Академический Документы
Профессиональный Документы
Культура Документы
Topic 2
Computer Fraud Techniques
Computer
Computer Fraud
Fraud Techniques
Techniques
Example: Employees are able to falsify time cards before the data
contained on the cards is entered into the computer for payroll
computation.
Data
Data Leakage
Leakage
Sender Receiver
In a DOS Attack, the sender sends hundreds of messages, receives the SYN/ACK
packet, but does not respond with an ACK packet. This leaves the receiver with
clogged transmission ports, and legitimate messages cannot be received.
Eavesdropping
Eavesdropping
A piece of code intentionally inserted into a software system that will set
off a malicious function when specified conditions are met.
Sabotaging a system using a program that lies idle until some specified
circumstance or a particular time triggers it. Once triggered, the bomb
destroys programs, data, or both.
Example: A programmer may hide a piece of code that starts deleting
files, should he ever leave the company (and the salary database).
Software that is inherently malicious, such as viruses and worms often
contain logic bombs that execute a certain payload at a pre-defined time
or when some other condition is met. This technique can be used by a
virus or worm to gain momentum and spread before being noticed. Many
viruses attack their host systems on specific dates, such as
Friday the 13th or April Fool's Day.
Masquerading
Masquerading // Impersonation
Impersonation
Copying of computer
software without the
publisher’s permission.
Software piracy is illegal.
Each pirated piece of
software takes away from
company profits, reducing
funds for further software
development initiatives.
Scavenging
Scavenging // Dumpster
Dumpster Diving
Diving
Using special system programs to bypass regular system controls and perform
illegal acts.
Superzap lets system administrators or other highly trusted individuals override
system security to quickly repair or regenerate the system, especially in an
emergency.
Example: the manager of computer operations in a bank was told by his boss to
correct a problem affecting account balances. The problem was originally caused
by unanticipated problems in the changeover of the bank's computer system.
While working on the project, the manager found that he could use the Superzap
program to make other account changes as well, without having to deal with the
usual controls, audits, or documentation. He moved funds from various accounts
into the accounts of several friends, netting about $128,000 in all. He was
detected only when a customer complained about a shortage in his account.
Because the Superzap program left no evidence of data file changes, the fraud
was highly unlikely to be discovered by any other means.
Trap
Trap Door
Door // Back
Back Door
Door