Chap 9 - AIS

Piggybacking has several meanings:

1, The clandestine use of a neighbor's Wi-Fi network; this can be prevented by enabling the security features in the wireless network. 2. Tapping into a communications line and electronically latching onto a legitimate user before the user enters a secure system; the legitimate user unknowingly carries the perpetrator into the system. 3.An unauthorized person following an authorized person through a secure door, bypassing physical security controls such as keypads, ID cards, or biometric identification scanners.

______ is spyware that can pop banner ads on a monitor, collect information about the user's web-surfing and spending habits, and forward it to the adware creator. Adware companies charge for each computer showing its ads. They increase the number of computers with adware by paying shareware developers to bundle the adware with their software. This allows shareware developers to make money without charging for their software.

Adware

______ refers to activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers. Scores of underground websites facilitate carding, with some rating the reliability of sellers the same way eBay does.

Carding

____ is planting a small chip that records transaction data in a legitimate credit card reader. The chip is later removed or electronically accessed to retrieve the data recorded on it.

Chipping

Skimming is double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use. Commonly committed in retail outlets such as restaurants and carried out by employees with a legitimate reason to possess the victim's cards

Skimming i

The following six steps that many criminals use to attack information systems:

1. Conduct reconnaissance. computer attackers begin by collecting information about their target. Perusing an organization's financial statements, SEC filings, website, and press releases can yield much valuable information. The objective of this initial reconnaissance is to learn as much as possible about the target and to identify potential vulnerabilities. 2, Attempt social engineering. Attackers will often try to use information obtained during their initial reconnaissance to "trick" an unsuspecting employee into granting them access. The use of deception to obtain unauthorized access to information resources is referred to as social engineering and can take place in countless ways, limited only by the creativity and imagination of the attacker. Social engineering attacks often take place over the telephone, via email, or by leaving USB drives in the targeted organization's parking lot or restrooms. 3. Scan and map the target. If social engineering is not possible or is unsuccessful, more detailed reconnaissance can be conducted to identify potential points of remote entry. This often involves the use of a variety of automated tools that identify computers that can be remotely accessed as well as the types of software they are running. 4. Research. After identifying specific targets and learning which versions of software are running on them, an attacker can research known vulnerabilities for those programs and learn how to take advantage of them. 5. Execute the attack. The criminal takes advantage of a vulnerability to obtain unauthorized access to the information system. 6, Cover tracks. After penetrating the victim's information system, most attackers attempt to cover their tracks and create "back doors" they can use to obtain access if their initial attack is discovered and controls are implemented to block that method of entry.

Companies advertising online pay from a few cents to more than $10 for each click on their ads. _____ is manipulating click numbers to inflate advertising bills.

Click fraud Examples of how click fraud is perpetrated include (1) companies clicking on a competitor's ad to drive up their advertising costs, (2) web page owners who get a commission to host a pay-per-click ad clicking to boost commissions, and (3) ad agencies inflating the number of clicks to make an ad campaign appear more effective. Most click fraudsters are cyber criminals who create websites with nothing on them but ads and use their botnets to repeatedly click on the ads.

Fraudsters take advantage of the following seven human traits to entice a person to reveal information or take a specific action:

Compassion—The desire to help others who present themselves as needing help. Greed—People are more likely to cooperate if they get something free or think they are getting a once-in-a-lifetime deal. Sex Appeal—People are more likely to cooperate with someone who is flirtatious or viewed as "hot." Sloth—Few people want to do things the hard way, waste time, or do something unpleasant; fraudsters take advantage of our lazy habits and tendencies. Trust—People are more likely to cooperate with people who gain their trust. Urgency—An immediate need that must be met leads people to be more cooperative and accommodating. Vanity—People are more likely to cooperate if they are told they are going to be more popular or successful.

