Computer Fraud and Abuse Techniques - PowerPoint Presentation

Slide1

Computer Fraud and Abuse Techniques

Chapter 6

6-1Slide2

Learning Objectives

Compare and contrast computer attack and abuse tactics.

Explain how social engineering techniques are used to gain physical or logical access to computer resources.

Describe

the different types of malware used to harm computers.

6-2Slide3

Types of Attacks Hacking

Unauthorized access, modification, or use of an electronic device or some element of a computer systemSocial EngineeringTechniques or tricks on people to gain physical or logical access to confidential information

MalwareSoftware used to do harm

6-

3Slide4

Hacking

Hijacking

Gaining control of a computer to carry out illicit activitiesBotnet (robot network)Zombies

Bot herders

Denial of Service (

DoS) Attack

Spamming

Spoofing

Makes the communication look as if someone else sent it so as to gain confidential information.

6-

4Slide5

Forms of SpoofingE-mail spoofing

Caller ID spoofingIP address spoofingAddress Resolution (ARP) spoofingSMS spoofingWeb-page spoofing (phishing)

DNS spoofing

6-

5Slide6

Hacking with Computer Code

Cross-site scripting (XSS)

Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.Buffer overflow attack

Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions.

SQL injection (insertion) attack

Malicious code inserted in place of a query to get to the database information

6-

6Slide7

Other Types of HackingMan in the middle (MITM)

Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data.PiggybackingPassword crackingWar dialing and driving

PhreakingData diddlingData leakagepodslurping

6-

7Slide8

Hacking Used for EmbezzlementSalami technique:

Taking small amounts at a timeRound-down fraudEconomic espionageTheft of information, intellectual property and trade secrets

Cyber-extortionThreats to a person or business online through e-mail or text messages unless money is paid

6-

8Slide9

Hacking Used for FraudInternet misinformation

E-mail threatsInternet auction Internet pump and dumpClick fraudWeb cramming

Software piracy

6-

9Slide10

Social Engineering Techniques

Identity theft

Assuming someone else’s identityPretextingUsing a scenario to trick victims to divulge information or to gain access

Posing

Creating a fake business to get sensitive information

Phishing

Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data

Pharming

Redirects

Web site to

a spoofed

Web site

URL hijacking

Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site

Scavenging

Searching trash for confidential information

Shoulder

surfing

Snooping (either close behind the person) or using technology to snoop and get confidential information

Skimming

Double swiping credit card

Eeavesdropping

6-

10Slide11

Why People Fall Victim

Compassion

Desire to help othersGreedWant a good deal or something for free

Sex appeal

More cooperative with those that are flirtatious or good looking

Sloth

Lazy habits

Trust

Will cooperate if trust is gained

Urgency

Cooperation occurs when there is a sense of immediate need

Vanity

More cooperation when appeal to vanity

6-

11Slide12

Minimize the Threat of Social Engineering

Never let people follow you into restricted areasNever log in for someone else on a computerNever give sensitive information over the phone or through e-mail

Never share passwords or user IDsBe cautious of someone you don’t know who is trying to gain access through you

6-

12Slide13

Types of MalwareSpyware

Secretly monitors and collects informationCan hijack browser, search requestsAdware Keylogger

Software that records user keystrokesTrojan HorseMalicious computer instructions in an authorized and properly functioning program

Trap door

Set of instructions that allow the user to bypass normal system controls

Packet snifferCaptures data as it travels over the InternetVirusA section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself

Worm

Stand alone self replicating program

6-

13Slide14

Cellphone Bluetooth Vulnerabilities

BluesnarfingStealing contact lists, data, pictures on bluetooth compatible smartphonesBluebuggingTaking control of a phone to make or listen to calls, send or read text messages

6-

14Slide15

Key TermsHacking

HijackingBotnetZombieBot herderDenial-of-service (DoS) attack

SpammingDictionary attackSplogSpoofingE-mail spoofingCaller ID spoofingIP address spoofingMAC address

Address Resolution Protocol (ARP) spoofing

SMS spoofing

Web-page spoofingDNS spoofingZero day attackPatch

Cross-site scripting (XSS)

Buffer overflow attack

SQL injection (insertion) attack

Man-in-the-middle (MITM) attack

Masquerading/impersonation

Piggybacking

6-

15Slide16

Key Terms (continued)

Password crackingWar dialingWar drivingWar rocketingPhreaking

Data diddlingData leakagePodslurpingSalami techniqueRound-down fraudEconomic espionageCyber-extortionCyber-bullyingSexting

Internet terrorism

Internet misinformation

E-mail threatsInternet auction fraudInternet pump-and-dump fraud

Click fraud

Web cramming

Software piracy

Social engineering

Identity theft

PretextingPosingPhishingvishing

6-

16Slide17

Key Terms (continued)

Carding

PharmingEvil twinTyposquatting

/URL hijacking

QR barcode replacements

Tabnapping

Scavenging/dumpster diving

Shoulder surfing

Lebanese looping

Skimming

Chipping

Eavesdropping

Malware

Spyware

Adware

Torpedo software

Scareware

Ransomware

Keylogger

Trojan horse

Time bomb/logic bomb

Trap door/back door

Packet sniffers

Steganography program

Rootkit

Superzapping

Virus

Worm

Bluesnarfing

Bluebugging

6-

17