4.1.3 Computer Misuse Act

Question 1

Fill The Blank:

The original focus of the CMA was to …………………. the act of accessing or ……………….. data stored on a computer system without appropriate consent or ……………….

Answer 1

Criminalise, Modifying, Permission

Question 2

FIll The Blank:

Over time where the use of computers and ways to access ……../systems has increased there has been many ………………… to the CMA

Answer 2

Data, Amendments

Question 3

State:

Why it is good that the CMA does not provide a definition of ‘computers’

Answer 3

Because a definition could quickly become outdated because of constant evolution

Question 4

State:

3 original sections of the CMA

Answer 4

• Unauthorised access to computer material
• Unaurhtorised access to computer materials with intent to commit a further crime
• Unauthorised modification of data

Question 5

State:

What 2 sections were added to the CMA later in 2006 and 2015

Answer 5

• Making supplying and obtaining any articles for use in a malicious act using a computer
• Unauthorised acts causing or creating risk of serious damage

Question 6

Define:

Hacking

Examples of Offences

Answer 6

Finding weaknesses in an established system and exploiting them - a computer hacker finds weaknesses in a computer system

Question 7

State:

3 examples of motivation for hackers

Examples of Offences

Answer 7

• Profit
• Protest
• Challenge

Question 8

Define:

White hat hackers

Examples of Offences

Answer 8

Where hacker is given permission to hack into systems to identify any loopholes or vulnerabilities and tell the system owner. Because this is done with permission, it is legal.

Question 9

Define:

Grey hat hackers

Examples of Offences

Answer 9

Where the hacker hacks into computer systems for fun or to troll but does not have malicious intent towards the computer systems - if they find a weakness, they may offer to fix the vulnerability for a fee

Question 10

Define:

Black hat hackers

Examples of Offences

Answer 10

Where the hacker hacks into a computer system with malicious intent - stealing, exploiting stolen or seen data or selling the data

Question 11

Fill The Blank:

British …………… suffered a hacking attack between ………………… and ……………………. in 20…. which led to a data breach with …… million customers affected - limited to the people who booked flights between these dates. This worked by redirected users to a ……….. site to enter the card details which were stolen by the attacker

Examples of Offences

Answer 11

Airways, August, September, [20]18, Fake

Question 12

State:

The three categories which threats can be divided into

Threats

Answer 12

• DDoS
• Malware (including viruses)
• Social engineering

Question 13

Explain:

DDoS attack

Threats

Answer 13

Attempt to make a computer or network system unavailable to users by flooding it with network traffic. A DDoS is usually focused on preventing internet website or service from either functioning efficiently, or at all. This may temporarily or indefinitely.

Question 14

Explain:

Why adware is used and how it works

Threats - Malware

Answer 14

• Generates revenue for its author
• Any software package which automatically shows adverts, such as a pop-up, or may also be in the UI of a software package

Question 15

Explain:

Why bot/botnets are used and how they work

Threats - Malware

Answer 15

• Bots take control of a computer system
• Type of malware that allows a cyber-security attacker to take control of a computer system that has been infected without the user’s knowledge and can result in a botnet which is an interconnected network of infected computer systems

Question 16

Explain:

Why bugs are used and how they work

Threats - Malware

Answer 16

• Bugs areconnected to software and are the flaws that produce an unwanted outcome
• Usually result of human error during coding and can be fixed by the software creator issuing fixes or patches; security patches are the most severe and can result in attackers bypassing security

Question 17

Explain:

Why ransomware is used and how it works

Threats - Malware

Answer 17

• Holds a system captive and demands a ransom to release it
• Restrict user access to the system by encrypting files or locking down the computer system; message usaully displayed to force user to give ransom
• Can be spread by a worm and can be started by downloading an infected file or by a vulnerability in the computer system

Question 18

Explain:

Why rootkits are used and how it works

Threats - Malware

Answer 18

• Designed to remotely access or control a computer system without being detected by the security software or the users
• When a rootkit has been installed, it can enable an attacker to remotely access files, access/steal data and information, modify software configs, control the computer system as part of a botnet

Question 19

Explain:

Why spyware is used and how it works

Threats - Malware

Answer 19

• Collect data from an infected computer (inc. personal info from websites)
• Usually hidden from user, and can be difficult to detect, and could be keyloggers or install additional software or redirect web browsers to different websites

Question 20

Explain:

Why trojan horses are used and how they work

Threats - Malware

Answer 20

• Standalone malicious program designed to give full control of an infected PC to another (attacker) PC
• Often appear to be something which is wanted or needed by a user and can be hidden in valid programs and software; make copies of themselves, steal information or harm host computer

Question 21

Explain:

Why viruses are used and how they work

Threats - Malware

Answer 21

• Virus attempts to make a computer system unreliable
• Computer program that replicates iteself and spreads from computer to computer; increase chances of spreading to other computers by infecting files on a network file system or file system that is accessed by other computers

