ADDITIONAL NOTES

Topic 2
Computer Fraud Techniques
 Computer
Computer Fraud
Fraud Techniques
Techniques

 What are some of the more common techniques to

commit computer fraud and abuse?
 Data diddling
 Data leakage
 Denial of service attack
 Eavesdropping
 E-mail forgery and threats
 Hacking
 Internet misinformation
 Internet terrorism
 Computer
Computer Fraud
Fraud Techniques
Techniques

 Logic time bomb

 Masquerading or impersonation
 Password cracking
 Piggybacking
 Software piracy
 Scavenging / Dumpster diving
 Social engineering
 Super zapping
 Trap door / Back door
 Trojan horse
 Virus
 Worm
 Data
Data Diddling
Diddling

 The act of intentionally entering false information into a system

or modifying existing data.
 Changing data before, during, or after it is entered into the
system.
 The change can be made to delete, alter, or add key system data.
 Example: Hacker modifies certain programs to send certain
information (ex: p/w) and names back to him when other people
use these programs.
 Data
Data Diddling
Diddling (Cont…)
(Cont…)

 Example: Employees are able to falsify time cards before the data
contained on the cards is entered into the computer for payroll
computation.
 Data
Data Leakage
Leakage

 Unauthorized copying of company data, often without

leaving any indication that it was copied.
 Copying company data, ex; computer files, without
permission.
 Example: employee made copies of company customers
and selling them to other companies.
 Denial
Denial of
of Service
ServiceAttack
Attack (DoS)
(DoS)
 An attack that bombards the receiving server with so much information that it
shuts down.
 Sending e-mail bombs (thousands per second) from randomly generated false
addresses.
 The ISP’s e-mail server is overloaded and shut down.
 A "denial-of-service" attack is characterized by an explicit attempt by
attackers to prevent legitimate users of a service from using that service.
Examples include:
• attempts to "flood" a network, thereby preventing legitimate network
traffic
• attempts to disrupt connections between two machines, thereby
preventing access to a service
• attempts to prevent a particular individual from accessing a service
• attempts to disrupt service to a specific system or person
 Denial
Denial of
of Service
ServiceAttack
Attack

Sender Receiver

Step 1: SYN messages

Step 2: SYN/ACK

Step 3: ACK packet code

In a DOS Attack, the sender sends hundreds of messages, receives the SYN/ACK
packet, but does not respond with an ACK packet. This leaves the receiver with
clogged transmission ports, and legitimate messages cannot be received.
 Eavesdropping
Eavesdropping

 is the intercepting and reading of messages and

conversations by unintended recipients.
 Listening to private voice or data transmissions.
 One who participates in eavesdropping, i.e. someone who
secretly listens in on the conversations of others, is called
an eavesdropper. The origin of the term is literal, from
people who would literally hide out in the of houses to
listen in on other people's private conversations.
 E-Mail
E-Mail Forgery/
Forgery/ Spoofing
Spoofing

 Sending an e-mail message that looks as if it were sent by

someone else.
 Forging an e-mail header to make it appear as if it came from
somewhere or someone other than the actual source.
 Examples:
• email claiming to be from a system administrator requesting
users to change their passwords to a specified string and
threatening to suspend their account if they do not do this
• email claiming to be from a person in authority requesting
users to send them a copy of a password file or other
sensitive information
Phishing/
Phishing/ Spam
Spam Mail
Mail
 Hacking
Hacking

 Accessing and using

computer systems
without permission,
usually by means of a
personal computer and
a telecommunication
network.
 Internet
Internet Misinformation
Misinformation

 Using the internet to spread false or misleading

information about people or companies.
 Can be done in many ways. Ex: messages on online chats,
setting up websites.
 Example: Post message to Internet newsgroups or online
bulletin boards – intent to harm the person’s or company’s
reputation.
 Internet
Internet Terrorism
Terrorism

 Hackers using the internet to disrupt electronic

commerce and to destroy company and
individual communications.
 Logic
Logic Time
Time Bomb
Bomb

 A piece of code intentionally inserted into a software system that will set
off a malicious function when specified conditions are met.
 Sabotaging a system using a program that lies idle until some specified
circumstance or a particular time triggers it. Once triggered, the bomb
destroys programs, data, or both.
 Example: A programmer may hide a piece of code that starts deleting
files, should he ever leave the company (and the salary database).
 Software that is inherently malicious, such as viruses and worms often
contain logic bombs that execute a certain payload at a pre-defined time
or when some other condition is met. This technique can be used by a
virus or worm to gain momentum and spread before being noticed. Many
viruses attack their host systems on specific dates, such as
Friday the 13th or April Fool's Day.
 Masquerading
Masquerading // Impersonation
Impersonation

 Accessing a system by pretending to be an authorized user.

