Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
6.8 Match the fraud and abuse technique in the left column with the scenario in the
right column. Terms on the left may be used once, more than once, or not at all.
1 Address Resolution
Protocol (ARP)
spoofing
m. Fake computer networking protocol messages sent to an Ethernet LAN to
determine a network host's hardware address when only its IP address is
known.
2 Buffer overflow
attack
j. So much input data that storage is exceeded; excess input contains code
that takes control of the computer.
3 Carding
x. Verifying credit card validity.
4 Caller ID spoofing
r. Displaying an incorrect phone number to hide the caller’s identity.
5 Cyber extortion
u. A demand for payment to ensure a hacker does not harm a computer.
6 Cyber bullying
q. Using social networking to harass another person
7 Economic espionage
v. Theft of trade secrets and intellectual property.
8 E-mail spoofing
k. Making an electronic communication appear as though it originated from
a different source.
9 IP address spoofing
l. Creating packets with a forged address to impersonate another computing
system.
10 Internet auction
fraud
w. Using a site that sells to the highest bidder to defraud another person
11 Internet pump-
and-dump fraud
g. Using the Internet to inflate a stock price so it can be sold for a profit.
12 Lebanese looping
a. Inserting a sleeve to trap a card in an ATM, pretending to help the owner
to obtain a PIN, and using the card and PIN to drain the account.
13 Man-in-the-middle
(MITM) attack
t. A hacker placing himself between a client and a host to intercept network
traffic.
14 Podslurping
c. Using a small storage device to download unauthorized data from a
computer.
15 Ransomware
s. Software that encrypts programs and data until a payment is made to
remove it.
16 Scareware
e. Malicious software that people are frightened into buying.
17 Sexting
h. Exchanging explicit messages and pictures by telephone.
18 SQL Injection
i. Inserting a malicious database query in input in a way that it can be
executed by an application program.
19 SMS spoofing
n. Changing the name or number a text message appears to come from.
20 XSS attack
p. A link containing malicious code that takes a victim to a vulnerable Web
site. Once there, the victim’s browser executes the malicious code embedded
in the link.
21 Tabnapping
y. Secretly changing an already open browser tab.
6.9 Identify the computer fraud and abuse technique used in each the following actual
examples of computer wrongdoing.
Each of these real-world scenarios was taken from news accounts of computer fraud and
abuse. There may be other valid answers, but the answers shown below are what the
news accounts and experts investigating the case said were used to perpetrate the fraud.
a. A teenage gang known as the “414s” broke into the Los Alamos
National Laboratory, Sloan-Kettering Cancer Center, and
Security Pacific Bank. One gang member appeared in Newsweek
Hacking
with the caption “Beware: Hackers at play.”
b. Daniel Baas was the systems administrator for a company that
did business with Acxiom, who manages customer information for
companies. Baas exceeded his authorized access and downloaded a
file with 300 encrypted passwords, decrypted the password file,
and downloaded Acxiom customer files containing personal
information. The intrusion cost Acxiom over $5.8 million.
Password cracking
c. Cyber-attacks left high-profile sites such as Amazon.com, eBay,
Buy.com, and CNN Interactive staggering under the weight of tens
of thousands of bogus messages that tied up the retail sites’
computers and slowed the news site’s operations for hours.
Denial of service attack
d. Susan Gilmour-Latham got a call asking why she was sending the
caller multiple adult text messages per day. Her account records
proved the calls were not coming from her phone. Neither she nor
her mobile company could explain how the messages were sent.
After finding no way to block the unsavory messages, she changed
her mobile number to avoid further embarrassment by
association.
SMS spoofing
e. A federal grand jury in Fort Lauderdale claimed that four
executives of a rental-car franchise modified a computer-billing
program to add five gallons to the actual gas tank capacity of their
vehicles. Over three years, 47,000 customers who returned a car
without topping it off ended up paying an extra $2 to $15 for
gasoline.
