Accounting Information Systems
6. 5 Match the data communications-related computer fraud and abuse technique in the
left column with the scenario in the right column. Terms may be used once, more
than once, or not at all.
1. Bluebugging
phone without physically holding that phone.
2. Bluesnarfing
k. Capturing data from devices that use Bluetooth technology.
3. Eavesdropping
f. Intercepting and/or listening in on private voice and data transmissions.
4. Evil twin
m. A rogue wireless access point masquerading as a legitimate access
point.
i. Making phone calls and sending text messages using another user’s
5. Packet sniffing
a. Intercepting Internet and other network transmissions.
6. Phreaking
j. Using telephone lines to transmit viruses and to access, steal, and
destroy data.
7. Piggybacking
d. Gaining access to a protected system by latching on to a legitimate
user.
8. Vishing
b. E-mails instructing a user to call a phone number where they are asked
to divulge personal information.
the attached computer and gain access to the network(s) to which it is
attached.
10. War driving
c. Searching for unprotected wireless networks in a vehicle.
Ch. 6: Computer Fraud and Abuse Techniques
6.6 Match the data related computer fraud and abuse technique in the left column with
the scenario in the right column. Terms may be used once, more than once, or not at
all.
1. Chipping
e. Inserting a chip that captures financial data in a legitimate credit card
reader.
2. Data diddling
i. Altering data during the IPO (Input-Process-Output) cycle.
3. Data leakage
f. Copying company data, such as computer files, without permission.
4. Identity theft
a. Illegally obtaining confidential information, such as a Social Security
number, about another person so that it can be used for financial gain.
6. Salami technique
d. Embezzling small fractions of funds over time.
7. Scavenging
b. Searching through garbage for confidential data.
Accounting Information Systems
6-15
6.7 Match the data security computer fraud and abuse technique in the left column with
the scenario in the right column. Terms may be used once, more than once, or not at
all.
1. Dictionary attack
j. Using software to guess company addresses, send them blank e-mails,
and all the rights and privileges of the legitimate user.
6. Password
cracking
c. Capturing and decrypting passwords to gain access to a system.
7. Piggybacking
e. Using a wireless network without permission.
8. Posing
x. Creating a seemingly legitimate business, collecting personal
information while making a sale, and never delivering the item sold.
9. Pretexting
u. Acting under false pretenses to gain confidential information.
10. Rootkit
q. Software that conceals processes, files, network connections, and
system data from the operating system and other programs.
11. Shoulder
surfing
v. Observing or listening to users as they divulge personal information.
12. Skimming
f. Covertly swiping a credit card in a card reader that records the data for
later use.
13. Social
engineering
r. Methods used to trick someone into divulging personal information.
14. Software piracy
p. Unauthorized copying or distribution of copyrighted software.
15. Steganography
g. Concealing data within a large MP3 file.
16. Superzapping
a. Special software used to bypass system controls.
17. Trap door
i. Entering a system using a back door that bypasses normal system
controls.
18. Trojan horse
k. Unauthorized code in an authorized and properly functioning program.
19. Virus
b. A segment of executable code that attaches itself to software.
20. Worm
m. A program that can replicate itself and travel over networks.
21. Zero-day attack
h. Attack between the time a software vulnerability is discovered and a
patch to fix the problem is released.
and adding unreturned messages to spammer e-mail lists.
2. Hacking
w. Gaining access to a computer system without permission.
3. Logic bomb
s. Software that sits idle until a specified circumstance or time triggers it.
4. Malware
l. Software used to do harm.
5. Masquerading
n. Pretending to be a legitimate user, thereby gaining access to a system
Ch. 6: Computer Fraud and Abuse Techniques
6.8 Match the data security computer fraud and abuse technique in the left column with
the scenario in the right column. Terms may be used once, more than once, or not at
all.
1 Address
Resolution Protocol
m. Fake computer networking protocol messages sent to an Ethernet
LAN to determine a network host’s hardware address when only its IP
from a different source.
9 IP address
spoofing
l. Creating packets with a forged address to impersonate another
computing system.
10 Internet auction
fraud
w. Using a site that sells to the highest bidder to defraud another person
11 Internet pump-
and-dump fraud
g. Using the Internet to inflate a stock price so it can be sold for a profit.
12 Lebanese looping
owner to obtain a PIN, and using the card and PIN to drain the account.
13 Man-in-the-
middle (MITM)
attack
t. A hacker placing himself between a client and a host to intercept
network traffic.
14 Podslurping
computer.
