Computer Fraud and Abuse Techniques计算机欺诈与滥用技术.doc
《Computer Fraud and Abuse Techniques计算机欺诈与滥用技术.doc》由会员分享,可在线阅读,更多相关《Computer Fraud and Abuse Techniques计算机欺诈与滥用技术.doc(5页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、COMPUTER FRAUD AND ABUSE TECHNIQUESA Trojan horse is a set of unauthorised computer instructions in an authorised and otherwise properly functioning program. It performs some illegal act at a pre-appointed time or under a predetermined set of conditions. Trojan horses are often placed in software th
2、at is billed as helpful add-one to popular software programs. For example, several thousand America Online subscribers were sent messages containing an offer of free software. Users who opened the attachments unknowingly unleashed a Trojan horse that secretly copied the subscribers account name and
3、password and forwarded it to the sender. Another type of Trojan horse monitors a users keystrokes, captures credit card numbers, and sends them by e-mail to the softwares creator.In another case, visitors to adult sites were told to download a special program to see the pictures. This program had em
4、bedded code that turned off the volume on their modem, disconnected them from their Internet service provider, and connected them to a service in the former USSR. The program kept them connected to this site, at $2 a minute, until they turned off their computer. Over 800,000 minutes were billed, wit
5、h some phone bills as high as $3,000, before the scam was detected.The round-down technique is used most frequently in financial institutions that pay interest. In the typical scenario, the programmer instructs the computer to round down all interest calculations to two decimal places. The fraction
6、of a cent that is rounded down on each calculation is put into the programmers account or one that he or she controls. No one is the wiser, since all the books balance. Over time these fractions of a cent can add up to a significant amount, especially when the interest is calculated daily.With the s
7、alami technique, tiny slices of money are stolen over a period of time. For example, a disgruntled chief accountant for a produce-growing company in California used the salami technique to get even with his employer. He used the companys computer system to falsify and systematically increase all the
8、 companys production costs by a fraction of a percent. These tiny increments were put into the accounts of dummy customers and then pocketed by the accountant. Every few months the fraudulent costs were raised another fraction of a percent: Because all expenses were rising together, no single accoun
9、t or expense would call attention to the fraud. The accountant eventually was caught when an alert bank teller brought to her managers attention a check the perpetrator was trying to cash because she did not recognise the name of the company it was made out to.A trap door, or back door, is a way int
10、o a system that bypasses normal system controls. Programmers use trap doors to modify programs during systems development and normally remove them before the system is put into operation. When a trap door is not removed before the program is implemented, anyone who discovers it can enter the program
11、 and commit a fraud. Programmers can also insert trap doors before they are terminated, allowing them access to the system after they leave.Superzapping is the unauthorised use of special system programs to bypass regular system controls and perform illegal acts. The name of this technique is derive
12、d from a software utility, called Superzap, developed by IBM to handle emergencies, such as restoring a system that has crashed.2Software piracy is copying software without the publishers permission. It is estimated that for every legal copy of software sold, between seven and eight illegal ones are
13、 made. Within days of being released, most new software is on a bulletin board and available free to those who want to download it illegally. An estimated 26% of software used in the United States is pirated; in some countries, this figure is over 90%. The software industry estimates the economic lo
14、sses of piracy at between $15 and $18 billion a year.Piracy is such a serious problem that the Software Publishers Association (which represents more than 500 software publishers) files lawsuits against companies and individuals. One lawsuit claimed the University of Oregons Continuing Education Cen
15、ter violated copyright law by making illegal and unauthorised copies of programs and training manuals. The university settled the case by agreeing to (1) pay a $130,000 fine; (2) launch a campaign to educate its faculty, staff, and students on the lawful use of software; and (3) host a national conf
16、erence on copyright law and software use. In another case, the Business Software Alliance found 1,400 copies of unlicensed software at an adult vocational school in the Los Angeles Unified School District. The district may have to pay up to $5 million to settle the case against it.Individuals convic
17、ted of software piracy are subject to fines of up to $250,000 and jail terms of up to 5 years. However, the SPA often negotiates more creative punishments. For example, a Puget Sound student caught distributing copyrighted software over the Internet was required to write a 20page paper on the evils
18、of software piracy and copyright infringement. He will also have to perform 50 hours of community service wiring schools for Internet usage. Failure to comply with either item will subject him to a $10,000 fine and result in a lawsuit for copyright infringement.Data diddling is changing data before,
19、 during, or after it is entered into the system. The change can be made to delete, alter, or add key system data. For example, a clerk for a Denver brokerage altered a transaction to record 1,700 shares of Loren Industries stock worth about $2,500 as shares in Long Island Lighting worth more than $2
20、5,000.Data leakage refers to the unauthorised copying of company data. The Encyclopaedia Britannica claimed losses in the millions of dollars when an employee made copies of its customer list and began selling them to other companies. Ten Social Security Administration employees sold 11,000 Social S
21、ecurity numbers (and other identifying information such as mothers maiden names) to credit card fraudsters.Piggybacking is tapping into a telecommunications line and latching on to a legitimate user before the user logs into a system. The legitimate user unknowingly carries the perpetrator into the
22、system.In masquerading or impersonation, the perpetrator gains access to the system by pretending to be an authorised user. This approach requires a perpetrator to know the legitimate users ID number and password. Once inside the system, the perpetrator enjoys the same privileges as the legitimate u
23、ser being impersonated.3In social engineering, a perpetrator tricks an employee into giving him the information they need to get into the system. They might call saying they are conducting a security survey and lull the person into disclosing confidential information. They call help desks and claim
24、to be an employee who has forgotten her password or call users and say they are from network engineering and are testing the system and need your password. They also pose as buyers or salespeople to get plant tours and obtain information that may help them break into the system.A logic time bomb is
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ComputerFraudandAbuseTechniques 计算机 欺诈 滥用 技术
限制150内