_______ is a vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanisms and instruct the victim's browser to execute code, thinking it came from the desired website. Most attacks use executable JavaScript, although HTML, Flash, or other code the browser can execute are also used. XSS flaws are the most prevalent flaws in web applications today and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. The likelihood that a site contains XSS vulnerabilities is extremely high. Finding these flaws is not difficult for attackers;

Cross-site scripting (XSS); attacker can send the victim's cookie to another server, inject forms that steal victim's confidential data, disclose her files, or install a Trojan horse program on her computer.

_____ find a way to breach the security measures, attack organizations, steal information and monetary assets, or destroy or damage computer systems. Some cybercriminals are well funded by high-level officials in foreign governments and are developing state-of-the-art attack approaches that are stealthy, clever, and precise. They are also capable of identifying information assets of significant value.

Cybercriminals

Spyware software secretly monitors and collects personal information about users and sends it to someone else. The information is gathered by logging keystrokes, monitoring websites visited, and scanning documents on the computer's hard drive. Spyware can also hijack a browser, replacing a computer's home page with a page the spyware creator wants you to visit. Unless the spyware is removed, resetting a browser home page lasts only until the computer is rebooted. Spyware can also hijack search requests, returning results chosen by the spyware rather than the results desired. Spyware infections, of which users are usually unaware, come from the following:

Downloads such as file-sharing programs, system utilities, games, wallpaper, screen savers, music, and videos. Websites that secretly download spyware. This is called drive-by downloading. A hacker using security holes in web browsers and other software. Malware masquerading as antispyware security software. A worm or virus. Public wireless networks.

_________is the theft of information, trade secrets, and intellectual property.Almost 75% of losses are to an employee, former employee, contractor, or supplier.

Economic espionage

____is the unauthorized access, modification, or use of an electronic device or some element of a computer system. Most hackers break into systems using known flaws in operating systems or application programs, or as a result of poor access controls.

Hacking

_____is gaining control of a computer to carry out illicit activities without the user's knowledge. A botnet, short for robot network, is a powerful network of hijacked computers, called zombies, that are used to attack systems or spread malware. A bot herder installs software that responds to the hacker's electronic instructions on unwitting PCs. Bot software is delivered in a variety of ways, including Trojans, e-mails, instant messages, Tweets, or an infected website. Bot herders use the combined power of the hijacked computers to mount a variety of Internet attacks.

Hiijacking

__________ is using an Internet auction site to defraud another person. According to the FBI, 45% of the complaints they receive are about Internet auction fraud. Internet auction fraud can take several forms. For example, a seller can use a false identity or partner with someone to drive up the bid price. A person can enter a very high bid to win the auction and then cancel his bid, allowing his partner, who has the next highest, and much lower, bid to win. The seller can fail to deliver the merchandise, or the buyer can fail to make the agreedupon payment. The seller can deliver an inferior product or a product other than the one sold.

Internet auction fraud

_________is using the Internet to pump up the price of a stock and then selling it. Pump-and-dump fraudsters do three things. First, they buy a significant number of shares in small, low-priced, thinly traded penny stocks without driving up their price. Second, they use spam e-mails, texts, Tweets, and Internet postings to disseminate overly optimistic or false information about the company to create a buying frenzy that drives up the stock price. Third, they sell their shares to unsuspecting investors at inflated prices and pocket a handsome profit. Once they stop touting the stock, its price crumbles, and investors lose their money.

Internet pump-and-dump fraud

In ________, the perpetrator inserts a sleeve into an ATM that prevents the ATM from ejecting the card. When it is obvious that the card is trapped, the perpetrator approaches the victim and pretends to help, tricking the person into entering her PIN again. Once the victim gives up, the thief removes the card and uses the card and PIN to withdraw as much money as the ATM allows.

Lebanese looping

__________ is pretending to be an authorized user to access a system. This is possible when the perpetrator knows the user's ID number and password or uses her computer after she has logged in (while the user is in a meeting or at lunch).

Masquerading/impersonation

____crime is now bigger and more costly than the global illegal drugs trade. The costs to find, investigate, contain, and recover from cybercrimes is estimated to exceed $1 trillion a year. And that does not include the significant costs incurred due to business disruption, lost productivity, and reputational damage.

