here - Pearson
Download
Report
Transcript here - Pearson
Computer Fraud and Abuse
Techniques
Chapter 6
Copyright © 2015 Pearson Education, Inc.
6-1
Learning Objectives
• Compare and contrast computer attack and
abuse tactics.
• Explain how social engineering techniques are
used to gain physical or logical access to
computer resources.
• Describe the different types of malware used to
harm computers.
Copyright © 2015 Pearson Education, Inc.
6-2
Types of Attacks
• Hacking
▫ Unauthorized access, modification, or use of an
electronic device or some element of a computer
system
• Social Engineering
▫ Techniques or tricks on people to gain physical or
logical access to confidential information
• Malware
▫ Software used to do harm
Copyright © 2015 Pearson Education, Inc.
6-3
Hacking
▫ Hijacking
Gaining control of a computer to carry out illicit
activities
▫ Botnet (robot network)
Zombies
Bot herders
Denial of Service (DoS) Attack
Spamming
Spoofing
Makes the communication look as if someone else sent
it so as to gain confidential information.
Copyright © 2015 Pearson Education, Inc.
6-4
Forms of Spoofing
•
•
•
•
•
•
•
E-mail spoofing
Caller ID spoofing
IP address spoofing
Address Resolution (ARP) spoofing
SMS spoofing
Web-page spoofing (phishing)
DNS spoofing
Copyright © 2015 Pearson Education, Inc.
6-5
Hacking with Computer Code
• Cross-site scripting (XSS)
▫ Uses vulnerability of Web application that allows
the Web site to get injected with malicious code.
When a user visits the Web site, that malicious
code is able to collect data from the user.
• Buffer overflow attack
▫ Large amount of data sent to overflow the input
memory (buffer) of a program causing it to crash
and replaced with attacker’s program instructions.
• SQL injection (insertion) attack
▫ Malicious code inserted in place of a query to get
to the database information
Copyright © 2015 Pearson Education, Inc.
6-6
Other Types of Hacking
• Man in the middle (MITM)
▫ Hacker is placed in between a client (user) and a
host (server) to read, modify, or steal data.
•
•
•
•
•
•
•
Piggybacking
Password cracking
War dialing and driving
Phreaking
Data diddling
Data leakage
podslurping
Copyright © 2015 Pearson Education, Inc.
6-7
Hacking Used for Embezzlement
• Salami technique:
▫ Taking small amounts at a time
Round-down fraud
• Economic espionage
▫ Theft of information, intellectual property and
trade secrets
• Cyber-extortion
▫ Threats to a person or business online through
e-mail or text messages unless money is paid
Copyright © 2015 Pearson Education, Inc.
6-8
Hacking Used for Fraud
•
•
•
•
•
•
•
Internet misinformation
E-mail threats
Internet auction
Internet pump and dump
Click fraud
Web cramming
Software piracy
Copyright © 2015 Pearson Education, Inc.
6-9
Social Engineering Techniques
• Identity theft
▫ Assuming someone else’s
identity
• Pretexting
▫ Using a scenario to trick
victims to divulge information
or to gain access
• Posing
▫ Creating a fake business to get
sensitive information
• Phishing
▫ Sending an e-mail asking the
victim to respond to a link that
appears legitimate that
requests sensitive data
• Pharming
▫ Redirects Web site to a spoofed
Web site
Copyright © 2015 Pearson Education, Inc.
• URL hijacking
▫ Takes advantage of
typographical errors entered in
for Web sites and user gets
invalid or wrong Web site
• Scavenging
▫ Searching trash for confidential
information
• Shoulder surfing
▫ Snooping (either close behind
the person) or using technology
to snoop and get confidential
information
• Skimming
Double swiping credit card
• Eeavesdropping
6-10
Why People Fall Victim
• Compassion
▫ Desire to help others
• Greed
▫ Want a good deal or something for free
• Sex appeal
▫ More cooperative with those that are flirtatious or good looking
• Sloth
▫ Lazy habits
• Trust
▫ Will cooperate if trust is gained
• Urgency
▫ Cooperation occurs when there is a sense of immediate need
• Vanity
▫ More cooperation when appeal to vanity
Copyright © 2015 Pearson Education, Inc.
6-11
Minimize the Threat of Social
Engineering
• Never let people follow you into restricted areas
• Never log in for someone else on a computer
• Never give sensitive information over the phone
or through e-mail
• Never share passwords or user IDs
• Be cautious of someone you don’t know who is
trying to gain access through you
Copyright © 2015 Pearson Education, Inc.
6-12
Types of Malware
• Spyware
▫ Secretly monitors and collects
information
▫ Can hijack browser, search
requests
▫ Adware
• Keylogger
▫ Software that records user
keystrokes
• Trojan Horse
▫ Malicious computer
instructions in an authorized
and properly functioning
program
Copyright © 2015 Pearson Education, Inc.
• Trap door
▫ Set of instructions that allow
the user to bypass normal
system controls
• Packet sniffer
▫ Captures data as it travels
over the Internet
• Virus
▫ A section of self-replicating
code that attaches to a
program or file requiring a
human to do something so it
can replicate itself
• Worm
▫ Stand alone self replicating
program
6-13
Cellphone Bluetooth Vulnerabilities
• Bluesnarfing
▫ Stealing contact lists, data, pictures on bluetooth
compatible smartphones
• Bluebugging
▫ Taking control of a phone to make or listen to
calls, send or read text messages
Copyright © 2015 Pearson Education, Inc.
6-14
Key Terms
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Hacking
Hijacking
Botnet
Zombie
Bot herder
Denial-of-service (DoS) attack
Spamming
Dictionary attack
Splog
Spoofing
E-mail spoofing
Caller ID spoofing
IP address spoofing
MAC address
Copyright © 2015 Pearson Education, Inc.
• Address Resolution Protocol
(ARP) spoofing
• SMS spoofing
• Web-page spoofing
• DNS spoofing
• Zero day attack
• Patch
• Cross-site scripting (XSS)
• Buffer overflow attack
• SQL injection (insertion)
attack
• Man-in-the-middle (MITM)
attack
• Masquerading/impersonation
• Piggybacking
6-15
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Password cracking
War dialing
War driving
War rocketing
Phreaking
Data diddling
Data leakage
Podslurping
Salami technique
Round-down fraud
Economic espionage
Cyber-extortion
Cyber-bullying
Sexting
Copyright © 2015 Pearson Education, Inc.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Internet terrorism
Internet misinformation
E-mail threats
Internet auction fraud
Internet pump-and-dump
fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
Pretexting
Posing
Phishing
vishing
6-16
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Carding
Pharming
Evil twin
Typosquatting/URL hijacking
QR barcode replacements
Tabnapping
Scavenging/dumpster diving
Shoulder surfing
Lebanese looping
Skimming
Chipping
Eavesdropping
Malware
Spyware
Copyright © 2015 Pearson Education, Inc.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit
Superzapping
Virus
Worm
Bluesnarfing
Bluebugging
6-17