Table 6-1: Computer Fraud and Abuse Techniques

Ace your homework & exams now with Quizwiz!

Piggybacking

1. Clandestine use of someone's Wi-Fi network. 2. Tapping into a communications line and entering a system by latching onto a legitimate user. 3. Bypassing physical security controls by entering a secure door when an authorized person opens it.

Trap door

A back door into a system that bypasses normal system controls.

Man-in-the-middle (MITM) attack

A hacker placing himself between a client and a host to intercept network traffic; also called session hijacking.

Botnet, bot herders

A network of hijacked computers. Bot herders use the hijacked computers, called zombies, in a variety of Internet attacks.

Splog

A spam blog that promotes Web sites to increase their Google PageRank (how often a Web page is ref-erenced by other pages).

Evil twin

A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.

Masquerading/impersonation

Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user.

Pretexting

Acting under false pretenses to gain confidential information.

Web-page spoofing

Also called phishing.

Denial-of-service attack

An attack designed to make computer resources unavailable to its users. For example, so many e-mail messages that the Internet service provider's e-mail server is overloaded and shuts down.

Identity theft

Assuming someone's identity by illegally obtaining confidential information such as a Social Security number.

Zero-day attack

Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.

Phreaking

Attacking phone systems to get free phone access; using phone lines to transmit viruses and to access, steal, and destroy data.

Data diddling

Changing data before, during, or after it is entered into the system.

Phishing

Communications that request recipients to disclose confidential information by responding to an e-mail or visiting a Web site.

IP address spoofing

Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to imperson-ate another computer system.

Posing

Creating a seemingly legitimate business, collecting personal data while making a sale, and never deliv-ering items sold.

Web cramming

Developing a free and worthless trial-version Web site and charging the subscriber's phone bill for months even if the subscriber cancels.

War dialing

Dialing phone lines to find idle modems to use to enter a system, capture the attached computer, and gain access to its network(s).

Caller ID spoofing

Displaying an incorrect number on the recipient's caller ID display to hide the identity of the caller.

Skimming

Double-swiping a credit card or covertly swiping it in a card reader that records the data for later use.

Spamming

E-mailing an unsolicited message to many people at the same time.

Sexting

Exchanging explicit text messages and pictures.

Virus

Executable code that attaches itself to software, replicates itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays messages.

Cross-site scripting (XSS) attack

Exploits Web page security vulnerabilities to bypass browser security mechanisms and create a mali-cious link that injects unwanted code into a Web site.

Hijacking

Gaining control of someone else's computer for illicit activities.

Steganography

Hiding data from one file inside a host file, such as a large image or sound file.

Buffer overflow attack

Inputting so much data that the input buffer overflows. The overflow contains code that takes control of the computer.

SQL injection attack

Inserting a malicious SQL query in input in such a way that it is passed to and executed by an applica-tion program.

Lebanese looping

Inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means to discover his or her PIN, and then using the card and PIN to drain the account.

Packet sniffing

Inspecting information packets as they travel the Internet and other networks.

Eavesdropping

Listening to private voice or data transmissions.

War driving/rocketing

Looking for unprotected wireless networks using a car or a rocket.

E-mail spoofing

Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source.

Spoofing

Making electronic communications look like someone else sent it.

Scareware

Malicious software of no benefit that is sold using scare tactics.

Password cracking

Penetrating system defenses, stealing passwords, and decrypting them to access system programs, files, and data.

Chipping

Planting a chip that records transaction data in a legitimate credit card reader.

Pharming

Redirecting traffic to a spoofed Web site to obtain confidential information.

Cyber-extortion

Requiring a company to pay money to keep an extortionist from harming a computer or a person.

Scavenging/dumpster diving

Searching for confidential information by searching for documents and records in garbage cans, com-munal trash bins, and city dumps

Tabnapping

Secretly changing an already open browser tab using JavaScript.

E-mail threats

Sending a threatening message asking recipients to do something that makes it possible to defraud them.

Address Resolution Protocol (ARP) spoofing

Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determin-ing a network host's hardware address when only its IP or network address is known.

DNS spoofing

Sniffing the ID of a Domain Name System (server that converts a Web site name to an IP address) request and replying before the real DNS server.

Malware

Software that can be used to do harm.

Adware

Software that collects and forwards data to advertising companies or causes banner ads to pop up as the Internet is surfed.

Rootkit

Software that conceals processes, files, network connections, and system data from the operating system and other programs.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

Spyware

Software that monitors computing habits and sends that data to someone else, often without the user's permission.

Logic bombs and time bombs

Software that sits idle until a specified circumstance or time triggers it, destroying programs, data, or both.

Bluesnarfing

Stealing contact lists, images, and other data using Bluetooth.

Salami technique

Stealing tiny slices of money over time.

Bluebugging

Taking control of a phone to make calls, send text messages, listen to calls, or read text messages.

Social engineering

Techniques that trick a person into disclosing confidential information.

Economic espionage

The theft of information, trade secrets, and intellectual property.

Round-down fraud

Truncating interest calculations at two decimal places and placing truncated amounts in the perpetra-tor's account.

Hacking

Unauthorized access, modification, or use of computer systems, usually by means of a PC and a com-munications network.

Trojan horse

Unauthorized code in an authorized and properly functioning program.

Data leakage

Unauthorized copying of company data.

Software piracy

Unauthorized copying or distribution of copyrighted software.

Podslurping

Using a small device with storage capacity (iPod, Flash drive) to download unauthorized data from a computer.

Internet auction fraud

Using an Internet auction site to commit fraud.

Cyber-bullying

Using computer technology to harm another person.

SMS spoofing

Using short message service (SMS) to change the name or number a text message appears to come from.

Dictionary attack

Using software to guess company addresses, send employees blank e-mails, and add unreturned mes-sages to spammer e-mail lists.

Superzapping

Using special software to bypass system controls and perform illegal acts.

Key logger

Using spyware to record a user's keystrokes.

Internet terrorism

Using the Internet to disrupt communications and ecommerce.

Internet pump-and-dump fraud

Using the Internet to pump up the price of a stock and then sell it.

Internet misinformation

Using the Internet to spread false or misleading information.

Carding

Verifying credit card validity; buying and selling stolen credit cards.

Vishing

Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to divulge confidential data.

Shoulder surfing

Watching or listening to people enter or disclose confidential data.

Typosquatting/URL hijacking

Web sites with names similar to real Web sites; users making typographical errors are sent to a site filled with malware.

Worm

Similar to a virus; a program rather than a code segment hidden in a host program. Actively transmits itself to other systems. It usually does not live long but is quite destructive while alive.


Related study sets

Перевірка знання Закону України "Про освіту"

View Set

NUR 2420 Maternal Nursing Chapter 15: Postpartum Adaptations

View Set

EAQ: Fundamentals Nutrition Questions

View Set

Course Point Edith Jacobson (Health Assessment Case 9) Pre-Quiz

View Set

Chapter 27: The Rise of Animal diversity

View Set

Exam 1: Cardiac Practice Questions

View Set

Chapter 4 - Property description and appraisal math

View Set

Fundamentals- Quiz #8 (Exam 3 Material)

View Set