After you have mastered the material in this chapter, you will be able to: Compare and contrast computer attack and abuse tactics, explain how social engineering techniques are used to gain physical or logical access to computer resources, describe the different types of malware used to harm computers. | Computer Fraud and Abuse Techniques Chapter 6 6-1 Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. 6-2 Types of Attacks Hacking Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm 6-3 Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information. 6-4 Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing . | Computer Fraud and Abuse Techniques Chapter 6 6-1 Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. 6-2 Types of Attacks Hacking Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm 6-3 Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information. 6-4 Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing 6-5 Hacking with Computer Code Cross-site scripting (XSS) Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack Malicious code inserted in place of a query to get to the database information 6-6 Other Types of Hacking Man in the middle (MITM) Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage podslurping 6-7 Hacking Used for Embezzlement Salami technique: Taking small amounts at a time Round-down fraud Economic espionage Theft of information, intellectual property and trade secrets Cyber-extortion .
