4.1.3 Computer Misuse Act Flashcards
Fill The Blank:
The original focus of the CMA was to …………………. the act of accessing or ……………….. data stored on a computer system without appropriate consent or ……………….
Criminalise, Modifying, Permission
FIll The Blank:
Over time where the use of computers and ways to access ……../systems has increased there has been many ………………… to the CMA
Data, Amendments
State:
Why it is good that the CMA does not provide a definition of ‘computers’
Because a definition could quickly become outdated because of constant evolution
State:
3 original sections of the CMA
- Unauthorised access to computer material
- Unaurhtorised access to computer materials with intent to commit a further crime
- Unauthorised modification of data
State:
What 2 sections were added to the CMA later in 2006 and 2015
- Making supplying and obtaining any articles for use in a malicious act using a computer
- Unauthorised acts causing or creating risk of serious damage
Define:
Hacking
Examples of Offences
Finding weaknesses in an established system and exploiting them - a computer hacker finds weaknesses in a computer system
State:
3 examples of motivation for hackers
Examples of Offences
- Profit
- Protest
- Challenge
Define:
White hat hackers
Examples of Offences
Where hacker is given permission to hack into systems to identify any loopholes or vulnerabilities and tell the system owner. Because this is done with permission, it is legal.
Define:
Grey hat hackers
Examples of Offences
Where the hacker hacks into computer systems for fun or to troll but does not have malicious intent towards the computer systems - if they find a weakness, they may offer to fix the vulnerability for a fee
Define:
Black hat hackers
Examples of Offences
Where the hacker hacks into a computer system with malicious intent - stealing, exploiting stolen or seen data or selling the data
Fill The Blank:
British …………… suffered a hacking attack between ………………… and ……………………. in 20…. which led to a data breach with …… million customers affected - limited to the people who booked flights between these dates. This worked by redirected users to a ……….. site to enter the card details which were stolen by the attacker
Examples of Offences
Airways, August, September, [20]18, Fake
State:
The three categories which threats can be divided into
Threats
- DDoS
- Malware (including viruses)
- Social engineering
Explain:
DDoS attack
Threats
Attempt to make a computer or network system unavailable to users by flooding it with network traffic. A DDoS is usually focused on preventing internet website or service from either functioning efficiently, or at all. This may temporarily or indefinitely.
Explain:
Why adware is used and how it works
Threats - Malware
- Generates revenue for its author
- Any software package which automatically shows adverts, such as a pop-up, or may also be in the UI of a software package
Explain:
Why bot/botnets are used and how they work
Threats - Malware
- Bots take control of a computer system
- Type of malware that allows a cyber-security attacker to take control of a computer system that has been infected without the user’s knowledge and can result in a botnet which is an interconnected network of infected computer systems
Explain:
Why bugs are used and how they work
Threats - Malware
- Bugs areconnected to software and are the flaws that produce an unwanted outcome
- Usually result of human error during coding and can be fixed by the software creator issuing fixes or patches; security patches are the most severe and can result in attackers bypassing security
Explain:
Why ransomware is used and how it works
Threats - Malware
- Holds a system captive and demands a ransom to release it
- Restrict user access to the system by encrypting files or locking down the computer system; message usaully displayed to force user to give ransom
- Can be spread by a worm and can be started by downloading an infected file or by a vulnerability in the computer system
Explain:
Why rootkits are used and how it works
Threats - Malware
- Designed to remotely access or control a computer system without being detected by the security software or the users
- When a rootkit has been installed, it can enable an attacker to remotely access files, access/steal data and information, modify software configs, control the computer system as part of a botnet
Explain:
Why spyware is used and how it works
Threats - Malware
- Collect data from an infected computer (inc. personal info from websites)
- Usually hidden from user, and can be difficult to detect, and could be keyloggers or install additional software or redirect web browsers to different websites
Explain:
Why trojan horses are used and how they work
Threats - Malware
- Standalone malicious program designed to give full control of an infected PC to another (attacker) PC
- Often appear to be something which is wanted or needed by a user and can be hidden in valid programs and software; make copies of themselves, steal information or harm host computer
Explain:
Why viruses are used and how they work
Threats - Malware
- Virus attempts to make a computer system unreliable
