Chapter 6 61 Learning Objectives Compare and contrast computer attack and abuse tactics Explain how social engineering techniques are used to gain physical or logical access to computer resources ID: 273809
Download Presentation The PPT/PDF document "Computer Fraud and Abuse Techniques" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Computer Fraud and Abuse Techniques
Chapter 6
6-1Slide2
Learning Objectives
Compare and contrast computer attack and abuse tactics.
Explain how social engineering techniques are used to gain physical or logical access to computer resources.
Describe
the different types of malware used to harm computers.
6-2Slide3
Types of Attacks Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer systemSocial EngineeringTechniques or tricks on people to gain physical or logical access to confidential information
MalwareSoftware used to do harm
6-
3Slide4
Hacking
Hijacking
Gaining control of a computer to carry out illicit activitiesBotnet (robot network)Zombies
Bot herders
Denial of Service (
DoS) Attack
Spamming
Spoofing
Makes the communication look as if someone else sent it so as to gain confidential information.
6-
4Slide5
Forms of SpoofingE-mail spoofing
Caller ID spoofingIP address spoofingAddress Resolution (ARP) spoofingSMS spoofingWeb-page spoofing (phishing)
DNS spoofing
6-
5Slide6
Hacking with Computer Code
Cross-site scripting (XSS)
Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.Buffer overflow attack
Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions.
SQL injection (insertion) attack
Malicious code inserted in place of a query to get to the database information
6-
6Slide7
Other Types of HackingMan in the middle (MITM)
Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data.PiggybackingPassword crackingWar dialing and driving
PhreakingData diddlingData leakagepodslurping
6-
7Slide8
Hacking Used for EmbezzlementSalami technique:
Taking small amounts at a timeRound-down fraudEconomic espionageTheft of information, intellectual property and trade secrets
Cyber-extortionThreats to a person or business online through e-mail or text messages unless money is paid
6-
8Slide9
Hacking Used for FraudInternet misinformation
E-mail threatsInternet auction Internet pump and dumpClick fraudWeb cramming
Software piracy
6-
9Slide10
Social Engineering Techniques
Identity theft
Assuming someone else’s identityPretextingUsing a scenario to trick victims to divulge information or to gain access
Posing
Creating a fake business to get sensitive information
Phishing
Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data
Pharming
Redirects
Web site to
a spoofed
Web site
URL hijacking
Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site
Scavenging
Searching trash for confidential information
Shoulder
surfing
Snooping (either close behind the person) or using technology to snoop and get confidential information
Skimming
Double swiping credit card
Eeavesdropping
6-
10Slide11
Why People Fall Victim
Compassion
Desire to help othersGreedWant a good deal or something for free
Sex appeal
More cooperative with those that are flirtatious or good looking
Sloth
Lazy habits
Trust
Will cooperate if trust is gained
Urgency
Cooperation occurs when there is a sense of immediate need
Vanity
More cooperation when appeal to vanity
6-
11Slide12
Minimize the Threat of Social Engineering
Never let people follow you into restricted areasNever log in for someone else on a computerNever give sensitive information over the phone or through e-mail
Never share passwords or user IDsBe cautious of someone you don’t know who is trying to gain access through you
6-
12Slide13
Types of MalwareSpyware
Secretly monitors and collects informationCan hijack browser, search requestsAdware Keylogger
Software that records user keystrokesTrojan HorseMalicious computer instructions in an authorized and properly functioning program
Trap door
Set of instructions that allow the user to bypass normal system controls
Packet snifferCaptures data as it travels over the InternetVirusA section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself
Worm
Stand alone self replicating program
6-
13Slide14
Cellphone Bluetooth Vulnerabilities
BluesnarfingStealing contact lists, data, pictures on bluetooth compatible smartphonesBluebuggingTaking control of a phone to make or listen to calls, send or read text messages
6-
14Slide15
Key TermsHacking
HijackingBotnetZombieBot herderDenial-of-service (DoS) attack
SpammingDictionary attackSplogSpoofingE-mail spoofingCaller ID spoofingIP address spoofingMAC address
Address Resolution Protocol (ARP) spoofing
SMS spoofing
Web-page spoofingDNS spoofingZero day attackPatch
Cross-site scripting (XSS)
Buffer overflow attack
SQL injection (insertion) attack
Man-in-the-middle (MITM) attack
Masquerading/impersonation
Piggybacking
6-
15Slide16
Key Terms (continued)
Password crackingWar dialingWar drivingWar rocketingPhreaking
Data diddlingData leakagePodslurpingSalami techniqueRound-down fraudEconomic espionageCyber-extortionCyber-bullyingSexting
Internet terrorism
Internet misinformation
E-mail threatsInternet auction fraudInternet pump-and-dump fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
PretextingPosingPhishingvishing
6-
16Slide17
Key Terms (continued)
Carding
PharmingEvil twinTyposquatting
/URL hijacking
QR barcode replacements
Tabnapping
Scavenging/dumpster diving
Shoulder surfing
Lebanese looping
Skimming
Chipping
Eavesdropping
Malware
Spyware
Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit
Superzapping
Virus
Worm
Bluesnarfing
Bluebugging
6-
17