransomware
    • QR barcode replacements • Keylogger
    • Tabnapping • Trojan horse
    • Scavenging/dumpster diving • Time bomb/logic bomb
    • Shoulder surfing • Trap door/back door
    • Lebanese looping • Packet sniffers
    • Skimming • Steganography program
    • Chipping • Rootkit
    • Eavesdropping • Superzapping
    • Malware • Virus
    • Spyware • Worm
    • Bluesnarfing
    • Bluebugging
    Copyright © 2015 Pearson Education, Inc. 6-17

    You might also like