Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Page 1 of 11
CHAPTER 6
COMPUTER FRAUD AND ABUSE TECHNIQUES
Instructor’s Manual
Learning Objectives:
1. Compare and contrast computer attack and abuse tactics.
Computer Fraud and Abuse Techniques
Computer Attacks
Hacking is the unauthorized access to and use of computer
systems, usually by means of a personal computer and a
telecommunications network. Most hackers are able to break into
systems using known flaws in operating systems or application
programs, or as a result of poor access controls. Some hackers
are motivated by the challenge of breaking into computer systems
and just browse or look for things to copy and keep. Other
hackers have malicious intentions.
The following examples illustrate hacking attacks and the damage
they cause:
1. Several years ago, Russian hackers broke into Citibank’s
system and stole $10 million from customer accounts.
Learning Objective One
Compare and contrast computer attack and abuse
tactics.
Hackers who search for dial-up modem lines by programming
computers to dial thousands of phone lines are referred to
as war dialing.
War driving is driving around looking for unprotected
wireless networks.
A botnet, short for robot network, is a network of hijacked
computers. Hijacking is gaining control of someone else’s
computer to carry out illicit activities without the user’s
knowledge.
Hackers who control the hijacked computers, called bot
herders, use the combined power of the infected machines,
called zombies.
A denial-of-service attack occurs when an attacker sends so many
e-mail bombs (thousands per second), often from randomly
generated false addresses, that the Internet service provider’s
e-mail server is overloaded and shuts down. Another denial-of-
service attack is sending so many requests for Web pages that the
Web server crashes.
Most denial-of-service attacks are quite easy to accomplish and
involve the following:
1. The attacker infects a botnet with a denial-of-service
program.
2. The attacker activates the program and the zombie
computers begin sending pings (e-mails or requests for
Page 3 of 11
for a response that never comes.
3. Because the victim computer is waiting for so many
4. The attacker terminates the attack after an hour or two
to limit the victim’s ability to trace the source of the
attacks.
Spamming is e-mailing the same unsolicited message to many
people at the same time, often in an attempt to sell them
something.
Splogs, or spam blogs, promote affiliated Websites to
increase their Google Page Rank, a measure of how
often a Web page is referenced by other Web pages.
Spoofing is making an e-mail message look as if
someone else sent it.
A zero-day attack (or zero-hour attack) is an attack
between the time a new software vulnerability is
discovered and the software developers and the
security vendors release software, called a patch,
that fixes the problem.
Page 4 of 11
Piggybacking has several meanings:
1. The clandestine use of a neighbor’s Wi-Fi network;
2. Tapping into a telecommunications line and
electronically latching on to a legitimate user
3. An unauthorized person passing through a secure
door when an authorized person opens it, thereby
bypassing physical security controls such as
keypads, ID cards, or biometric identification
scanners.
Data diddling is changing data before, during, or after it is
entered into the system. The change can be made to delete, alter,
or add key system data.
Data leakage refers to the unauthorized copying of company data.
A fraud perpetrator can use the salami technique, to embezzle
The round-down fraud technique is used most frequently in
financial institutions that pay interest. In the typical
Phreaking is attacking phone systems to obtain free phone line
access. Phreakers also use the telephone lines to transmit
viruses and to access, steal, and destroy data.
Economic espionage is the theft of information, trade secrets,
Page 5 of 11
A growing problem is cyber-extortion, in which fraud perpetrators
threaten to harm a company if it does not pay a specified amount
of money.
Fraud perpetrators are beginning to use unsolicited e-mail
threats to defraud people. For example, Global Communications
sent a message to many people threatening legal action if an
unspecified overdue amount was not paid within 24 hours.
Multiple Choice 1
Stealing tiny slices of money over time is which technique:
a. posing
Multiple Choice 2
Software that can be used to do harm is
a. adware
b. evil twin
c. malware
d. none of the above
Learning Objective Two
Explain how social engineering techniques are
used to gain physical or logical access to
computer resources.
Page 6 of 11
Social Engineering
In social engineering, perpetrators trick employees into giving
them the information they need to get into the system.