Question 22

Explain:

Why worms are used and how they work

Threats - Malware

Answer 22

• Standalone computer program that replicates itself so it can spread to other computers
• Worm can use a computer network to spread, unlike a computer virus it does not need to attach iself to an existing program - almost always cause some harm to a network

Question 23

Explain:

Briefly, how to mitigate adware

Threats - Malware

Answer 23

• Install, run and keep updaed a security software package
• Do not open an files from an unkown source
• Do not click any links in an email

Question 24

Explain:

Briefly, how to mitigate bot/botnet

Threats - Malware

Answer 24

• Install run and keep updated a security softwae package
• Do not open any files from an unkown source
• Do not click any links in an email

Question 25

Explain:

Briefly, how to mitigate bugs

Threats - Malware

Answer 25

Check for and install any patches that are released from software vendors

Question 26

Explain:

Briefly, how to mitigate ransomware

Threats - Malware

Answer 26

• Do not open any files from an unkown source
• Do not click any links in an email
• Install, run and update security software

Question 27

Explain:

Briefly, how to mitigate rootkit

Threats - Malware

Answer 27

• Rootkits are difficult to detect as they are not usually detected by security software
• Software updates, keeping security software up to date and not downloading suspicious files are the only ways of trying to avoid a rootkit from being installed

Question 28

Explain:

Briefly, how to mitigate spyware

Threats - Malware

Answer 28

• Do not open any files form an unkown source
• Do not click any links in an email
• Install, run and update security software

Question 29

Explain:

Briefly, how to mitigate trojan horses

Threats - Malware

Answer 29

• Do not open any files from an unkown source
• Do not click any links in an email
• Install, run and update security software

Question 30

Explain:

Briefly, how to mitigate viruses

Threats - Malware

Answer 30

• Do not open any files from an unkown source
• Do not click any links in an email
• Install, run and update security software

Question 31

Explain:

Briefly, how to mitigate worms

Threats - Malware

Answer 31

• Do not open any files from an unkown source
• Do not click any links in an email
• Install, run and update security software

Question 32

Explain:

Why baiting is used and how it works

Threats - Social Engineering

Answer 32

• Triesto trick the victims to give the cyber criminals the information they need
• Very similar to phishing; Criminal will make a promise of an item or goods to get the information they need

Question 33

Explain:

Why phishing is used and how it works

Threats - Social Engineering

Answer 33

• Tries to get users to input their security details (e.g: credit card numbers) or log-in details to a fake website
• Uses a fake website which looks identical to the real one; most common targets for phishing are banks, insurance websites etc.
• Attackers send out emals or text messages which pretend to be from a reputable company (eg: bank) and the link in the email takes you to a fakewebsite

Question 34

Explain:

Why pharming is used and how it works

Threats - Social Engineering

Answer 34

• Tries to redirect users from a genuine website to a fake one - without the knowledge of the user
• Very similar to phishing in that both use fraudulent websites; difference is that a phishing attack will use fake or hoax emails while pharming attacks very rarely use this type of tactic

Question 35

Explain:

Why pretexting is used and how it works

Threats - Social Engineering

Answer 35

• When a cyber criminal lies to get data or information
• Usually involves a scam where the criminal pretends to need the information to confirm the identity of the person they are talking to

Question 36

Explain:

Why quid pro quo is used and how it works

Threats - Social Engineering

Answer 36

• Tries to disable the anti-virus software so that software updates, usually malware, can be installed to gain access to a computer system
• Similar to baiting, but promise is that of a service rather than goods, common method of quid pro quo is a telephone call from a fake IT service provider who offer to fix problems that do not exist

Question 37

Explain:

Why scareware is used and how it works

Threats - Social Engineering

Answer 37

• Malicious computer program
• Designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake anti-virus protection

Question 38

Explain:

Why shoulder surfing is used and how it works

Answer 38

• Aims to steal data and information
• When a person’s private and confidential information is seen - likely by standing close to someone while they enter their pin at a cash machine particularly in busy environments

Question 39

Explain:

Why smishing is used and how it works

Threats - Social Engineering

Answer 39

Form of phishing and is fraudulent practice of sending text messages

Question 40

Explain:

Why tailgating/piggybacking is used and how it works

Threats - Social Engineering

Answer 40

• Used to try and gain access to a secure building or room
• Takes form of someone who does not have authority to enter a building or room, following someone who does through the doors - most common type is acting as a delivery driver

Question 41

Explain:

Why vishing is used and how it works

Threats - Social Engineering

Answer 41

• Making phone calls or leaving voice messages to try and trick the recipient
• Calls and messages pretend to be from reputable companies to try and trick people into revealing personal information, such as bank details and credit card numbers