Online

_______ is redirecting website traffic to a spoofed website. If you could change XYZ Company's number in the phone book to your phone number, people using the phone book to call XYZ Company would reach you instead. Similarly, each website has a unique IP (Internet) address (four groupings of numbers separated by three periods). There is a DNS (think phone book) that converts a domain (website) name to an IP address. Pharmers change the IP address in the DNS to an IP address they control. Compromised DNS servers are referred to as "poisoned." Once these files are poisoned, all subsequent requests to visit that website are directed to the spoofed site.

Pharming

_____is a very popular social engineering tool for two reasons. First, it is difficult to detect because the user's browser shows the correct website. Antivirus and spyware removal software are currently ineffective protections against pharming. Instead, complicated antipharming techniques are required. Second is the ability to target many people at a time through domain spoofing rather than one at a time with phishing e-mails.

Pharming

______ is sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of some negative consequence if it is not provided. The recipient is asked to either respond to the bogus request or visit a web page and submit data. The message often contains a link to a web page that appears legitimate.

Phishing; Early phishing scams sent messages to everyone. Targeted versions of phishing, called spear phishing, have emerged.

________ is attacking phone systems. The most common reason for the attack is to obtain free phone line access, transmit malware, and steal and destroy data.

Phreaking; To protect a system from phreakers, companies use a voice firewall that scans inbound and outbound voice traffic, terminates any suspicious activity, and provides real-time alerts.

________is using a small device with storage capacity, such as an iPod or Flash drive, to download unauthorized data.

Podslurping

_______ is creating a seemingly legitimate business (often selling new and exciting products), collecting personal information while making a sale, and never delivering the product. Fraudsters also create Internet job listing sites to collect confidential information.

Posing

______ is using an invented scenario (the pretext) to increase the likelihood that a victim will divulge information or do something. The pretext is more than just a simple lie; it usually involves creating legitimacy in the target's mind that makes impersonation possible. One approach pretexters use is to pretend to conduct a security survey and lull the victim into disclosing confidential information by asking 10 innocent questions before asking the confidential ones. They also call help desks and claim to be an employee who has forgotten a password. They call users and say they are testing the system and need a password.

Pretexting

In an _______, malicious code in the form of an SQL query is inserted into input so it can be passed to and executed by an application program. The idea is to convince the application to run SQL code that it was not intended to execute by exploiting a database vulnerability. It is one of several vulnerabilities that can occur when one programming language is embedded inside another. A successful SQL injection can read sensitive data from the database; modify, disclose, destroy, or limit the availability of the data; allow the attacker to become a database administrator; spoof identity; and issue operating system commands. An SQL injection attack can have a significant impact that is limited only by the attacker's skill and imagination and system controls.

SQL injection attack (insertion)

______ is software that is often malicious, is of little or no benefit, and is sold using scare tactics. That is, it uses fear to motivate some sort of user action. The most common scare tactic is a dire warning that a computer is infected with a virus, spyware, or some other catastrophic problem. Some scareware even warns that a user's job, career, or marriage is at risk. The scareware creators offer a solution—a free computer scan using their fake antivirus software. Accepting the free scan does several things. First, it does not perform a scan. Second, it claims to find dozens of problems and again warns of dire consequences if the computer is not cleaned up. Third, it often introduces the very problems that scared the consumer into trying the software. Fourth, it encourages the consumer to buy the fake antivirus software to clean the computer and keep it clean.

Scareware

_________ is the unauthorized copying or distribution of copyrighted software. Three frequent forms of software piracy include: (1) selling a computer with preloaded illegal software, (2) installing a single-license copy on multiple machines, and (3) loading software on a network server and allowing unrestricted access to it in violation of the software license agreement.

Software piracy

___ is simultaneously sending the same unsolicited message to many people at the same time, often in an attempt to sell something. Spam not only reduces the efficiency benefits of e-mail but also is a source of many viruses, worms, spyware programs, and other types of malware discussed later in the chapter.

