Ch 6: Computer Fraud and Abuse Techniques
virus
A segment of executable code that attaches itself to a file, program, or some other executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates
Lebanese looping
Inserting a sleeve into an ATM that prevents it from ejecting the card. The perpetrator pretends to help the victim, tricking the person into entering the PIN again. Once the victim gives up, the thief removes the card and uses it and the PIN to withdraw money.
phishing
Sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of a consequence if it is not provided. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim's account.
Which of the following is a method that is used for identity theft?
Shoulder surfing, phishing, and dumpster diving.
worm
Similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm also copies itself automatically and actively transmits itself directly to other systems.
social engineering
The techniques or psychological tricks used to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data.
Time bombs are most likely planted in an information system by:
disgruntled computer programmers
Spyware infections came from:
drive-by downloads file-sharing programs worms/viruses
Someone redirects a website's traffic to a bogus website, usually to gain access to personal and confidential information. What is this computer fraud technique called?
pharming
A computer crime that involves attacking phone lines is
phreaking
A perpetrator attacks phone systems to obtain free phone lines access or uses telephone lines to transmit viruses and to access, steal, and destroy data. What is this computer fraud technique called?
phreaking
hacking
unauthorized access, modification, or use of an electronic device or some element of a computer system
Hackers use all of the techniques except
war walking
piggybacking
1) Tapping into a communications line and electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system 2) The clandestine use of a neighbor's WiFi network 3) Unauthorized person following an authorized person through a secure door, bypassing physical security controls
denial of service (DoS)
A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware
zero-day attack
An attack between the time a new software vulnerability is discovered and "released it into the wild" and the time a software developer releases a patch to fix the problem
Which of the following is known as a zero-day attack?
An attack between the time a new software vulnerability is discovered and the time a patch for fixing the problem is released
password cracking
An intruder penetrates a system's defenses, steals the file of valid passwords, decrypts them, and then uses them to gain access to programs, files, and data (system resources)
A network of computers used in a denial-of-service (DoS) attack is called a (an):
Botnet
rootkit
Concealing system components and malware from the operating system and other programs; can also modify the operating system
A computer fraud and abuse technique that steals information, trade secrets, and intellectual property
Economic espionage
A rootkit captures data from packets that travel across networks
False
Internet pump-and-dump inflates advertising bills by manipulating click numbers on websties
False
war dialing
Programming a computer to dial thousands of phone lines searching for dial-up modem lines. Hackers hack into the PC attached to the modem and access the network to which it is connected.
pharming
Redirecting website traffic to a spoofed website
dumpster diving or scavenging
Searching documents and records to gain access to confidential information. Scavenging methods include searching garbage cans, communal trash bins, and city dumps
Which of the following is NOT a method that is used for identity theft?
Spamming
bluesnarfing
Stealing (snarfing) contact lists, images, and other data using flaws in Bluetooth applications.
Which of the following is not a characteristic of computer viruses?
They are easy to detect and destroy
Which of the following is a characteristic of computer viruses?
They can mutate which increases their ability to do damage, can hinder system performance, and can lie dormant for a time w/o doing damage
data diddling
changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data
war driving
driving around looking for unprotected home or corporate wireless networks
Social engineering facilitates what type of computer fraud?
identity theft
The computer crime of piggybacking
involves the clandestine use of another user's WIFI
What type of software conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs?
rootkit
Which of the following is a method used to embezzle money a small amount at a time from many different accounts?
salami technique
tabnapping
secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back into the site
spamming
simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
Techniques used to obtain confidential info, by tricking people, are referred to what?
social engineering
splog
spam blogs created to increase a website's Google PageRank, which is how often a web page is referenced by other web pages
salami technique
stealing tiny slices of money from many different accounts
Which computer fraud technique involves a set of instructions hidden inside a calendar utility that copies itself each time the utility is enabled until memory is filled and the system crashes?
virus
shoulder surfing
when perpetrators look over a person's shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords
Which type of computer attack takes place between the time a software vulnerability is discovered and the time software developers release a software patch that fixes the problem?
zero day attack
botnet
a network of powerful and dangerous hijacked computers that are used to attack systems or spread malware
Trojan horse
a set of unauthorized computer instructions in an authorized and otherwise properly functioning program
spoofing
altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient
phreaking
attacking phone systems to get free phone access; using phone lines to transmit viruses and to access, steal and destroy data
A set of instructions to increase a programmer's pay rate by 10% is hidden inside an authorized program. It changes and updates the payroll file. What is this computer fraud technique called?
Trojan Horse
"Hacking" is an external attack on an accounting information system.
True
Bluesnarfing is the act of stealing contact lists, images, and other data using Bluetooth.
True
Pretexting is a technique employed in Social Engineering schemes
True
data slurping aka leakage
Unauthorized copying of company data, w/o leaving any indication that it was copied
pretexting
Using an invented scenario (the pretext) that creates legitimacy in the target's mind in order to increase the likelihood that a victim will divulge information or do something.