15 Ransomware
remove it.
16 Scareware
e. Malicious software that people are frightened into buying.
17 Sexting
h. Exchanging explicit messages and pictures by telephone.
18 SQL Injection
i. Inserting a malicious database query in input in a way that it can be
executed by an application program.
19 SMS spoofing
n. Changing the name or number a text message appears to come from.
21 Tabnapping
y. Secretly changing an already open browser tab.
(ARP)
address is known.
2 Buffer overflow
j. So much input data that storage is exceeded; excess input contains
3 Carding
x. Verifying credit card validity.
4 Caller ID spoofing
5 Cyber extortion
u. A demand for payment to ensure a hacker does not harm a computer.
6 Cyber bullying
q. Using social networking to harass another person
7 Economic
espionage
v. Theft of trade secrets and intellectual property.
8 E-mail spoofing
k. Making an electronic communication appear as though it originated
Accounting Information Systems
6-17
6.9 Identify the computer fraud and abuse technique used in each the following actual
examples of computer wrongdoing.
Each of these real-world scenarios were taken from news accounts of computer fraud and
abuse. There may be other valid answers, but the answers shown below are what the
news accounts and experts investigating the case said were used to perpetrate the fraud.
customer files containing personal information. The
intrusion cost Acxiom over $5.8 million.
c. Cyber-attacks left high-profile sites such as Amazon.com,
eBay, Buy.com, and CNN Interactive staggering under the
weight of tens of thousands of bogus messages that tied up
the retail sites’ computers and slowed the news site’s
operations for hours.
Denial of service attack
the unsavory messages, she changed her mobile number to
avoid further embarrassment by association.
e. A federal grand jury in Fort Lauderdale claimed that four
executives of a rental-car franchise modified a computer-
billing program to add five gallons to the actual gas tank
capacity of their vehicles. Over three years, 47,000 customers
who returned a car without topping it off ended up paying an
extra $2 to $15 for gasoline.
Salami technique
honored. Zwana was unmasked and his creator fired.
Alamos National Laboratory, Sloan-Kettering Cancer
Center, and Security Pacific Bank. One gang member
Hacking
Ch. 6: Computer Fraud and Abuse Techniques
g. MicroPatent, an intellectual property firm, was notified that
their proprietary information would be broadcast on the
Internet if they did not pay a $17 million fee. The hacker was
caught by the FBI before any damage was done.
Cyber-extortion
i. eBay customers were notified by e-mail that their accounts
had been compromised and were being restricted unless they
re-registered using an accompanying hyperlink to a Web
page that had eBay’s logo, home page design, and internal
links. The form had a place for them to enter their credit
card data, ATM PINs, Social Security number, date of birth,
and their mother’s maiden name. Unfortunately, eBay
hadn’t sent the e-mail.
Phishing
months later the domain name for a large New York ISP.
Both hijacked Web sites pointed to a site in Australia.
Pharming
copies of Internet Explorer. The code recorded the users’
keyboard activities, giving the criminals access to usernames
and passwords at many banking Web sites. The attacks
caused $420 million in damage.
network access was revoked, he created a program to wipe
January 31.
m. America Online subscribers received a message offering
free software. Users who opened the attachments
unknowingly unleashed a program hidden inside another
program that secretly copied the subscriber’s account name
Trojan horse
6-19
colleague or friend. The program sent an infected e-mail to
the first 50 e-mail addresses on the users’ Outlook address
book. Each infected computer would infect 50 additional
computers, which in turn would infect another 50 computers.
The program spread rapidly and exponentially, causing
considerable damage. Many companies had to disconnect
from the Internet or shut down their e-mail gateways
because of the vast amount of e-mail the program was
generating. The program caused more than $400 million in
damages.
q. Microsoft filed a lawsuit against two Texas firms that
produced software that sent incessant pop-ups resembling
and instructed users to visit a Web site to download Registry
Cleaner XP at a cost of $39.95.
Scareware
r. As many as 114,000 Web sites were tricked into running
database commands that installed malicious HTML code
redirecting victims to a malicious Web server that tried to
install software to remotely control the Web visitors’
computers.
SQL injection attack
inserted code that
redirected victims to
malicious Web servers.
s. Zeus records log-in information when the user of the
infected computer logs into a list of target Web sites, mostly
banks and other financial institutions. The user’s data is sent
to a remote server where it is used and sold by cyber-
criminals. The new version of Zeus will significantly increase
fraud losses, given that 30% of Internet users bank online.
