Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 6: Computer Fraud and Abuse Techniques, Allow attacker to…
Chapter 6: Computer Fraud and
Abuse Techniques
Computer Attacks and Abuse
Hacking
The unauthorized access, modification, or use of an electronic device or some element of a computer system
Hijacking
gaining control of a computer to carry out illicit activities without the user’s knowledge
botnet
A network of powerfuland dangerous hijacked computers that are used to attack systems or spread malware.
zombie
A hijacked computer, typically part of a botnet, that is used to launch a variety of Internet attacks.
bot herder
The person who creates a botnet by installing software on PCs that responds to the bot herder’s electronic instructions
denial-of-service (DoS) attack
which is designed to make
a resource unavailable to its users
Spamming
Simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something.
dictionary attacks
Spammers use special software to guess e-mail addresses at a company and send blank e-mail messages
splogs
Spam blogs created toincrease a website’s GooglePageRank, which is how often a web page is referenced by other web pages.
Spoofing
Altering some part of an electronic communicationto make it look as if someone else sent the communication in order to gain the trust of the recipient.
e-mail spoofing
making an e-mail appear as though it originated from a different source
caller ID spoofing
isplaying an incorrect number (any number the attacker chooses)
on a caller ID display to hide the caller’s identity
IP address spoofing
creating Internet Protocol (IP) packets with a forged source IP
address to conceal the identity of the sender or to impersonate another computer system
Address Resolution Protocol (ARP) spoofing
ending fake ARP messages to an
Ethernet LAN
MAC address
Media Access Control address, a hardware address that uniquely identifies each node on a network) with the IP address of another node
SMS spoofing
using the short message service (SMS) to change the name or number a
text message appears to come from
Web-page spoofing
called phishing, is discussed later in the chapter
DNS spoofing
sniffing the ID of a Domain Name System (DNS, the “phone book” of
the Internet that converts a domain, or website name, to an IP address) request and replying before the real DNS server can.
zero-day attack
an attack between the time a new software
vulnerabilityis discovered and the time a software developer releases a patch that fixes the problem
patch
Code released by software developers that fixes a
particular software vulnerability
Cross-site scripting (XSS)
vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from the desired website.
Password cracking
When an intruder penetrates a system’s defenses,steals the file containing valid passwords, decrypts them, and uses them to gain access to programs, files, and data.
War dialing
programming a computer to dial thousands of phone lines searching for dial-up modem lines
war driving
driving around looking for unprotected wireless networks
war rocketing
Phreaking
attacking phone systems
Data diddling
changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data
Data leakage
the unauthorized copying of company data
Podslurping
using a small device with storage capacity, such as an iPod or Flash drive,
to download unauthorized data
salami technique
used to embezzle money a “salami slice” at a time from many different accounts
round-down fraud
all interest calculations are truncated at two decimal places and the excess decimals put into an account the perpetrator controls
Economic espionage
the theft of information, trade secrets, and intellectual property
Cyber-extortion
threatening to harm a company or a person if a specified amount of money is not paid
Cyber-bullying
using the Internet, cell phones, or other communication technologies
to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person
Sexting
exchanging sexually explicit text messages and revealing pictures, usually by means of a phone
Internet terrorism
using the Internet to disrupt electronic commerce and communications and to harm computers
Internet misinformation
using the Internet to spread false or misleading information
Computer Attacks and Abuse
Identity theft
assuming someone’s identity, usually for economic gain, by illegally obtaining and using confidential information
Pretexting
using an invented scenario (the pretext) to increase the likelihood that a
victim will divulge information or do something
Posing
Creating a seemingly legitimate business,collecting
personal information while making a sale, and never deliveringthe product.
Phishing
sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of some negative consequence if it is not provided
Voice phishing
like phishing except that the victim enters confidential data by phone
Carding
activities performed on stolen credit cards, including making a smallonline purchase to determine whether the card is still valid andbuying and selling stolen credit card numbers
Pharming
redirecting website traffic to a spoofed website
Scavenging
searching documents and records to gain access to
confidential information
shoulder surfing
perpetrators look over a person’s shoulders
in a public place to get information such as ATM PIN numbers or user IDs and passwords
Lebanese looping
perpetrator inserts a sleeve into an ATM that prevents the ATM from ejecting the card
Skimming
double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use
Chipping
planting a small chip that records transaction data in a legitimate credit card reader
MALWARE
Spyware
Software that secretly
monitors computer usage,collects personal information about users, and sends it tosomeone else, often without the computer user’s permission.
Adware
spyware that can pop banner ads on a monitor, collect information about theuser’s web-surfing and spending habits, and forward it to the adware creator
Scareware
software that is often malicious, is of little or no benefit, and is sold using scare tactics
Keylogger
records computer activity, such as a user’s keystrokes, e-mails sent and received, websites visited, and chat session participation.
Trojan horse
a set of malicious computer instructions in an authorized and otherwise properly functioning program
trap door
set of computer instructions that allows a user to bypass the system’s normal controls
Packet sniffers
capture data from information packets as they travel over networks
rootkit
conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs
Superzapping
the unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail
computer virus
a segment of self-replicating, executable code that attaches itself to a file or program
Bluebugging
taking control of someone else’s phone to make or listen to calls, sendor read text messages, connect to the Internet, forward the victim’s calls, and call numbers that charge fees.
Allow attacker to associate