COMPUTER AND INTERNET FRAUD Flashcards
A general definition of computer fraud is:
Any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organisation whose computer system was manipulated.
Unlike traditional fraud cases, computer fraud can be difficult for the fraud examiner
because they:
• Lack a traditional paper audit trail.
• Require an understanding of the technology used to commit the crime.
• Usually require an understanding of the technology of the victim computer.
• Very often require the use of one or more specialists to assist the fraud examiner, even
when the fraud examiner is computer literate.
In Fighting Computer Crime, Mr. Parker describes how the computer serves as
an object, a subject, a tool, and a symbol.
Computer as an object
Computers and network systems are themselves often objects or targets of crime, subject to physical sabotage, theft, or destruction of information
Computer as a subject
According to Parker, computers are the direct subjects of crime “when they are the environment in which technologists commit crimes.” This category
includes virus attacks.
Computer as a tool
Obviously, computers are used as the means to commit crime, whether embezzlement, theft of proprietary information or hacking
Computer as a symbol
Computers lend fraudsters an air of credibility and are often used to deceive victims into investment and pyramid schemes.
common computer crimes include:
- Data alteration
- Unauthorised access and entry to systems and information
- Reading another’s e-mail without permission
- Data destruction and sabotage
- Internet consumer fraud
- Sale of proprietary data
- Desktop counterfeiting
- Data extortion
- Disclosure of confidential data
- Identity theft
- Electronic letter bombing
- Software piracy
- PBX fraud
- Voice mail fraud
- Cellular telephone fraud
- Stolen long-distance calling cards
Hacking is
basically breaking into computers and telecommunications systems by learning the
vulnerabilities of various hardware and software, and using a computer to systematically “guess” the user’s system identification and password.
Hacker Computer Manipulation Trojan Horse
A Trojan horse is the covert placement of instructions in a program that causes the
computer to perform unauthorised functions but usually still allows the program to perform
its intended purpose. This method is one of the most commonly used techniques in computer-based frauds and sabotage.
Hacker Computer Manipulation Trap Doors
When developing large programs, programmers insert instructions for additional code and
intermediate output capabilities. The design of computer operating systems attempts to
prevent this from happening. Therefore, programmers insert instructions that allow them to
circumvent these controls. Hackers take advantage of these trap doors.
Hacker Computer Manipulation Salami Techniques
Salami techniques involve the execution of unauthorised programs used to steal small
amounts of assets from a large number of sources without noticeably reducing the whole.
For example, in a banking system, the amount of interest to be credited to an account is
typically rounded off. A fraudster might set up the system so that instead of rounding off the
number, that fraction of it is credited to a special account owned by the perpetrator.
Hacker Computer Manipulation Logic Bombs
A logic bomb is a computer program executed at a specific time period or when a specific event occurs. For example, a programmer can write a program to instruct the computer to delete all personnel and payroll files if his name were ever removed from the file.
Hacker Computer Manipulation Data Diddling
Data diddling is the changing of data before or during entry into the computer system.
Examples include forging or counterfeiting documents used for data entry and exchanging
valid disks and tapes with modified replacements.
Hacker Computer Manipulation Scavenging and Dumpster Diving
Scavenging involves obtaining information left around a computer system, in the computer
room trash cans, and so on. Dumpster diving refers to gleaning sensitive information from an organisation’s trash receptacles and dumpsters.
Hacker Computer Manipulation Data Leakage
Data leakage is the removing of information by smuggling it out as part of a printed
document, encoding the information to look like something different, and removing it from
the facility.
Hacker Computer Manipulation Piggybacking/Impersonation
Piggybacking and impersonation are frequently used to gain access to restricted areas.
Examples include following someone in through a door with a badge reader, electronically
using another’s user identification and password to gain computer access, and tapping into
the terminal link of a user to cause the computer to believe that both terminals are the same
person.
Hacker Computer Manipulation Simulation and Modeling
Simulation and modeling is a computer manipulation technique using the computer as a tool or instrument to plan or control a criminal act.
Hacker Computer Manipulation Wire Tapping
Wire tapping into a computer’s communications links is another technique used by hackers.
This method enables perpetrators to read the information being transmitted between
computers, or between computers and terminals
Hacker Computer Manipulation Network Weaving
This technique, more commonly known as looping, involves using numerous networks in an
attempt to avoid detection
Hacker Computer Manipulation Altering the Way a System Generates Passwords
By learning how a certain system’s randomizer works, the hacker can imitate the generation
of valid passwords, or alter how the system operates
Hacker Computer Manipulation Buffer Overflow Exploits
If an attacker sends too much data into one of these buffers, the buffer overflows. The server
then executes the data that “overflowed” as a program. This program may do any number of
things, like sending passwords to Russia, altering system files, or installing backdoors, depending on what data the attacker sent to the buffer.
Hacker Computer Manipulation Privilege Escalation Exploits
Privilege escalation exploits grant administrator or root-level access to users who previously
did not have such access.
Hacker Computer Manipulation Backdoors
Backdoors allow attackers to remotely access a system again in the future