COMPUTER AND INTERNET FRAUD Flashcards
A general definition of computer fraud is:
Any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organisation whose computer system was manipulated.
Unlike traditional fraud cases, computer fraud can be difficult for the fraud examiner
because they:
• Lack a traditional paper audit trail.
• Require an understanding of the technology used to commit the crime.
• Usually require an understanding of the technology of the victim computer.
• Very often require the use of one or more specialists to assist the fraud examiner, even
when the fraud examiner is computer literate.
In Fighting Computer Crime, Mr. Parker describes how the computer serves as
an object, a subject, a tool, and a symbol.
Computer as an object
Computers and network systems are themselves often objects or targets of crime, subject to physical sabotage, theft, or destruction of information
Computer as a subject
According to Parker, computers are the direct subjects of crime “when they are the environment in which technologists commit crimes.” This category
includes virus attacks.
Computer as a tool
Obviously, computers are used as the means to commit crime, whether embezzlement, theft of proprietary information or hacking
Computer as a symbol
Computers lend fraudsters an air of credibility and are often used to deceive victims into investment and pyramid schemes.
common computer crimes include:
- Data alteration
- Unauthorised access and entry to systems and information
- Reading another’s e-mail without permission
- Data destruction and sabotage
- Internet consumer fraud
- Sale of proprietary data
- Desktop counterfeiting
- Data extortion
- Disclosure of confidential data
- Identity theft
- Electronic letter bombing
- Software piracy
- PBX fraud
- Voice mail fraud
- Cellular telephone fraud
- Stolen long-distance calling cards
Hacking is
basically breaking into computers and telecommunications systems by learning the
vulnerabilities of various hardware and software, and using a computer to systematically “guess” the user’s system identification and password.
Hacker Computer Manipulation Trojan Horse
A Trojan horse is the covert placement of instructions in a program that causes the
computer to perform unauthorised functions but usually still allows the program to perform
its intended purpose. This method is one of the most commonly used techniques in computer-based frauds and sabotage.
Hacker Computer Manipulation Trap Doors
When developing large programs, programmers insert instructions for additional code and
intermediate output capabilities. The design of computer operating systems attempts to
prevent this from happening. Therefore, programmers insert instructions that allow them to
circumvent these controls. Hackers take advantage of these trap doors.
Hacker Computer Manipulation Salami Techniques
Salami techniques involve the execution of unauthorised programs used to steal small
amounts of assets from a large number of sources without noticeably reducing the whole.
For example, in a banking system, the amount of interest to be credited to an account is
typically rounded off. A fraudster might set up the system so that instead of rounding off the
number, that fraction of it is credited to a special account owned by the perpetrator.
Hacker Computer Manipulation Logic Bombs
A logic bomb is a computer program executed at a specific time period or when a specific event occurs. For example, a programmer can write a program to instruct the computer to delete all personnel and payroll files if his name were ever removed from the file.
Hacker Computer Manipulation Data Diddling
Data diddling is the changing of data before or during entry into the computer system.
Examples include forging or counterfeiting documents used for data entry and exchanging
valid disks and tapes with modified replacements.
Hacker Computer Manipulation Scavenging and Dumpster Diving
Scavenging involves obtaining information left around a computer system, in the computer
room trash cans, and so on. Dumpster diving refers to gleaning sensitive information from an organisation’s trash receptacles and dumpsters.
Hacker Computer Manipulation Data Leakage
Data leakage is the removing of information by smuggling it out as part of a printed
document, encoding the information to look like something different, and removing it from
the facility.
Hacker Computer Manipulation Piggybacking/Impersonation
Piggybacking and impersonation are frequently used to gain access to restricted areas.
Examples include following someone in through a door with a badge reader, electronically
using another’s user identification and password to gain computer access, and tapping into
the terminal link of a user to cause the computer to believe that both terminals are the same
person.
Hacker Computer Manipulation Simulation and Modeling
Simulation and modeling is a computer manipulation technique using the computer as a tool or instrument to plan or control a criminal act.
Hacker Computer Manipulation Wire Tapping
Wire tapping into a computer’s communications links is another technique used by hackers.
This method enables perpetrators to read the information being transmitted between
computers, or between computers and terminals
Hacker Computer Manipulation Network Weaving
This technique, more commonly known as looping, involves using numerous networks in an
attempt to avoid detection
Hacker Computer Manipulation Altering the Way a System Generates Passwords
By learning how a certain system’s randomizer works, the hacker can imitate the generation
of valid passwords, or alter how the system operates
Hacker Computer Manipulation Buffer Overflow Exploits
If an attacker sends too much data into one of these buffers, the buffer overflows. The server
then executes the data that “overflowed” as a program. This program may do any number of
things, like sending passwords to Russia, altering system files, or installing backdoors, depending on what data the attacker sent to the buffer.
Hacker Computer Manipulation Privilege Escalation Exploits
Privilege escalation exploits grant administrator or root-level access to users who previously
did not have such access.
Hacker Computer Manipulation Backdoors
Backdoors allow attackers to remotely access a system again in the future
Hacker Computer Manipulation HTTP Exploits
HTTP traffic, used for web browsing, is almost always allowed to pass through firewalls
unhindered. Thus, attackers have a direct line to the web server.
Anti-Hacker Measures Welcome screens
To discourage unauthorised use, such a screen might be replaced with one that informs the
user that he is about to access a proprietary network. Additionally, the screen should warn
that unauthorised access is prohibited and will be prosecuted under the law. The screen
should not identify either the organisation or the network.
