After you have mastered the material in this chapter, you will be able to: Compare and contrast computer attack and abuse tactics, explain how social engineering techniques are used to gain physical or logical access to computer resources, describe the different types of malware used to harm computers. | Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education 6-1 Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. Copyright © 2012 Pearson Education 6-2 Computer Attacks and Abuse Hacking Unauthorized access, modification, or use of a computer system or other electronic device Social Engineering Techniques, usually psychological tricks, to gain access to sensitive data or information Used to gain access to secure systems or locations Malware Any software which can be used to do harm Copyright © 2012 Pearson Education 6-3 Types of Computer Attacks Botnet—Robot Network Network of hijacked computers Hijacked computers carry out processes without users knowledge Zombie—hijacked computer Denial-of-Service (DoS) Attack Constant stream of requests made to a Web-server . | Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education 6-1 Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. Copyright © 2012 Pearson Education 6-2 Computer Attacks and Abuse Hacking Unauthorized access, modification, or use of a computer system or other electronic device Social Engineering Techniques, usually psychological tricks, to gain access to sensitive data or information Used to gain access to secure systems or locations Malware Any software which can be used to do harm Copyright © 2012 Pearson Education 6-3 Types of Computer Attacks Botnet—Robot Network Network of hijacked computers Hijacked computers carry out processes without users knowledge Zombie—hijacked computer Denial-of-Service (DoS) Attack Constant stream of requests made to a Web-server (usually via a Botnet) that overwhelms and shuts down service Spoofing Making an electronic communication look as if it comes from a trusted official source to lure the recipient into providing information Copyright © 2012 Pearson Education 6-4 Types of Spoofing E-mail E-mail sender appears as if it comes from a different source Caller-ID Incorrect number is displayed IP address Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system Address Resolution Protocol (ARP) Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN SMS Incorrect number or name appears, similar to caller-ID but for text messaging Web page Phishing (see below) DNS Intercepting a request for a Web service and sending the request to a false service Copyright © 2012 Pearson Education 6-5 Hacking Attacks Cross-Site Scripting (XSS) Unwanted code is sent via dynamic Web pages disguised as user input. Buffer Overflow Data is sent that .