Spamming; Spammers scan the Internet for addresses posted online, hack into company databases, and steal or buy mailing lists.

__________is setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site. For example, typing goggle.com instead of google.com might lead to a cyber-squatter site that: -Tricks the user into thinking she is at the real site because of a copied or a similar logo, website layout, or content. These sites often contain advertising that appeals to the person looking for the real domain name. The typosquatter might also be a competitor. -Is very different from what was wanted. One typosquatter sent people looking for a children's site to a pornographic website. -Distributes malware such as viruses, spyware, and adware.lware such as viruses, spyware, and adware.

Typosquatting/URL hijacking

__________ is programming a computer to dial thousands of phone lines searching for dial-up modem lines. Hackers break into the PC attached to the modem and access the network to which it is connected. This approach got its name from the movie War Games. Much more problematic in today's world is war driving, which is driving around looking for unprotected wireless networks.

War dialing

A _____ is a trial-and-error method that uses software to guess information, such as the user ID and the password, needed to gain access to a system. It is the electronic equivalent of trying every key on a very large key ring to find the one that opens a locked door. The success of a brute force attack is a factor of two things: (1) the computing power used and (2) enough time to generate the number of combinations needed. Brute force attacks are used by criminals as well as security personnel to test an organization's network security.

brute force attack

A _______happens when the amount of data entered into a program is greater than the amount of the memory (the input buffer) set aside to receive it. The input overflow usually overwrites the next computer instruction, causing the system to crash. Hackers exploit this buffer overflow by carefully crafting the input so that the overflow contains code that tells the computer what to do next. This code could open a back door into the system, provide the attacker with full control of the system, access confidential data, destroy or harm system components, slow system operations, and carry out any number of other inappropriate acts. Buffer overflow exploits can occur with any form of input, including mail servers, databases, web servers, and FTPs.

buffer overflow attack

All ____connected to the Internet, especially those with important trade secrets or valuable IT assets, are under constant attack from hackers, foreign governments, terrorist groups, disaffected employees, industrial spies, and competitors.

computers

Malware is not restricted to _______. As many as 2 million new pieces of mobile device malware are discovered each year. This malware ranges from fake versions of legitimate apps to banking apps that generate unwanted advertisements.

computers

Botnets are used to perform a ____, which is designed to make a resource unavailable to its users. In an e-mail DoS attack, so many e-mails (thousands per second) are received, often from randomly generated false addresses, that the Internet service provider's e-mail server is overloaded and shuts down. Another attack involves sending so many web page requests that the web server crashes. An estimated 5,000 DoS attacks occur per week. The websites of online merchants, banks, governmental agencies, and news agencies are frequent victims.

denial-of-service attack (DoS)

In a brute force _____, software generates user IDs and password guesses using a dictionary of possible user IDs and passwords to reduce the number of guesses required. Spammers use dictionary attacks (also called directory harvest attacks) to guess e-mail addresses at a company and send blank e-mail messages. Messages not returned usually have valid e-mail addresses and are added to spammer e-mail lists.

dictionary attack

Spoofing is making an electronic communication look as if someone else sent it to gain the trust of the recipient. Spoofing can take various forms, including the following:

email caller ID IP address (is creating Internet Protocol (IP) packets with a forged source IP address to conceal the identity of the sender or to impersonate another computer system. IP spoofing is most frequently used in DoS attacks.) SMS spoofing web-page spoofing aka phising

An ______ is a wireless network with the same name (called Service Set Identifier, or SSID) as a legitimate wireless access point. The hacker either uses a wireless signal that is stronger than the legitimate signal or disrupts or disables the legitimate access point by disconnecting it, directing a DoS against it, or creating radio frequency interference around it. Users are unaware that they connect to the evil twin. The perpetrator monitors the traffic looking for confidential information.

