MGCR 331 Lecture Notes - Intrusion Detection System, Information Security, Click Fraud

19 views3 pages
Published on 16 Apr 2013
School
McGill University
Department
Management Core
Course
MGCR 331
Chapter 13: Information Security
Key Info and Terms
- Data harvesters: cybercriminals who infiltrate systems and collect data for
illegal resale.
- Cash-out fraudsters: firms that purchase assets from data harvesters.
Actions may include stolen credit card numbers to purchase goods, creating
fake accounts via identity fraud, and more.
- These are efficient and sophisticated operations.
- Hackers may also infiltrate computer systems hop from hardware to
hardware.
- Botnets of zombie computers: hordes of surreptitiously infiltrated
computers, linked and controlled remotely.
o Click fraud, spam sending, or distributed denial of service (DDoS) --
- effectively shutting down web sites by overwhelming them with a
crushing load of seemingly legitimate requests sent simultaneously by
thousands of machines.
- Might be insiders, rivals, or foreign governments
- Cyber warfare a legit threat (terrorism, cut of power, cause explosions, etc.)
- Stuxnet: infiltrated Iranian nuclear facilities and reprogramed the industrial
control software operating hundreds of uranium-enriching centrifuges. Made
the devices spin so fast that they effectively destroyed themselves --- and
even made it look like nothing was out of place.
- 70% of loss-causing security incidents involve insiders
o employees can steal secrets, install malware, or hold a firm hostage.
o Also temporary staffers, contract employees,
o Cleaning or security staff
- Social engineering: con games that trick employees into revealing
information or performing other tasks that compromise a firm
o EGS:
Impersonating senior management
Making claims with confidenc
Harassment
Answering bogus surveys
- Phishing: cons executed through technology, typically targeted at acquiring
sensitive information or tricking someone into installing malicious software.
o Lift logos, mimic standard layouts, and copy official language from
legitimate web sites
o Dupe users into downloading software that can record passwords
- Solutions to the password problem? Perhaps Biometrics: technologies that
replace conventionally typed passwords with fingerprint readers, facial
recognition, or iris scans. But never caught on/viewed as novelties.
- Infected USBs
- Viruses: programs that infect other software or files require an executable
- Worms: do not require an executable
Unlock document

This preview shows page 1 of the document.
Unlock all 3 pages and 3 million more documents.

Already have an account? Log in

Document Summary

Data harvesters: cybercriminals who infiltrate systems and collect data for illegal resale. Cash-out fraudsters: firms that purchase assets from data harvesters. Actions may include stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more. Hackers may also infiltrate computer systems hop from hardware to hardware. Botnets of zombie computers: hordes of surreptitiously infiltrated computers, linked and controlled remotely: click fraud, spam sending, or distributed denial of service (ddos) -- Effectively shutting down web sites by overwhelming them with a crushing load of seemingly legitimate requests sent simultaneously by thousands of machines. Might be insiders, rivals, or foreign governments. Cyber warfare a legit threat (terrorism, cut of power, cause explosions, etc. ) Stuxnet: infiltrated iranian nuclear facilities and reprogramed the industrial control software operating hundreds of uranium-enriching centrifuges. Made the devices spin so fast that they effectively destroyed themselves --- and even made it look like nothing was out of place.

Get OneClass Grade+

Unlimited access to all notes and study guides.

YearlyMost Popular
75% OFF
$9.98/m
Monthly
$39.98/m
Single doc
$39.98

or

You will be charged $119.76 upfront and auto renewed at the end of each cycle. You may cancel anytime under Payment Settings. For more information, see our Terms and Privacy.
Payments are encrypted using 256-bit SSL. Powered by Stripe.