 Occurs when one person uses the identity of another to gain access to a
computer. This may be done in person or remotely.
 The impersonator enjoys the same privileges as the legitimate user.
 Requires the perpetrator know the legitimate user’s identification numbers or
passwords.
 Password
Password Cracking
Cracking

 Password cracking is the process of recovering secret

passwords stored in a computer system.
 Using illicit means to steal a file containing passwords.
 Penetration of a network, system, or resource with or
without the use of tools to unlock a resource that has been
secured with a password.
 Doesn't always involve sophisticated tools. It can be as
simple as finding a sticky note with the password written
on it stuck right to the monitor or hidden under a keyboard.
 Piggybacking
Piggybacking

 A method of gaining unauthorized access computer

facilities by following an authorized employee through a
controlled door or restricted area--a building or a computer
room.
 Tapping into a telecommunications line and latching on to a
legitimate user before he/she logs into the system;
legitimate user unknowingly carried perpetrator into the
system.
 Gaining access to a restricted communications channel by
using the session another user already established.
Piggybacking can be defeated by logging off before leaving
a workstation or terminal or by initiating a protected mode,
such as via a screensaver, that requires re-authentication
before access can be resumed.
 Software
Software Piracy
Piracy

 Copying of computer
software without the
publisher’s permission.
 Software piracy is illegal.
 Each pirated piece of
software takes away from
company profits, reducing
funds for further software
development initiatives.
 Scavenging
Scavenging // Dumpster
Dumpster Diving
Diving

 Searching through object residue (file storage space) to acquire

unauthorized data.
 Searching through the trashcans on the computer center for
discarded output (the output should be shredded, but frequently
is not)
 Social
Social Engineering
Engineering

 Fraudulently gaining information to access a system by fooling an

employee.
 Tricking an employee into providing the information needed to get
into a system.
 An attack based on deceiving users or administrators at the target site.
Social engineering attacks are typically carried out by telephoning
users or operators and pretending to be an authorized user, to attempt
to gain illicit access to systems.
 Example: A man posing as a magazine writer was able to get valuable
information over the telephone from the telephone company simply by
asking for it--supposedly for his story. He then used that information
to steal more than a million dollars in telephone company equipment.
 Superzapping
Superzapping

 Using special system programs to bypass regular system controls and perform
illegal acts.
 Superzap lets system administrators or other highly trusted individuals override
system security to quickly repair or regenerate the system, especially in an
emergency.
 Example: the manager of computer operations in a bank was told by his boss to
correct a problem affecting account balances. The problem was originally caused
by unanticipated problems in the changeover of the bank's computer system.
While working on the project, the manager found that he could use the Superzap
program to make other account changes as well, without having to deal with the
usual controls, audits, or documentation. He moved funds from various accounts
into the accounts of several friends, netting about $128,000 in all. He was
detected only when a customer complained about a shortage in his account.
Because the Superzap program left no evidence of data file changes, the fraud
was highly unlikely to be discovered by any other means.
 Trap
Trap Door
Door // Back
Back Door
Door

 Entering the system using a back door that bypasses

normal system controls and perpetrates fraud.
 A trap door is a quick way into a program; it allows
program developers to bypass all of the security built into
the program now or in the future.
 To a programmer, trap doors make sense. If a programmer
needs to modify the program sometime in the future, he
can use the trap door instead of having to go through all of
the normal, customer-directed protocols just to make the
change.
 Trojan
Trojan Horse
Horse

 Placing unauthorized computer instructions in an

authorized and properly functioning program.
 Hidden instructions embedded in software or email that,
once opened, may modify damage or send important data.
 Unlike viruses and worms, the code does not replicate
itself.
 Virus
Virus

 A destructive program that has the ability to

reproduce itself and infect other programs
or disks.
 Typically a virus will not show itself
immediately, but will add itself to programs
and disks to spread itself widely on many
computers before it is triggered into its
destructive phase.
 Requires a human to do something (run a
program, open a file, etc) to replicate itself.
 Worm
Worm

 A self-replicating program that reproduces itself over a

network.
 Similar to virus, except that:
(i) it is a program rather a code segment hidden in a host
program or executable file, a worm is a stand-alone program.
(ii) virus requires a human to do something (run a program,
open a file, etc) to replicate itself; worm replicates itself
automatically.
 Also copies and actively transmits itself directly to other
systems.
 Often resides in e-mail attachments, which, when opened or
activated, can damage user’s system.