Computer Fraud and Abuse Techniques T echniques Adware -Using software to collect web-surfing and spending data and forward it to advertising or media organizations. It also causes banner ads to pop up on computer monitors as t he Internet is surfed. Bluebugging- Taking control of someone else’s phone to make calls, send text messages, listen to their phone calls, or read their text messages. Bluesnarfing -Stealing contact lists, images, and other data using Bluetooth. Botnet, bot herders - A network of hijacked computers. Hackers, c alled bot herders, that control the hijacked computers, called zombies, use them in a variety of Internet attacks Chipping -Planting a chip that records transaction data in a legitimate credit card reader. Click fraud -Clicking on-line ads numerous times to inflate advertising bills. Cyber-extortion -Requiring a company to pay a specified amount of money to keep the extortionist from harming the company electronically. Data diddling - Changing data before, during, or after it is entered into the system. Data leakage- Copying company data, such as computer files, without permission. Denial-of-service attack -Sending e-mail bombs (hundreds of messages per second) from randomly generated false addresses. The recipient’s internet service provid er e-mail server is overloaded and shuts down. Dictionary attack - Using software to guess company addresses and send them blank e-mails. Unreturned messages are valid addresses that are added to spammer e-mail lists. Eavesdropping- Listening to private voice or data tr ansmissions, often using a wiretap. Economic espionage - The theft of information, trade secrets, and intellectual property. E-mail threats- Sending a threatening message asking the r ecipient to do something that makes it possible to defraud them. Evil twin - A wireless network with the same name as a local wireless access point. The hacker disables the legitimate access point, users unknowingly re-connect to the evil twin, and hackers monitor t he traffic looking for useful information Hacking -Accessing and using computer systems without permission, usually by means of a personal computer and a telecommunications network. Hijacking -Gaining control of someone else’s computer to carry out illicit activities without the owner’s knowledge Identity theft - Assuming someone’s identity, usually for economic gain, by illegally obtaining confidential information such as a social security number. Internet misinformation - Using the Internet to spread false o r misleading information.
Internet terrorism -Using the Internet to disrupt communications and electronic commerce Key logger - Using spyware to record a user’s keystokes. Logic and time bombs - Software that sits idle until a specified circumstance or t ime triggers it, destroying programs, data, or both. Malware -Software that can be used to do harm. Masquerading/ impersonation - Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user. Packet sniffing - Using a computer to find confidential information as it travels the Inter net and other networks. Password cracking -Penetrating system defenses, stealing valid passwords, and decrypting them so they can be used to access system programs, files, and data.
Pharming -Redirecting a website's traffic to a spoofed website to gain access to personal and confidential information. Phishing -Sending e-mails requesting recipients to visit a web page and verify data or fill in missing data. The e-mails and web sites look like legitimate companies, primarily financial institutions. Phreaking -Attacking phone systems and using telephone lines to transmit viruses and to access, steal, and destroy data. Piggybacking 1.The clandestine use of someone's Wi-Fi network. 2.Tapping into a telecommunications line, latching on to a legitimate user, and accompanying the perpetrator into the system. 3.Bypassing physical security controls by entering a secure door when an authorized person opens it.
Posing -Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the item sold. Pretexting -Acting under false pretenses to gain confidential information. Rootkit -Software that conceals processes, files, network c onnections, and system data from the operating system and other programs. Round-down -Truncating interest calculations at two decimal places. The truncated fract ion of a cent is placed in an account controlled by the perpetrator. Salami technique - Stealing tiny slices of money over time. An exam ple is increasing expenses by a fraction of a percent and placing in a perpetrator-controlled dummy account. Scavenging/dumpster diving -Searching for confidential corporate or personal information by searching trashcans or scanning the contents of computer memory.
Shoulder surfing -Watching people or listening as they enter or give confidential information. Skimming -Double-swiping a credit card or covertly swiping it in a card reader that records the data for later use. Social engineering -Techniques that trick a person into disclosing confidential information. Software piracy -Illegally copying computer software. Spamming - E-mailing an unsolicited message to many people at the same time. Splog -A spam blog that promotes affiliated websites to increase their Google PageRank (how often a web page is referenced by other web pages). Spyware -Using software to monitor computing habits and send that data to someone e lse, often without the computer user’s permission. Spoofing -Making an e-mail message look as if someone else sent it. Steganography -Hiding data from one file inside a host file such as a large image or sound file. Superzapping -Using special software to bypass system controls and perform illegal act s. Trap door -Entering a system using a back door that bypasses normal system controls. Trojan horse -Unauthorized code in an authorized and properly functioning program. Typosquatting / URL hijacking - Setting up websites with names similar to real w ebsites so users making typographical errors entering web site names are sent to a site filled with malware. Virus -A segment of executable code that attaches itself to software, replicates itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources o r displays a message on the monitor. Vishing -Voice phishing, where e-mail recipients are asked to call a phone number where t hey are asked to divulge confidential data. War dialing -Dialing thousands of phone lines searching for idle modems that can be used to enter the system, capture the attached computer, and gain access to the network(s) to which it is attached. War driving / rocketing - Looking for unprotected wireless networks using a car or a rocket. Worm -Similar to a virus, but a program rather than a code segment hidden in a host program. Copies and actively transmits itself directly to other systems. It usually does not live very long, but is quite destructive while alive. Zero-day attack -An attack between the time a new software vulnerability is discovered and a software patch that fixes the problem is released.