A Trojan virus inserted a
keystroke logger on
computers. These
computers created a botnet
that captured and sent bank
data to hackers who sold it.
Ch. 6: Computer Fraud and Abuse Techniques
week later a “Distracting Beach Babes” message did the
same thing.
u. Robert Thousand, Jr. discovered he lost $400,000 from his
Ameritrade retirement account shortly after he began
receiving a flood of phone calls with a 30-second recording
for a sex hotline. An FBI investigation revealed that the
perpetrator obtained his Ameritrade account information,
called Ameritrade to change his phone number, created
several VoIP accounts, and used automated dialing tools to
• Fraudsters used identity
theft tactics (such as
phishing) to get victim’s
Ameritrade account
information.
• Social engineering
tactics were used to get
v. The Internet Crime Complaint Center reports a “hit man”
scam. The scammer claims that he has been ordered to
assassinate the victim and an associate has been ordered to
kill a family member. The only way to prevent the killings is
to send $800 so an Islamic expatriate can leave the United
States.
Cyber-extortion. The
email threat was sent to
extort $800 from the victim
and his family.
an online application, and pay a $28 fee.
Accounting Information Systems
6-21
6.10 On a Sunday afternoon at a hospital in the Pacific Northwest, computers became
sluggish, and documents would not print. Monday morning, the situation became
worse when employees logged on to their computers. Even stranger things
happened—operating room doors would not open, pagers would not work, and
computers in the intensive care unit shut down. By 10:00 A.M., all 50 IT employees
were summoned. They discovered that the hospital was under attack by a botnet that
exploited a Microsoft operating system flaw and installed pop-up ads on hospital
computers. They got access to the first computer on Sunday and used the hospital’s
network to spread the infection to other computers. Each infected computer became
a zombie that scanned the network looking for new victims. With the network
clogged with zombie traffic, hospital communications began to break down. The IT
staff tried to halt the attack by shutting off the hospital’s Internet connection, but it
was too late. The bots were inside the hospital’s computer system and infecting other
computers faster than they could be cleaned. Monday afternoon IT figured out which
malware the bots were installing and wrote a script, which was pushed out hourly,
directing computers to remove the bad code. The script helped to slow the bots down
a bit.
This case is based on an actual attack. The solution represents the actual events of the
attack and the hospital’s response.
a. What could the hospital do to stop the attack and contain the damage?
By Monday afternoon, IT figured out which malware the bots were installing and
wrote a script, which was pushed out hourly, directing computers to remove the bad
code. The script helped to slow the bots down a bit.
b. Which computer fraud and abuse technique did the hackers use in their attack
on the hospital?
The primary attack used was a Zero-day attack that exploited a newly found
Ch. 6: Computer Fraud and Abuse Techniques
c. What steps should the hospital have taken to prevent the damage caused by the
attack?
The hospital’s network is now protected by Computer Associate’s Pest Patrol, which
blocks adware and spyware, and Cisco MARS, an intrusion detection system.
Aftermath:
The hackers were a 19-year old California man, Christopher Maxwell, and two juveniles. Based
in part on evidence supplied by the hospital, Maxwell pleaded guilty to conspiracy and
intentionally causing damage to a protected computer. He was sentenced to 37 months in federal
prison and ordered to pay $112,500 in restitution to the hospital.
Accounting Information Systems
6-23
SUGGESTED ANSWERS TO THE CASES
6.1 1. How did Shadowcrew members concealed their identities?
• Used aliases when working online
How can average citizens protect their identities while interacting online?
• Use discretion in revealing personal information online. Individuals who use chat
2. How has the Internet made detecting and identifying identity fraudsters
difficult?
By using aliases, fraudulent email accounts, and proxy servers, thieves make it
3. What are some of the most common electronic means of stealing personal
information?
• Accessing public and victim-provided data
4. What is the most common way that fraudsters use personal data?
5. What measures can consumers take to protect against the online brokering of
their personal data?
• Avoid giving out their personal data – online or otherwise – whenever possible.
Ch. 6: Computer Fraud and Abuse Techniques
6. What are the most effective means of detecting identity theft?
• Regularly monitoring credit reports
7. What pieces of personal information are most valuable to identity fraudsters?
• Name
• Address
The rest of the story:
One of the results of Operation Firewall was the convictions of Andrew Mantovani, Chad
Hatten, and James Ancheta.
• Mantovani, a 24-year-old college student and a Shadowcrew co-founder, was sentenced
to 32 months in federal prison, a $5,000 fine, and three years of probation.