In pretexting, people act under false pretenses to gain
confidential information. For example, they might conduct a
security investigation and lull the person into disclosing
confidential information by asking 10 innocent questions before
asking the confidential ones.
In voice phishing, or vishing, e-mail recipients are asked to
call a specified phone number, where a recording tells them to
enter confidential data.
Phished (and otherwise stolen) credit card numbers can be bought
and sold, which is called carding.
Page 7 of 11
Typosquatting, also called URL hijacking, is setting up Websites
with names very similar to real Websites so when users make
mistakes, such as typographical errors, in entering a Website
name the user is sent to an invalid site.
The typosquatter’s site may do the following:
1. Trick the user into thinking she is at the real site by
2. Send the user to a site very different from what was
3. Use the false address to distribute viruses, adware,
spyware, or other malware.
Scavenging, or dumpster diving, is gaining access to confidential
information by searching corporate or personal records. Some
identity thieves search garbage cans, communal trash bins, and
Shoulder surfing is watching people as they enter telephone
calling card or credit card numbers or listening to conversations
as people give their credit card number over the telephone or to
sales clerks.
Skimming is double-swiping a credit card in a legitimate terminal
or covertly swiping a credit card in a small, hidden, handheld
card reader that records credit card data for later use.
Learning Objective Three
Describe the different types of malware used to
harm computers.
Page 8 of 11
Malware
This section describes malware, which is any software that can be
used to do harm. A recent study shows that malware is spread
using several simultaneous approaches, including file sharing
(used in 72 percent of attacks), shared access to files (42
percent), e-mail attachments (25 percent), and remote access
vulnerabilities (24 percent).
Spyware infections, of which users are usually unaware, come from
the following:
1. Downloads such as file sharing programs, system
3. A hacker using security holes in Web browsers and other
software.
5. A worm or virus.
6. Public wireless network. For example, users receive a
message they believe is from the coffee shop or hotel
where they are using wireless technology. Clicking on
the message inadvertently downloads a Trojan horse or
spyware application.
Another form of spyware, called a key logger, records computer
activity, such as a user’s keystrokes, e-mails sent and received,
Websites visited, and chat session participation.
A Trojan horse is a set of malicious, unauthorized computer
instructions in an authorized and otherwise properly functioning
program. Some Trojan horses give the creator the power to
A trap door, or back door, is a way into a system that bypasses
normal system controls. Programmers use trap doors to modify
programs during systems development and normally remove them
before the system is put into operation.
A rootkit is software that conceals processes, files, network
connections, memory addresses, systems utility programs, and
system data from the operating system and other programs.
Rootkits often modify parts of the operating system or install
themselves as drivers.
Superzapping is the unauthorized use of special system programs
to bypass regular system controls and perform illegal acts.
computer, destroy the hard disk’s file allocation table, delete
or rename files or directories, reformat the hard disk, or change
the content of files.
Symptoms of a computer virus include computers that will not
start or execute; unexpected read or write operations; an
Page 10 of 11
It is estimated that viruses and worms cost businesses more than
$20 billion a year.
Most viruses attack computers, but all devices connected to the
Internet or that are part of a communications network run the
risk of being infected. Recent viruses have attacked cell phones
and personal digital assistants. These devices are infected
through text messages, Internet page downloads, and Bluetooth
1. A virus is a segment of code hidden in or attached to a
2. A virus requires a human to do something (run a program,
3. Worms harm networks (if only by consuming bandwidth),
whereas viruses infect or corrupt files or data on a
targeted computer.
Worms often reside in e-mail attachments, which, when opened or
activated, can damage the user’s system.
A worm usually does not “live” very long, but it is quite
destructive while “alive.”
Multiple Choice 3
Techniques used to obtain confidential information, often by tricking
people, are referred to as what?
Page 11 of 11
a. pretexting c. social engineering
b. posing d. identity theft
Multiple Choice 4
What type of software secretly collects personal information about
users and sends it to someone else without the user’s permission?
a. rootkit c. spyware
b. torpedo software d. malware
