Computer Fraud and Abuse Techniques Chapter Copyright © 2015 Pearson Education, Inc 6-1 Learning Objectives • Compare and contrast computer attack and abuse tactics • Explain how social engineering techniques are used to gain physical or logical access to computer resources • Describe the different types of malware used to harm computers Copyright © 2015 Pearson Education, Inc 6-2 Types of Attacks • Hacking ▫ Unauthorized access, modification, or use of an electronic device or some element of a computer system • Social Engineering ▫ Techniques or tricks on people to gain physical or logical access to confidential information • Malware ▫ Software used to harm Copyright © 2015 Pearson Education, Inc 6-3 Hacking ▫ Hijacking ▫ Botnet (robot network)       Gaining control of a computer to carry out illicit activities Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing  Makes the communication look as if someone else sent it so as to gain confidential information Copyright © 2015 Pearson Education, Inc 6-4 Forms of Spoofing • • • • • • • E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing Copyright © 2015 Pearson Education, Inc 6-5 Hacking with Computer Code • Cross-site scripting (XSS) • Buffer overflow attack • SQL injection (insertion) attack ▫ ▫ ▫ Uses vulnerability of Web application that allows the Web site to get injected with malicious code When a user visits the Web site, that malicious code is able to collect data from the user Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions Malicious code inserted in place of a query to get to the database information Copyright © 2015 Pearson Education, Inc 6-6 Other Types of Hacking • Man in the middle (MITM) ▫ Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data • • • • • • • Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage podslurping Copyright © 2015 Pearson Education, Inc 6-7 Hacking Used for Embezzlement • Salami technique: ▫ Taking small amounts at a time  • Economic espionage ▫ • Round-down fraud Theft of information, intellectual property and trade secrets Cyber-extortion ▫ Threats to a person or business online through e-mail or text messages unless money is paid Copyright © 2015 Pearson Education, Inc 6-8 Hacking Used for Fraud • • • • • • • Internet misinformation E-mail threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy Copyright © 2015 Pearson Education, Inc 6-9 Social Engineering Techniques • Identity theft • Pretexting • • • ▫ ▫ Using a scenario to trick victims to divulge information or to gain access Creating a fake business to get sensitive information Phishing ▫ URL hijacking • Scavenging • Shoulder surfing • • Skimming Assuming someone else’s identity Posing ▫ • Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data ▫ Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site ▫ Searching trash for confidential information ▫ Snooping (either close behind the person) or using technology to snoop and get confidential information  Double swiping credit card Eeavesdropping Pharming ▫ Redirects Web site to a spoofed Web site Copyright © 2015 Pearson Education, Inc 6-10 Why People Fall Victim • Compassion • Greed • Sex appeal • Sloth • Trust • Urgency • Vanity ▫ Desire to help others ▫ Want a good deal or something for free ▫ More cooperative with those that are flirtatious or good looking ▫ Lazy habits ▫ Will cooperate if trust is gained ▫ Cooperation occurs when there is a sense of immediate need ▫ More cooperation when appeal to vanity Copyright © 2015 Pearson Education, Inc 6-11 Minimize the Threat of Social Engineering • • • • • Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you Copyright © 2015 Pearson Education, Inc 6-12 Types of Malware • Spyware ▫ ▫ ▫ • • Can hijack browser, search requests Adware Trap door ▫ Secretly monitors and collects information Keylogger ▫ • normal system controls • Packet sniffer ▫ • Software that records user keystrokes ▫ so it can replicate itself • Worm ▫ Copyright © 2015 Pearson Education, Inc A section of self-replicating code that attaches to a program or file requiring a human to something Malicious computer instructions in an authorized and properly functioning program Captures data as it travels over the Internet Virus Trojan Horse ▫ Set of instructions that allow the user to bypass Stand alone self replicating program 6-13 Cellphone Bluetooth Vulnerabilities • Bluesnarfing ▫ • Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging ▫ Taking control of a phone to make or listen to calls, send or read text messages Copyright © 2015 Pearson Education, Inc 6-14 Key Terms • • • • • • • • • • • • • • Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing E-mail spoofing • • • • • • • • • • • • Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking Caller ID spoofing IP address spoofing MAC address Copyright © 2015 Pearson Education, Inc 6-15 Key Terms (continued) • • • • • • • • • • • • • • Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion • • • • • • • • • • • • • • Internet terrorism Internet misinformation E-mail threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing Cyber-bullying Sexting Copyright © 2015 Pearson Education, Inc 6-16 Key Terms (continued) • • • • • • • • • • • • • • Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware Copyright © 2015 Pearson Education, Inc • • • • • • • • • • • • • • • • Adware Torpedo software Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging 6-17 ... instructions in an authorized and properly functioning program Captures data as it travels over the Internet Virus Trojan Horse ▫ Set of instructions that allow the user to bypass Stand alone self... Types of Malware • Spyware ▫ ▫ ▫ • • Can hijack browser, search requests Adware Trap door ▫ Secretly monitors and collects information Keylogger ▫ • normal system controls • Packet sniffer ▫ •... Hacking • Man in the middle (MITM) ▫ Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data • • • • • • • Piggybacking Password cracking War dialing and driving