Salami technique
f. A mail-order company programmer truncated odd cents in sales-
commission accounts and placed them in the last record in the
commission file. Accounts were processed alphabetically, and he
created a dummy sales-commission account using the name of
Zwana. Three years later, the holders of the first and last sales-
commission accounts were honored. Zwana was unmasked and his
creator fired.
Round-down fraud
g. MicroPatent, an intellectual property firm, was notified that their
proprietary information would be broadcast on the Internet if they
did not pay a $17 million fee. The hacker was caught by the FBI
before any damage was done.
Cyber-extortion
h. When Estonia removed a Russian World War II war memorial,
Estonian government and bank networks were knocked offline in
a distributed DoS attack by Russian hackers. A counterfeit letter
of apology for removing the memorial statue was placed on the
Web site of Estonia’s prime minister.
Denial-of-service attack used
to perpetrate cyber-terrorism
i. eBay customers were notified by e-mail that their accounts had
been compromised and were being restricted unless they re-
registered using an accompanying hyperlink to a Web page that
had eBay’s logo, home page design, and internal links. The form
had a place for them to enter their credit card data, ATM PINs,
Social Security number, date of birth, and their mother’s maiden
name. Unfortunately, eBay hadn’t sent the e-mail.
Phishing
j. A teenager hijacked the eBay.de domain name and several months
later the domain name for a large New York ISP. Both hijacked
Web sites pointed to a site in Australia.
Pharming
k. Travelers who logged into the Alpharetta, Georgia, airport’s
Evil twin
Internet service had personal information stolen and picked up as
many as 45 viruses. A hacker had set up a rogue wireless network
with the same name as the airport’s wireless access network.
l. Criminals in Russia used a vulnerability in Microsoft’s server
software to add a few lines of Java code to users’ copies of Internet
Explorer. The code recorded the users’ keyboard activities, giving
the criminals access to usernames and passwords at many banking
Web sites. The attacks caused $420 million in damage.
Key logging
m. America Online subscribers received a message offering free
software. Users who opened the attachments unknowingly
unleashed a program hidden inside another program that secretly
copied the subscriber’s account name and password and
forwarded them to the sender.
Trojan horse
n. Rajendrasinh Makwana, an Indian citizen and IT contractor who
worked at Fannie Mae’s Maryland facility, was terminated at 1:00
P.M. on October 24. Before his network access was revoked, he
created a program to wipe out all 4,000 of Fannie Mae’s servers on
the following January 31.
Time/logic bomb
o. A man accessed millions of ChoicePoint files by claiming in
writing and on the phone to be someone he was not.
Pretexting
p. A 31-year-old programmer unleashed a Visual Basic program by
deliberately posting an infected document to an alt.sex Usenet
newsgroup using a stolen AOL account. The program evaded
security software and infected computers using the Windows
operating system and Microsoft Word. On March 26, the Melissa
program appeared on thousands of e-mail systems disguised as an
important message from a colleague or friend. The program sent
an infected e-mail to the first 50 e-mail addresses on the users’
Outlook address book. Each infected computer would infect 50
additional computers, which in turn would infect another 50
computers. The program spread rapidly and exponentially,
causing considerable damage. Many companies had to disconnect
from the Internet or shut down their e-mail gateways because of
the vast amount of e-mail the program was generating. The
program caused more than $400 million in damages.
Worm/virus. Although it was
called the Melissa virus, it
was actually a worm
q. Microsoft filed a lawsuit against two Texas firms that produced
software that sent incessant pop-ups resembling system warnings.
The messages stated “CRITICAL ERROR MESSAGE!
REGISTRY DAMAGED AND CORRUPTED” and instructed
users to visit a Web site to download Registry Cleaner XP at a cost
of $39.95.
Scareware
r. As many as 114,000 Web sites were tricked into running database
SQL injection attack inserted
t. It took Facebook 15 hours to kill a Facebook application that
infected millions of PCs with software that displays a constant
stream of pop-up ads. The program posted a “Sexiest Video Ever”
message on Facebook walls that looked like it came from a friend.
