Chapter 9 - Computer Fraud and Abuse Techniques

Question 1

What is adware?

Answer 1

Spyware that causes banner ads to pop up on a monitor, collects information about the user’s web-surfing and spending habits, and forwards it to the the adware creator, often an advertising or media organization. Adware usually comes bundled with freeware and shareware downloaded from the internet.

Question 2

What is bluesnarfing?

Answer 2

Stealing contact lists, images, and other data using flaws in Bluetooth applications.

Question 3

What is a botnet?

Answer 3

A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware.

Question 4

What is a bot herder?

Answer 4

The person who creates botnets by installing software on PCs that responds the the bot herder’s electronic instructions. This control over the PCs allows the bot herder to mount a variety of Internet attacks.

Question 5

What is a buffer overflow attack?

Answer 5

When the amount of data entered into a program is greater than the amount of the input buffer. The input overflow overwrites the next computer instruction, causing the system to crash. Hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. This code could open a back door into the system.

Question 6

What is chipping?

Answer 6

Planting a small chip that records transaction data in a legitimate credit card reader. The chip is later removed or electronically accessed to retrieve the data recorded on it.

Question 7

What is click fraud?

Answer 7

Manipulating the number of times an ad is clicked on to inflate advertising bills.

Question 8

What is cross-site scripting?

Answer 8

(XSS) A vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from the desired website.

Question 9

What is cyber-extortion?

Answer 9

Threatening to harm a company or person if a specified amount of money is not paid.

Question 10

What is a denial of service attack?

Answer 10

A computer attack in which the attacker sends so many email bombs or web page requests, often from randomly generated false addresses, that the Internet service provider’s email server or the web server is overloaded and shuts down.

Question 11

What is email spoofing?

Answer 11

making a sender address and other parts of an email header appear as though the email originated from a different source.

Question 12

What is an evil twin?

Answer 12

A wireless network with the same name as a legitimate wireless point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts and disables the legitimate access point. Users are unaware that they connect to the evil twin and the perpetrator monitors traffic looking for confidential information.

Question 13

What is internet pump-and-dump fraud?

Answer 13

Using the internet to pump of the price of a stock and then sell it.

Question 14

What is identity theft?

Answer 14

Assuming someone’s identity, usually for economic gain, by illegally obtaining confidential information such as a Social Security number or a bank account or credit card number.

Question 15

What is IP address spoofing?

Question 16

What is a keylogger?

Answer 16

Software the records computer activity, such as a user’s keystrokes, emails sent and received, and websites visited.

Question 17

What is lebanese looping?

Answer 17

Inserting a sleeve into an ATM that prevents it from ejecting the card. The perpetrator pretends to help the victim, tricking the person into entering the PIN again. Once the victim gives up, the thief removes the card and uses it and the PIN to withdraw money.

Question 18

What is malware?

Answer 18

Any software used to do harm.

Question 19

What are packet sniffers?

Answer 19

Programs that capture data from information packets as they travel over the Internet of company networks. Captured data is sifted to find confidential or proprietary information.

Question 20

What is password cracking?

Answer 20

Recovering passwords by trying every possible combination of upper and lower case letters, numbers, and special characters and comparing them to a cryptographic hash of the password.

Question 21

What is pharming?

Answer 21

Redirecting a user’s traffic to a spoofed website.

Question 22

What is phreaking?

Answer 22

Attacking phone systems to obtain free phone line access; use phone lines to transmit malware; and to access, steal and destroy data.

Question 23

What is phishing?

Answer 23

Sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and warning of a consequence if it is not provided.

Question 24

What is piggybacking?

Answer 24

1. The clandestine use of a neighbor’s wifi.
2. Tapping into a communications line and electronically latching onto a legitimate user who carries the perpetrator into the system.
3. An unauthorized person following an authorized person through a secure door.

Question 25

What is podslurping?

Answer 25

Using a small device with storage capacity to download unauthorized data from a computer.

Question 26

What is posing?

Answer 26

Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the product.

Question 27

What is ransomware?

Answer 27

Software that encrypts programs and data until a ransom is paid to remove it.

Question 28

What is a rootkit?

Answer 28

A means of concealing system components and malware from the operating system and other programs; can also modify the operating system.

Question 29

What is round-down fraud?

Answer 29

Instructing the computer to round down all interest calculations to two decimal places. The fraction of a cent rounded down on each calculation is put into the programmer’s account. Most frequently found in financial institutions that pay interest.

Question 30

What is the salami technique?

Answer 30

Stealing tiny slicer of money from many different accounts.

Question 31

What is skimming?

Answer 31

Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that record credit card data for later use.

Question 32

What is SMS spoofing?

Answer 32

Using short message service (SMS) to change the name of number a text message appears to come from.

Question 33

What is social engineering?

Answer 33

The techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network.

Question 34

What is software piracy?

Answer 34

The unauthorized copying or distribution of copyrighted software.

Question 35

What is steganography?

Answer 35

A program that can merge confidential information with a seemingly harmless file, password protect the file, and send it anywhere in the world, where the file is unlocked and the confidential information is reassembled.

Question 36

What is an SQL injection attack?

Answer 36

Inserting a malicious SQL query in input in such that it is passed to and executed by an application program. This allows a hacker to convince the application to run SQL code that it was not intended to execute.

Question 37

What is a time/logic bomb?

Answer 37

A program that lies idle until some specified circumstance or a particular time triggers it. Once triggered, the program sabotages the system by destroying programs or data.

Question 38

What is a trap door?

Answer 38

A set of computer instructions that allows a user to bypass the system’s normal controls.

Question 39

What is a trojan horse?

Answer 39

A set of unauthorized computer instructions in an authorized and otherwise properly functioning program.

Question 40

What is typosquatting?

Answer 40

Setting up a similarly named website so that users making typographical errors when entering a website name are sent to an invalid site.

Question 41

What is a virus?

Answer 41

A segment of executable code that attaches itself to a file, program, or some other executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates.

Question 42

What is war driving?

Answer 42

Driving around looking for unprotected home or corporate wireless networks.

Question 43

What is a worm?

Answer 43

A self-replicating computer program, similar to a vires, except that it is a program rather than a code segment, and it automatically copies itself to other systems.

Question 44

What is a zero-day attack?

Answer 44

An attack between the time a new software vulnerability is discovered and “released into the wild” and the time a software developer releases a patch to fix the problem.