Scribd Logo
Upload

Welcome to Scribd!

  • 06 Ge

    Uploaded by

    azisridwansyah
    37 views13 pages

    Original Title

    ppt_06_ge

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views13 pages

    06 Ge

    Uploaded by

    azisridwansyah

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Chapter 6

    Computer Fraud and Abuse Techniques


    6-1
    Copyright © 2012 Pearson Education
    Learning Objectives

     Compare and contrast computer attack and


    abuse tactics.
     Explain how social engineering techniques are
    used to gain physical or logical access to
    computer resources.
     Describe the different types of malware used to
    harm computers.

    Copyright © 2012 Pearson Education 6-2


    Computer Attacks and Abuse

     Hacking
     Unauthorized access, modification, or use of a computer system or other
    electronic device

     Social Engineering
     Techniques, usually psychological tricks, to gain access to sensitive data
    or information
     Used to gain access to secure systems or locations

     Malware
     Any software which can be used to do harm

    Copyright © 2012 Pearson Education 6-3


    Types of Computer Attacks
     Botnet—Robot Network
     Network of hijacked computers
     Hijacked computers carry out processes without users knowledge
     Zombie—hijacked computer

     Denial-of-Service (DoS) Attack


     Constant stream of requests made to a Web-server (usually via a Botnet)
    that overwhelms and shuts down service

     Spoofing
     Making an electronic communication look as if it comes from a trusted
    official source to lure the recipient into providing information

    Copyright © 2012 Pearson Education 6-4


    Types of Spoofing
     E-mail
     E-mail sender appears as if it  SMS
    comes from a different source  Incorrect number or name appears,
    similar to caller-ID but for text
     Caller-ID messaging
     Incorrect number is displayed
     Web page
     IP address  Phishing (see below)
     Forged IP address to conceal
    identity of sender of data over the  DNS
    Internet or to impersonate another  Intercepting a request for a Web
    computer system service and sending the request to
    a false service
     Address Resolution Protocol (ARP)
     Allows a computer on a LAN to
    intercept traffic meant for any
    other computer on the LAN

    Copyright © 2012 Pearson Education 6-5


    Hacking Attacks
     Cross-Site Scripting (XSS)
     Unwanted code is sent via dynamic Web pages disguised as user input.

     Buffer Overflow
     Data is sent that exceeds computer capacity causing program instructions
    to be lost and replaced with attacker instructions.

     SQL Injection (Insertion)


     Malicious code is inserted in the place of query to a database system.

     Man-in-the-Middle
     Hacker places themselves between client and host.

    Copyright © 2012 Pearson Education 6-6


    Additional Hacking Attacks
     Password Cracking
     Penetrating system security to steal passwords

     War Dialing
     Computer automatically dials phone numbers looking for modems.

     Phreaking
     Attacks on phone systems to obtain free phone service.

     Data Diddling
     Making changes to data before, during, or after it is entered into a system.

     Data Leakage
     Unauthorized copying of company data.

    Copyright © 2012 Pearson Education 6-7


    Hacking Embezzlement Schemes
     Salami Technique
     Taking small amounts from many different accounts.

     Economic Espionage
     Theft of information, trade secrets, and intellectual property.

     Cyber-Bullying
     Internet, cell phones, or other communication technologies to support
    deliberate, repeated, and hostile behavior that torments, threatens, harasses,
    humiliates, embarrasses, or otherwise harms another person.

     Internet Terrorism
     Act of disrupting electronic commerce and harming computers and
    communications.

     Internet Misinformation

    Copyright © 2012 Pearson Education 6-8


    Hacking for Fraud

     Internet Misinformation
     Using the Internet to spread false or misleading information

     Internet Auction
     Using an Internet auction site to defraud another person
     Unfairly drive up bidding
     Seller delivers inferior merchandise or fails to deliver at all
     Buyer fails to make payment

     Internet Pump-and-Dump
     Using the Internet to pump up the price of a stock and then selling it

    Copyright © 2012 Pearson Education 6-9


    Social Engineering Techniques
     Identity Theft  Typesquatting
     Assuming someone else’s identity  Typographical errors when entering a
    Web site name cause an invalid site to be
     Pretexting accessed
     Inventing a scenario that will lull someone
    into divulging sensitive information
     Tabnapping
     Changing an already open browser tab
     Posing
     Using a fake business to acquire sensitive  Scavenging
    information  Looking for sensitive information in
    items thrown away
     Phishing
     Posing as a legitimate company asking for  Shoulder Surfing
    verification type information: passwords,  Snooping over someone’s shoulder for
    accounts, usernames sensitive information

     Pharming
     Redirecting Web site traffic to a spoofed
    Web site.

    Copyright © 2012 Pearson Education 6-10


    More Social Engineering

     Lebanese Loping
     Capturing ATM pin and card numbers

     Skimming
     Double-swiping a credit card

     Chipping
     Planting a device to read credit card information in a credit card reader

     Eavesdropping
     Listening to private communications

    Copyright © 2012 Pearson Education 6-11


    Type of Malware
     Spyware
     Secretly monitors and collects personal information about users and sends it to someone
    else
     Adware
     Pops banner ads on a monitor, collects information about the user’s Web-surfing,
    and spending habits, and forward it to the adware creator

     Key logging
     Records computer activity, such as a user’s keystrokes, e-mails sent and received, Web
    sites visited, and chat session participation

     Trojan Horse
     Malicious computer instructions in an authorized and otherwise properly functioning
    program
     Time bombs/logic bombs
     Idle until triggered by a specified date or time, by a change in the system, by a
    message sent to the system, or by an event that does not occur

    Copyright © 2012 Pearson Education 6-12


    More Malware
     Trap Door/Back Door
     A way into a system that bypasses normal authorization and authentication
    controls

     Packet Sniffers
     Capture data from information packets as they travel over networks
     Rootkit
     Used to hide the presence of trap doors, sniffers, and key loggers; conceal
    software that originates a denial-of-service or an e-mail spam attack; and
    access user names and log-in information

     Superzapping
     Unauthorized use of special system programs to bypass regular system
    controls and perform illegal acts, all without leaving an audit trail

    Copyright © 2012 Pearson Education 6-13

    You might also like