Computer Fraud and Abuse Techniques计算机欺诈与滥用技术.pptx

Computer Fraud and Abuse Techniques,Chapter 6,6-1,Learning Objectives,Compare and contrast computer attack and abuse tactics.Explain how social engineering techniques are used to gain physical or logical access to computer resources.Describe the different types of malware used to harm computers.,6-2,Types of Attacks,HackingUnauthorized access, modification, or use of an electronic device or some element of a computer systemSocial EngineeringTechniques or tricks on people to gain physical or logical access to confidential informationMalwareSoftware used to do harm,6-3,Hacking,HijackingGaining control of a computer to carry out illicit activitiesBotnet (robot network)ZombiesBot herdersDenial of Service (DoS) AttackSpammingSpoofingMakes the communication look as if someone else sent it so as to gain confidential information.,6-4,Forms of Spoofing,E-mail spoofingCaller ID spoofingIP address spoofingAddress Resolution (ARP) spoofingSMS spoofingWeb-page spoofing (phishing)DNS spoofing,6-5,Hacking with Computer Code,Cross-site scripting (XSS)Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.Buffer overflow attackLarge amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attackers program instructions.SQL injection (insertion) attackMalicious code inserted in place of a query to get to the database information,6-6,Other Types of Hacking,Man in the middle (MITM)Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data.PiggybackingPassword crackingWar dialing and drivingPhreakingData diddlingData leakagepodslurping,6-7,Hacking Used for Embezzlement,Salami technique: Taking small amounts at a timeRound-down fraudEconomic espionageTheft of information, intellectual property and trade secretsCyber-extortionThreats to a person or business online through e-mail or text messages unless money is paid,6-8,Hacking Used for Fraud,Internet misinformationE-mail threatsInternet auction Internet pump and dumpClick fraudWeb crammingSoftware piracy,6-9,Social Engineering Techniques,Identity theftAssuming someone elses identityPretextingUsing a scenario to trick victims to divulge information or to gain accessPosingCreating a fake business to get sensitive informationPhishingSending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive dataPharmingRedirects Web site to a spoofed Web site,URL hijackingTakes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web siteScavengingSearching trash for confidential informationShoulder surfingSnooping (either close behind the person) or using technology to snoop and get confidential information SkimmingDouble swiping credit cardEeavesdropping,6-10,Why People Fall Victim,CompassionDesire to help othersGreedWant a good deal or something for freeSex appealMore cooperative with those that are flirtatious or good lookingSlothLazy habits TrustWill cooperate if trust is gainedUrgencyCooperation occurs when there is a sense of immediate needVanityMore cooperation when appeal to vanity,6-11,Minimize the Threat of Social Engineering,Never let people follow you into restricted areasNever log in for someone else on a computerNever give sensitive information over the phone or through e-mailNever share passwords or user IDsBe cautious of someone you dont know who is trying to gain access through you,6-12,Types of Malware,SpywareSecretly monitors and collects informationCan hijack browser, search requestsAdware KeyloggerSoftware that records user keystrokesTrojan HorseMalicious computer instructions in an authorized and properly functioning program,Trap door Set of instructions that allow the user to bypass normal system controlsPacket snifferCaptures data as it travels over the InternetVirusA section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itselfWormStand alone self replicating program,6-13,Cellphone Bluetooth Vulnerabilities,BluesnarfingStealing contact lists, data, pictures on bluetooth compatible smartphonesBluebuggingTaking control of a phone to make or listen to calls, send or read text messages,6-14,Key Terms,HackingHijackingBotnetZombieBot herderDenial-of-service (DoS) attackSpammingDictionary attackSplogSpoofingE-mail spoofingCaller ID spoofingIP address spoofingMAC address,Address Resolution Protocol (ARP) spoofingSMS spoofingWeb-page spoofingDNS spoofingZero day attackPatchCross-site scripting (XSS)Buffer overflow attackSQL injection (insertion) attackMan-in-the-middle (MITM) attackMasquerading/impersonationPiggybacking,6-15,Key Terms (continued),Password crackingWar dialingWar drivingWar rocketingPhreakingData diddlingData leakagePodslurpingSalami techniqueRound-down fraudEconomic espionageCyber-extortionCyber-bullyingSexting,Internet terrorismInternet misinformationE-mail threatsInternet auction fraudInternet pump-and-dump fraudClick fraudWeb crammingSoftware piracySocial engineeringIdentity theftPretextingPosingPhishingvishing,6-16,Key Terms (continued),CardingPharmingEvil twinTyposquatting/URL hijackingQR barcode replacementsTabnappingScavenging/dumpster divingShoulder surfingLebanese loopingSkimmingChippingEavesdroppingMalwareSpyware,AdwareTorpedo softwareScarewareRansomwareKeyloggerTrojan horseTime bomb/logic bombTrap door/back doorPacket sniffersSteganography programRootkitSuperzappingVirusWormBluesnarfingBluebugging,6-17,