Computer Fraud and Abuse Techniques
Chapter 6

Copyright © 2015 Pearson Education, Inc.

6-1


Learning Objectives

•

Compare and contrast computer attack and abuse tactics.

•

Explain how social engineering techniques are used to gain physical or logical access
to computer resources.

•

Describe the different types of malware used to harm computers.

Copyright © 2015 Pearson Education, Inc.

6-2


Types of Attacks

•

Hacking

▫

Unauthorized access, modification, or use of an electronic device or some element of a
computer system

•

Social Engineering

▫

Techniques or tricks on people to gain physical or logical access to confidential
information

•

Malware

▫

Software used to do harm

Copyright © 2015 Pearson Education, Inc.

6-3



Hacking

▫

Hijacking

▫

Botnet (robot network)








Gaining control of a computer to carry out illicit activities
Zombies
Bot herders
Denial of Service (DoS) Attack
Spamming
Spoofing



Makes the communication look as if someone else sent it so as to gain confidential information.

Copyright © 2015 Pearson Education, Inc.


6-4


Forms of Spoofing

•
•
•
•
•
•
•

E-mail spoofing
Caller ID spoofing
IP address spoofing
Address Resolution (ARP) spoofing
SMS spoofing
Web-page spoofing (phishing)
DNS spoofing

Copyright © 2015 Pearson Education, Inc.

6-5


Hacking with Computer Code

•


Cross-site scripting (XSS)

•

Buffer overflow attack

•

SQL injection (insertion) attack

▫
▫
▫

Uses vulnerability of Web application that allows the Web site to get injected with
malicious code. When a user visits the Web site, that malicious code is able to collect
data from the user.
Large amount of data sent to overflow the input memory (buffer) of a program causing
it to crash and replaced with attacker’s program instructions.
Malicious code inserted in place of a query to get to the database information

Copyright © 2015 Pearson Education, Inc.

6-6


Other Types of Hacking

•


Man in the middle (MITM)

▫

Hacker is placed in between a client (user) and a host (server) to read, modify, or steal
data.

•
•
•
•
•
•
•

Piggybacking
Password cracking
War dialing and driving
Phreaking
Data diddling
Data leakage
podslurping

Copyright © 2015 Pearson Education, Inc.

6-7


Hacking Used for Embezzlement


•

Salami technique:

▫

Taking small amounts at a time



•

Economic espionage

▫

•

Round-down fraud

Theft of information, intellectual property and trade secrets

Cyber-extortion

▫

Threats to a person or business online through e-mail or text messages unless money
is paid

Copyright © 2015 Pearson Education, Inc.


6-8


Hacking Used for Fraud

•
•
•
•
•
•
•

Internet misinformation
E-mail threats
Internet auction
Internet pump and dump
Click fraud
Web cramming
Software piracy

Copyright © 2015 Pearson Education, Inc.

6-9


Social Engineering Techniques
•


Identity theft

•

Pretexting

•
•
•

▫
▫

Using a scenario to trick victims to divulge
information or to gain access
Creating a fake business to get sensitive
information

Phishing

▫

URL hijacking

•

Scavenging

•


Shoulder surfing

•
•

Skimming

Assuming someone else’s identity

Posing

▫

•

Sending an e-mail asking the victim to respond to a
link that appears legitimate that requests sensitive
data

▫

Takes advantage of typographical errors entered in
for Web sites and user gets invalid or wrong Web
site

▫

Searching trash for confidential information

▫


Snooping (either close behind the person) or using
technology to snoop and get confidential
information



Double swiping credit card

Eeavesdropping

Pharming

▫

Redirects Web site to a spoofed Web site

Copyright © 2015 Pearson Education, Inc.

6-10


Why People Fall Victim

•

Compassion

•


Greed

•

Sex appeal

•

Sloth

•

Trust

•

Urgency

•

Vanity

▫

Desire to help others

▫

Want a good deal or something for free


▫

More cooperative with those that are flirtatious or good looking

▫

Lazy habits

▫

Will cooperate if trust is gained

▫

Cooperation occurs when there is a sense of immediate need

▫

More cooperation when appeal to vanity

Copyright © 2015 Pearson Education, Inc.

6-11


Minimize the Threat of Social Engineering

•
•
•

•
•

Never let people follow you into restricted areas
Never log in for someone else on a computer
Never give sensitive information over the phone or through e-mail
Never share passwords or user IDs
Be cautious of someone you don’t know who is trying to gain access through you

Copyright © 2015 Pearson Education, Inc.

6-12


Types of Malware
•

Spyware

▫
▫
▫

•
•

Can hijack browser, search requests
Adware

Trap door


▫

Secretly monitors and collects information

Keylogger

▫

•

normal system controls

•

Packet sniffer

▫

•

Software that records user keystrokes

▫

so it can replicate itself

•

Worm


▫

Copyright © 2015 Pearson Education, Inc.

A section of self-replicating code that attaches to a
program or file requiring a human to do something

Malicious computer instructions in an authorized
and properly functioning program

Captures data as it travels over the Internet

Virus

Trojan Horse

▫

Set of instructions that allow the user to bypass

Stand alone self replicating program

6-13


Cellphone Bluetooth Vulnerabilities

•


Bluesnarfing

▫

•

Stealing contact lists, data, pictures on bluetooth compatible smartphones

Bluebugging

▫

Taking control of a phone to make or listen to calls, send or read text messages

Copyright © 2015 Pearson Education, Inc.

6-14


Key Terms
•
•
•
•
•
•
•
•
•
•

•
•
•
•

Hacking
Hijacking
Botnet
Zombie
Bot herder
Denial-of-service (DoS) attack
Spamming
Dictionary attack
Splog
Spoofing
E-mail spoofing

•
•
•
•
•
•
•
•
•
•
•
•


Address Resolution Protocol (ARP) spoofing
SMS spoofing
Web-page spoofing
DNS spoofing
Zero day attack
Patch
Cross-site scripting (XSS)
Buffer overflow attack
SQL injection (insertion) attack
Man-in-the-middle (MITM) attack
Masquerading/impersonation
Piggybacking

Caller ID spoofing
IP address spoofing
MAC address

Copyright © 2015 Pearson Education, Inc.

6-15


Key Terms (continued)
•
•
•
•
•
•
•

•
•
•
•
•
•
•

Password cracking
War dialing
War driving
War rocketing
Phreaking
Data diddling
Data leakage
Podslurping
Salami technique
Round-down fraud
Economic espionage
Cyber-extortion

•
•
•
•
•
•
•
•
•

•
•
•
•
•

Internet terrorism
Internet misinformation
E-mail threats
Internet auction fraud
Internet pump-and-dump fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
Pretexting
Posing
Phishing
vishing

Cyber-bullying
Sexting

Copyright © 2015 Pearson Education, Inc.

6-16


Key Terms (continued)

•
•
•
•
•
•
•
•
•
•
•
•
•
•

Carding
Pharming
Evil twin
Typosquatting/URL hijacking
QR barcode replacements
Tabnapping
Scavenging/dumpster diving
Shoulder surfing
Lebanese looping
Skimming
Chipping
Eavesdropping
Malware
Spyware


Copyright © 2015 Pearson Education, Inc.

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit

Superzapping
Virus
Worm
Bluesnarfing
Bluebugging

6-17