Anti-Hacker Measures Security policies
should be established and disseminated throughout the organisation. These policies should include training for all employees, customers (who will appreciate the additional security), and others who have a need to access the network
Anti-Hacker Measures Call-back modems
should be used wherever practical. These modems will answer an incoming call and require the sender to enter a password. Once the caller has identified
himself, the modem will terminate the connection, and dial a previously established phone number. When the prearranged number is called, the sender must again perform the sign-on procedure.
Anti-Hacker Measures Security software packages
should be secured to the highest level possible. Most major software companies today have to release updates and patches to their software every so often. Check your software vendor’s websites on a regular basis for new security patches
or use the new automated patching features that some companies offer.
Anti-Hacker Measures Passwords
should be used in accordance with sound security practices. For example:
− Passwords should be changed periodically (every 90 days is suggested).
− Passwords should be of sufficient length to deter guessing (a minimum of 8 characters is suggested).
− Passwords of transferred or terminated employees should be changed immediately
Anti-Hacker Measures purchased software
All packages should be audited to ensure that these default passwords (which are widely known) have been changed.
Anti-Hacker Measures Encryption
should be considered for sensitive data files, password files, and sensitive computer programs.
Anti-Hacker Measures Communications software
should terminate any connection (whether dial-in or direct connect) after:
− A reasonable number of unsuccessful attempts to enter a valid password (usually no more than three).
− A terminal (direct connect or dial-in) has been connected for a period of time with no activity. This is called “timing-out.”
Anti-Hacker Measures Hacker publications and communications
should be reviewed to learn the current jargon
and hacker “handles,” which are the names that hackers use for their online personas.
Hackers have used the Internet quite efficiently to communicate with each other, while
producing a significant amount of hacking documentation and programs. Almost any
hacker website will contain a large number of text files that explain “how to hack,” or how various systems operate. Many of these files will also explain the standard vulnerabilities of the systems, and the best methods to penetrate their security.
An adequate hacker detection program contains three primary components:
• Almost all communication systems maintain a log file that records all successful and
unsuccessful system access attempts. These also allow for the printing of reports containing sign-on and -off activity. These reports should be printed out regularly and reviewed by the data security officer. Where possible, special reports should be printed
on the number of unsuccessful access attempts. These attempts at logging in to the system should be followed up by data security to determine their cause.
• The data security function should have sufficient resources and staff to administer passwords, maintain the security software, review system activity reports, and follow up on all potential security violations.
• Finally, periodic reviews of telecommunications security should be performed by consultants and/or internal or external auditors, if the latter have the necessary experience and qualifications.
Electronic Mail Consider:
• Company employees now possess the ability to quickly disclose sensitive company
materials to outside parties, increasing the opportunity for corporate espionage.
• Companies that employ a company-wide e-mail system can now be held responsible for
any unethical or illegal activities conducted by employees on the e-mail system.
• Companies must now be concerned with the repercussions of the actions of any
disgruntled or rash employees. The speed with which an e-mail can be “fired off” creates
the opportunity for ill-advised communications.
• Once an e-mail message has left a company’s system, it may travel through any number
of “foreign” e-mail systems before reaching its destination. An e-mail transmission can
quite easily be intercepted or compromised without the use of encryption software.
• Without a security-enhanced e-mail system, the receiver of an e-mail message has little
assurance that the e-mail is authentic. E-mail addresses can be easily “spoofed” or cloned
by a knowledgeable user.
E-mail Ownership
In general, if the employee wrote the message as part of his duties for his employer (i.e., “in the scope of your employment”) the employer owns the copyright. If the e-mail was not part of the employee’s duties (something personal or related to another activity, whether permitted by the employer or not), then the user has copyright, but the employer, as owner of the system on which it
was created or passed through, may have some rights to the copy on the system.
As with any potential liability issue, employers must set guidelines for the proper internal and
external use of e-mail, just as they would for the proper use of the company telephone,
stationery and postage, vehicles, and so on. For instance, the organisation should have a
policy reminding employees in writing that e-mail must not be used to send inappropriate
and unprofessional messages, including:
• Harassing other users of the system
• Consuming unreasonable amounts of available resources
• Intentionally sending other users viruses
• Evading software licensing or copying mechanisms
• Crashing/disrupting system services
• Impersonating another user anywhere on the Internet
• Bypassing system security mechanisms
• Translating encrypted material without authorisation
• Eavesdropping on other e-mail interactions
• Using the system for any personal gain either monetarily or politically unless permitted
by the organisation
When the infected program is run, the virus executes an event which may be:
- Benign, by displaying a message on a certain date;
- Annoying, by slowing performance or altering the screen display; or
- Catastrophic, by erasing or destroying data or files, or crashing systems.
Hoaxes
Most of these fraudulent warnings urge recipients to “forward this to everyone you know.”
Before forwarding a questionable warning, it is wise to consult a few of the authorities who
track viruses.
Macro Virus
Macro viruses are macros that self-replicate. If a user accesses a document containing a viral macro and unwittingly executes this macro virus, it can then copy itself into that application’s startup files.
Boot Sector Viruses
These viruses use system BIOS, replace the
boot sector, and move the boot sector to another location. It then writes a copy of its own
program code that will run every time the system is booted or when programs are being run.
A boot sector cannot infect a computer if it is introduced after the machine is running the
operating system.
Parasitic Viruses
Parasitic viruses attach themselves to programs known as executables. When a user launches
a program that has a parasitic virus, the virus is surreptitiously launched first. To cloak its
presence from the user, the virus then triggers the original program to open. The parasitic virus, because the operating system understands it to be part of the program, is given the same rights as the program to which the virus is attached. These rights allow the virus to replicate, install itself into memory, or release its payload.