Clicking the link led to a Facebook installation screen, where users
allowed the software to access their profiles and walls. Once
approved, the application told users to download an updated, free
version of a popular Windows video player. Instead, it inserted a
program that displayed pop-up ads and links. A week later a
“Distracting Beach Babes” message did the same thing.
The program that caused the
pop-ups was Hotbar adware.
u. Robert Thousand, Jr. discovered he lost $400,000 from his
Ameritrade retirement account shortly after he began receiving a
flood of phone calls with a 30-second recording for a sex hotline.
An FBI investigation revealed that the perpetrator obtained his
Ameritrade account information, called Ameritrade to change his
phone number, created several VoIP accounts, and used
automated dialing tools to flood the dentist’s phones in case
Ameritrade called his real number. The perpetrator requested
multiple monetary transfers, but Ameritrade would not process
them until they reached Thousand to verify them. When the
transfers did not go through, the attacker called Ameritrade, gave
information to verify that he was Thousand, claimed he had been
having phone troubles, and told Ameritrade he was not happy that
the transfers had not gone through. Ameritrade processed the
transfers, and Thousand lost $400,000.
Fraudsters used identity
theft tactics (such as
phishing) to get victim’s
Ameritrade account
information.
Social engineering tactics
were used to get Ameritrade
to process the transfers.
A telephone denial of
service attack gave the
attacker time to drain the
victim’s financial accounts.
v. The Internet Crime Complaint Center reports a “hit man” scam.
The scammer claims that he has been ordered to assassinate the
victim and an associate has been ordered to kill a family member.
The only way to prevent the killings is to send $800 so an Islamic
expatriate can leave the United States.
Cyber-extortion. The email
threat was sent to extort
$800 from the victim and his
family.
w. In an economic stimulus scam, individuals receive a phone call
from President Obama telling them to go to a Web site to apply for
the funds. To receive the stimulus money, victims have to enter
personal identification information, complete an online
application, and pay a $28 fee.
This is vishing (phishing
done by voice instead of
email).
6.10 On a Sunday afternoon at a hospital in the Pacific Northwest, computers became
sluggish, and documents would not print. Monday morning, the situation became
worse when employees logged on to their computers. Even stranger things
happened—operating room doors would not open, pagers would not work, and
computers in the intensive care unit shut down. By 10:00 A.M., all 50 IT employees
were summoned. They discovered that the hospital was under attack by a botnet that
exploited a Microsoft operating system flaw and installed pop-up ads on hospital
computers. They got access to the first computer on Sunday and used the hospital’s
network to spread the infection to other computers. Each infected computer became
a zombie that scanned the network looking for new victims. With the network
computers faster than they could be cleaned. Monday afternoon IT figured out which
malware the bots were installing and wrote a script, which was pushed out hourly,
directing computers to remove the bad code. The script helped to slow the bots down
a bit.
This case is based on an actual attack. The solution represents the actual events of the
attack and the hospital's response.
a. What could the hospital do to stop the attack and contain the damage?
By Monday afternoon, IT figured out which malware the bots were installing and
on the hospital?
The primary attack used was a Zero-day attack that exploited a newly found
c. What steps should the hospital have taken to prevent the damage caused by the
attack?
Aftermath:
SUGGESTED ANSWERS TO THE CASE
6.1 1. How did Shadowcrew members conceal their identities?
How can average citizens protect their identities while interacting online?
2. How has the Internet made detecting and identifying identity fraudsters
difficult?
3. What are some of the most common electronic means of stealing personal
information?
4. What is the most common way that fraudsters use personal data?
5. What measures can consumers take to protect against the online brokering of
their personal data?
6. What are the most effective means of detecting identity theft?
7. What pieces of personal information are most valuable to identity fraudsters?
Name
Address