- Computer program that replicates iteself and spreads from computer to computer; increase chances of spreading to other computers by infecting files on a network file system or file system that is accessed by other computers
Explain:
Why worms are used and how they work
Threats - Malware
- Standalone computer program that replicates itself so it can spread to other computers
- Worm can use a computer network to spread, unlike a computer virus it does not need to attach iself to an existing program - almost always cause some harm to a network
Explain:
Briefly, how to mitigate adware
Threats - Malware
- Install, run and keep updaed a security software package
- Do not open an files from an unkown source
- Do not click any links in an email
Explain:
Briefly, how to mitigate bot/botnet
Threats - Malware
- Install run and keep updated a security softwae package
- Do not open any files from an unkown source
- Do not click any links in an email
Explain:
Briefly, how to mitigate bugs
Threats - Malware
Check for and install any patches that are released from software vendors
Explain:
Briefly, how to mitigate ransomware
Threats - Malware
- Do not open any files from an unkown source
- Do not click any links in an email
- Install, run and update security software
Explain:
Briefly, how to mitigate rootkit
Threats - Malware
- Rootkits are difficult to detect as they are not usually detected by security software
- Software updates, keeping security software up to date and not downloading suspicious files are the only ways of trying to avoid a rootkit from being installed
Explain:
Briefly, how to mitigate spyware
Threats - Malware
- Do not open any files form an unkown source
- Do not click any links in an email
- Install, run and update security software
Explain:
Briefly, how to mitigate trojan horses
Threats - Malware
- Do not open any files from an unkown source
- Do not click any links in an email
- Install, run and update security software
Explain:
Briefly, how to mitigate viruses
Threats - Malware
- Do not open any files from an unkown source
- Do not click any links in an email
- Install, run and update security software
Explain:
Briefly, how to mitigate worms
Threats - Malware
- Do not open any files from an unkown source
- Do not click any links in an email
- Install, run and update security software
Explain:
Why baiting is used and how it works
Threats - Social Engineering
- Triesto trick the victims to give the cyber criminals the information they need
- Very similar to phishing; Criminal will make a promise of an item or goods to get the information they need
Explain:
Why phishing is used and how it works
Threats - Social Engineering
- Tries to get users to input their security details (e.g: credit card numbers) or log-in details to a fake website
- Uses a fake website which looks identical to the real one; most common targets for phishing are banks, insurance websites etc.
- Attackers send out emals or text messages which pretend to be from a reputable company (eg: bank) and the link in the email takes you to a fakewebsite
Explain:
Why pharming is used and how it works
Threats - Social Engineering
- Tries to redirect users from a genuine website to a fake one - without the knowledge of the user
- Very similar to phishing in that both use fraudulent websites; difference is that a phishing attack will use fake or hoax emails while pharming attacks very rarely use this type of tactic
Explain:
Why pretexting is used and how it works
Threats - Social Engineering
- When a cyber criminal lies to get data or information
- Usually involves a scam where the criminal pretends to need the information to confirm the identity of the person they are talking to
Explain:
Why quid pro quo is used and how it works
Threats - Social Engineering
- Tries to disable the anti-virus software so that software updates, usually malware, can be installed to gain access to a computer system
- Similar to baiting, but promise is that of a service rather than goods, common method of quid pro quo is a telephone call from a fake IT service provider who offer to fix problems that do not exist
Explain:
Why scareware is used and how it works
Threats - Social Engineering
- Malicious computer program
- Designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake anti-virus protection
Explain:
Why shoulder surfing is used and how it works
- Aims to steal data and information
- When a person’s private and confidential information is seen - likely by standing close to someone while they enter their pin at a cash machine particularly in busy environments
Explain:
Why smishing is used and how it works
Threats - Social Engineering
Form of phishing and is fraudulent practice of sending text messages
Explain:
Why tailgating/piggybacking is used and how it works
Threats - Social Engineering
- Used to try and gain access to a secure building or room
- Takes form of someone who does not have authority to enter a building or room, following someone who does through the doors - most common type is acting as a delivery driver
Explain:
Why vishing is used and how it works
Threats - Social Engineering
- Making phone calls or leaving voice messages to try and trick the recipient
- Calls and messages pretend to be from reputable companies to try and trick people into revealing personal information, such as bank details and credit card numbers