Computer Fraud and Abuse Techniques
Chapter 6
Copyright © 2015 Pearson Education, Inc.
6-1
Learning Objectives
•
Compare and contrast computer attack and abuse tactics.
•
Explain how social engineering techniques are used to gain physical or logical access
to computer resources.
•
Describe the different types of malware used to harm computers.
Copyright © 2015 Pearson Education, Inc.
6-2
Types of Attacks
•
Hacking
▫
Unauthorized access, modification, or use of an electronic device or some element of a
computer system
•
Social Engineering
▫
Techniques or tricks on people to gain physical or logical access to confidential
information
•
Malware
▫
Software used to do harm
Copyright © 2015 Pearson Education, Inc.
6-3
Hacking
▫
Hijacking
▫
Botnet (robot network)
Gaining control of a computer to carry out illicit activities
Zombies
Bot herders
Denial of Service (DoS) Attack
Spamming
Spoofing
Makes the communication look as if someone else sent it so as to gain confidential information.
Copyright © 2015 Pearson Education, Inc.
6-4
Forms of Spoofing
•
•
•
•
•
•
•
E-mail spoofing
Caller ID spoofing
IP address spoofing
Address Resolution (ARP) spoofing
SMS spoofing
Web-page spoofing (phishing)
DNS spoofing
Copyright © 2015 Pearson Education, Inc.
6-5
Hacking with Computer Code
•
Cross-site scripting (XSS)
•
Buffer overflow attack
•
SQL injection (insertion) attack
▫
▫
▫
Uses vulnerability of Web application that allows the Web site to get injected with
malicious code. When a user visits the Web site, that malicious code is able to collect
data from the user.
Large amount of data sent to overflow the input memory (buffer) of a program causing
it to crash and replaced with attacker’s program instructions.
Malicious code inserted in place of a query to get to the database information
Copyright © 2015 Pearson Education, Inc.
6-6
Other Types of Hacking
•
Man in the middle (MITM)
▫
Hacker is placed in between a client (user) and a host (server) to read, modify, or steal
data.
•
•
•
•
•
•
•
Piggybacking
Password cracking
War dialing and driving
Phreaking
Data diddling
Data leakage
podslurping
Copyright © 2015 Pearson Education, Inc.
6-7
Hacking Used for Embezzlement
•
Salami technique:
▫
Taking small amounts at a time
•
Economic espionage
▫
•
Round-down fraud
Theft of information, intellectual property and trade secrets
Cyber-extortion
▫
Threats to a person or business online through e-mail or text messages unless money
is paid
Copyright © 2015 Pearson Education, Inc.
6-8
Hacking Used for Fraud
•
•
•
•
•
•
•
Internet misinformation
E-mail threats
Internet auction
Internet pump and dump
Click fraud
Web cramming
Software piracy
Copyright © 2015 Pearson Education, Inc.
6-9
Social Engineering Techniques
•
Identity theft
•
Pretexting
•
•
•
▫
▫
Using a scenario to trick victims to divulge
information or to gain access
Creating a fake business to get sensitive
information
Phishing
▫
URL hijacking
•
Scavenging
•
Shoulder surfing
•
•
Skimming
Assuming someone else’s identity
Posing
▫
•
Sending an e-mail asking the victim to respond to a
link that appears legitimate that requests sensitive
data
▫
Takes advantage of typographical errors entered in
for Web sites and user gets invalid or wrong Web
site
▫
Searching trash for confidential information
▫
Snooping (either close behind the person) or using
technology to snoop and get confidential
information
Double swiping credit card
Eeavesdropping
Pharming
▫
Redirects Web site to a spoofed Web site
Copyright © 2015 Pearson Education, Inc.
6-10
Why People Fall Victim
•
Compassion
•
Greed
•
Sex appeal
•
Sloth
•
Trust
•
Urgency
•
Vanity
▫
Desire to help others
▫
Want a good deal or something for free
▫
More cooperative with those that are flirtatious or good looking
▫
Lazy habits
▫
Will cooperate if trust is gained
▫
Cooperation occurs when there is a sense of immediate need
▫
More cooperation when appeal to vanity
Copyright © 2015 Pearson Education, Inc.
6-11
Minimize the Threat of Social Engineering
•
•
•
•
•
Never let people follow you into restricted areas
Never log in for someone else on a computer
Never give sensitive information over the phone or through e-mail
Never share passwords or user IDs
Be cautious of someone you don’t know who is trying to gain access through you
Copyright © 2015 Pearson Education, Inc.
6-12
Types of Malware
•
Spyware
▫
▫
▫
•
•
Can hijack browser, search requests
Adware
Trap door
▫
Secretly monitors and collects information
Keylogger
▫
•
normal system controls
•
Packet sniffer
▫
•
Software that records user keystrokes
▫
so it can replicate itself
•
Worm
▫
Copyright © 2015 Pearson Education, Inc.
A section of self-replicating code that attaches to a
program or file requiring a human to do something
Malicious computer instructions in an authorized
and properly functioning program
Captures data as it travels over the Internet
Virus
Trojan Horse
▫
Set of instructions that allow the user to bypass
Stand alone self replicating program
6-13
Cellphone Bluetooth Vulnerabilities
•
Bluesnarfing
▫
•
Stealing contact lists, data, pictures on bluetooth compatible smartphones
Bluebugging
▫
Taking control of a phone to make or listen to calls, send or read text messages
Copyright © 2015 Pearson Education, Inc.
6-14
Key Terms
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Hacking
Hijacking
Botnet
Zombie
Bot herder
Denial-of-service (DoS) attack
Spamming
Dictionary attack
Splog
Spoofing
E-mail spoofing
•
•
•
•
•
•
•
•
•
•
•
•
Address Resolution Protocol (ARP) spoofing
SMS spoofing
Web-page spoofing
DNS spoofing
Zero day attack
Patch
Cross-site scripting (XSS)
Buffer overflow attack
SQL injection (insertion) attack
Man-in-the-middle (MITM) attack
Masquerading/impersonation
Piggybacking
Caller ID spoofing
IP address spoofing
MAC address
Copyright © 2015 Pearson Education, Inc.
6-15
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Password cracking
War dialing
War driving
War rocketing
Phreaking
Data diddling
Data leakage
Podslurping
Salami technique
Round-down fraud
Economic espionage
Cyber-extortion
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Internet terrorism
Internet misinformation
E-mail threats
Internet auction fraud
Internet pump-and-dump fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
Pretexting
Posing
Phishing
vishing
Cyber-bullying
Sexting
Copyright © 2015 Pearson Education, Inc.
6-16
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Carding
Pharming
Evil twin
Typosquatting/URL hijacking
QR barcode replacements
Tabnapping
Scavenging/dumpster diving
Shoulder surfing
Lebanese looping
Skimming
Chipping
Eavesdropping
Malware
Spyware
Copyright © 2015 Pearson Education, Inc.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit
Superzapping
Virus
Worm
Bluesnarfing
Bluebugging
6-17