evil twin

Attempting to___out malicious scripts is unlikely to succeed, as attackers encode the malicious script in hundreds of ways so it looks less suspicious to the user. The best way to protect against XSS is HTML sanitization, which is a process of validating input and only allowing users to input predetermined characters. Companies also try to identify and remove XSS flaws from a web application. To find flaws, companies review their code, searching for all the locations where input from an HTTP request could enter the HTML output.

filter

Most malware is the result of installation or _______ by a remote attacker. It is spread using several approaches, including shared access to files, e-mail attachments, and remote access vulnerabilities.

injection

The best protection against spyware and adware is a good antispyware software package that neutralizes or eliminates it and prevents its ________. One downside is that after the spyware or adware is erased, the free software that was its host may not work. To protect yourself, use multiple antispyware programs; unlike antivirus software and firewalls, they don't conflict with each other.

installation

________,which is any software used to do harm. Malware is a constant and fast-growing concern, as well as an expensive one

malware,

A _____________ places a hacker between a client and a host and intercepts network traffic between them. An MITM attack is often called a session hijacking attack. MITM attacks are used to attack public-key encryption systems where sensitive and valuable information is passed back and forth. For example, Linda sniffs and eavesdrops on a network communication and finds David sending his public key to Teressa so that they can communicate securely. Linda substitutes her forged public key for David's key and steps in the middle of their communications. If Linda can successfully impersonate both David and Teressa by intercepting and relaying the messages to each other, they believe they are communicating securely. Once an MITM presence is established, the hacker can read and modify client messages, mislead the two parties, manipulate transactions, and steal confidential data. To prevent MITM attacks, most cryptographic protocols authenticate each communication endpoint

man-in-the-middle attack (MITM)

There are different types and variations of brute force attacks. In brute force ____, passwords stored in or transmitted by a computer system are recovered by trying every possible combination of upper- and lower-case letters, numbers, and special characters and comparing them to a cryptographic hash of the password. Newer computers can brute force crack an 8-character alphanumeric password in less than two hours. Password cracking is used to help users recover forgotten passwords but can also be used to gain unauthorized system access.

password cracking

The ________ is used to embezzle money a "salami slice" at a time from many different accounts.

salami technique One salami technique has been given a name. In a round-down fraud, all interest calculations are truncated at two decimal places and the excess decimals put into an account the perpetrator controls. No one is the wiser, since all the books balance. Over time, these fractions of a cent add up to a significant amount, especially when interest is calculated daily.

In ______ as its name suggests, perpetrators look over a person's shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords. Fraudsters also use sophisticated skimming devices placed right over a card-reader slot to capture data stored on a card's magnetic strip.

shoulder surfing,

Bot ____ and easy-to-use software are available on the Internet showing hackers how to create their own botnets;

toolkits

______ destroys competing malware, resulting in " malware warfare" between competing developers.

torpedo software

To stop _______, companies send a cease-and-desist letter to the offender, purchase the website address, or file a lawsuit.

typosquatting To prevent typosquatting, a company (1) tries to obtain all the web names similar to theirs to redirect people to the correct site, or (2) uses software to scan the Internet and find domains that appear to be typosquatting. Parents can use the same software to restrict access to sites that squat on typos of children's websites.

Voice phishing, or ______ is like phishing except that the victim enters confidential data by phone. Among other things, perpetrators use caller ID spoofing to fool the victim into thinking they are talking to their financial institution.

vishing,

Every computer software program represents a potential point of attack because it probably contains flaws, called ______ that can be exploited to either crash the system or take control of it. A zero-day attack (or zero-hour attack) is an attack between the time a new software vulnerability is discovered and the time a software developer releases a patch that fixes the problem. When hackers detect a new vulnerability, they "release it into the wild" by posting it on underground hacker sites.

vulnerabilities,; One way software developers minimize the vulnerability window is to monitor known hacker sites so they know about the vulnerability when the hacker community does.

Vulnerability ____last anywhere from hours to forever if users do not patch their system.

windows