Chapter #6: Computer Fraud and Abuse Techniques
Computer Attacks and Abuse
o Unauthorized access, modification, or use of a computer system or other
• Social Engineering
o Techniques, usually psychological tricks, to gain access to sensitive data or
o Used to gain access to secure systems or locations
o Any software which can be used to do harm
Things u need to click on
Types of Computer Attacks
• Botnet—Robot Network
o Network of hijacked computers
o Hijacked computers carry out processes without users knowledge
o Zombie—hijacked computer
• Denial-of-Service (DoS) Attack
o Constant stream of requests made to a Web-server (usually via a Botnet) that
overwhelms and shuts down service
o Making an electronic communication look as if it comes from a trusted official
source to lure the recipient into providing information
Types of Spoofing
o E-mail sender appears as if it comes from a different source
• Caller-ID o Incorrect number is displayed
• IP address
o Forged IP address to conceal identity of sender of data over the Internet or to
impersonate another computer system
• Address Resolution Protocol (ARP)
o Allows a computer on a LAN to intercept traffic meant for any other computer on
o Incorrect number or name appears, similar to caller-ID but for text messaging
• Web page
o Phishing (see below)
• DNS – domain name service
o Intercepting a request for a Web service and sending the request to a false
• Cross-Site Scripting (XSS)
o Unwanted code is sent via dynamic Web pages disguised as user input.
• Buffer Overflow
o Data is sent that exceeds computer capacity causing program instructions to be
lost and replaced with attacker instructions.
• SQL Injection (Insertion)
o Malicious code is inserted in the place of query to a database system.
o Giving something to the webpage that is passed to the database
o Hacker places themselves between client and host.
Additional Hacking Attacks
• Password Cracking o Penetrating system security to steal passwords
• War Dialing
o Computer automatically dials phone numbers looking for modems.
o Attacks on phone systems to obtain free phone service.
• Data Diddling
o Making changes to data before, during, or after it is entered into a system.
• Data Leakage
o Unauthorized copying of company data.
Hacking Embezzlement Schemes
• Salami Technique
o Taking small amounts from many different accounts.
• Economic Espionage
o Theft of information, trade secrets, and intellectual property.
o Internet, cell phones, or other communication technologies to support deliberate,
repeated, and hostile behavior that torments, threatens, harasses, humiliates,
embarrasses, or otherwise harms another person.
• Internet Terrorism
o Act of dis