Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
34 Cards in this Set
- Front
- Back
|
Adware
|
Ad functions/"spyware" that is embedded within a downloaded software; its purpose is to note what Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there.
|
|
|
Data diddling
|
*Changing data before, during, or after it is entered into the system.
*Can involve adding, deleting, or altering key system data. |
|
|
Data leakage
|
Unauthorized copying of company data
|
|
|
Denial of service attacks
|
An attacker overloads and shuts down an Internet Service Provider’s email system by sending email bombs at a rate of thousands per second—often from randomly generated email addresses.
May also involve shutting down a web server by sending a load of requests for the web pages. |
|
|
Eavesdropping
|
Perpetrators surreptitiously observe private communications or transmission of data.
Equipment to commit these “electronic wiretaps” is readily available at electronics stores. |
|
|
Email Threats
|
A threatening message is sent to a victim to induce the victim to do something that would make it possible to be defrauded.
|
|
|
Email Forgery (aka spoofing)
|
Involves sending an email message that appears to have come from someone other than the actual sender.
Ex) Claim to be system administrators and ask users to change their passwords to specific values. ex) Pretend to be management and request a copy of some sensitive information. |
|
|
Hacking
|
Unauthorized access to and use of computer systems—usually by means of a personal computer and a telecommunications network.
Most hackers break into systems using known flaws in operating systems, applications programs, or access controls. Some are not very malevolent and mainly motivated by curiosity and a desire to overcome a challenge. Others have malicious intent and can do significant damage. |
|
|
Phreaking
|
Hacking that attacks phone systems and uses phone lines to transmit viruses and to access, steal, and destroy data.
They also steal telephone services and may break into voice mail systems. Some hackers gain access to systems through dial-up modem lines. |
|
|
Hijacking
|
Involves gaining control of someone else’s computer to carry out illicit activities without the user’s knowledge.
The illicit activity is often the perpetuation of spam emails. |
|
|
Identity Theft
|
Assuming someone’s identity, typically for economic gain, by illegally obtaining and using confidential information such as the person’s social security number, bank account number, or credit card number.
Identity thieves benefit financially by: Ex) Taking funds out of the victim’s bank account. Ex) Taking out mortgages or other loans under the victim’s identity. Ex) Taking out credit cards and running up large balances. |
|
|
Identity thieves can steal corporate or individual identities by:
|
Using Internet, email, and other technology in spoofing, phishing, eavesdropping, impersonating, social engineering, and data leakage schemes.
Redirecting mail Scavenging or dumpster diving Shoulder Surfing |
|
|
Scavenging or "dumpster diving"
|
Searching corporate or personal records by rifling garbage cans, communal trash bins, and city dumps for documents with confidential company information.
May also look for personal information such as checks, credit card statements, bank statements, tax returns, discarded applications for pre-approved credit cards, or other records that contain social security numbers, names, addresses, phone numbers, and other data that allow them to assume an identity. |
|
|
Shoulder Surfing
|
Watching people enter telephone calling card numbers or credit card numbers or listening to communications as they provide this information to sales clerks or others.
|
|
|
Social engineering
|
Perpetrators trick employees into giving them information they need to get into the system.
A perpetrator might call an employee and indicate he is the systems administrator and needs to get the employee’s password. |
|
|
Internet Terrorism
|
Hackers use the Internet to disrupt electronic commerce and destroy company and individual communications.
Examples: Worms, Viruses |
|
|
Internet Misinformation
|
Using the Internet to spread false or misleading information about
people or companies. May involve: 1) Planting inflammatory messages in online chat rooms. 2) Websites with misinformation. 3) Pretending to be someone else online and making inflammatory comments that will be attributed to that person. 4) A “pump-and-dump” occurs when an individual spreads misinformation, often through Internet chat rooms, to cause a run-up in the value a stock and then sells off his shares of the stock. A number of pump-and-dump cases have been prosecuted by the SEC. |
|
|
Logic Time Bomb
|
A program that lies idle until triggered by some circumstance or a particular time.
Once triggered, it sabotages the system, destroying programs, data, or both. Usually written by disgruntled programmers. EXAMPLE: A programmer places a logic bomb in a payroll application that will destroy all the payroll records if the programmer is terminated. |
|
|
Masquerading or Impersonation
|
The perpetrator gains access to the system by pretending to be an authorized user.
The perpetrator must know the legitimate user’s ID and password. Once in the system, he enjoys the same privileges as the legitimate user. |
|
|
Packet Sniffers
|
Programs that capture data from information packets as they travel over the Internet or company networks.
Confidential information and access information can be gleaned from the captured data—some of which is later sold. |
|
|
Password Cracking
|
An intruder penetrates a system’s defenses, steals the file of valid passwords, decrypts them, and then uses them to gain access to almost any system resources.
|
|
|
Phishing
|
Sending out a spoofed email that appears to come from a legitimate company, such as a financial institution. EBay, PayPal, and banks are commonly spoofed.
The link connects the individual to a website that is an imitation of the spoofed company’s actual website. These counterfeit websites appear very authentic, as do the emails. |
|
|
Piggybacking
|
Tapping into a telecommunications line and latching onto a legitimate user before that user logs into a system.
The legitimate user unknowingly carries the perpetrator into the system. |
|
|
Round-down technique
|
Made famous in the movie, Office Space.
The programmer instructs the computer to round interest calculations down to two decimal places and deposits the remaining fraction into the account of a programmer or an accomplice. |
|
|
Software Piracy
|
Copying software without the publisher’s permission.
|
|
|
Spamming
|
Emailing an unsolicited message to multitudes of people, often in an attempt to sell a product.
Many times the product offers are fraudulent. |
|
|
Spyware
|
Software that monitors computing habits, such as web-surfing habits, and sends the data it gathers to someone else, typically without the user’s permission.
One type, called adware (for advertising-supported software) does two things: Causes banner ads to pop up on your monitor as you surf the net. Collects information about your Web-surfing and spending habits and forwards it to a company gathering the data—often an advertising or large media organization. |
|
|
Keystroke loggers
|
A keystroke logger records a user’s keystrokes and emails them to or saves them for the party that planted the logger.
Spyware and keystroke loggers are very problematic for companies with employees who telecommute or contact the company’s computer from remote locations. Spyware on those computers makes the company’s systems vulnerable. Individuals are also exposed when they use wireless networks, such as those that may be available in coffee shops. Fraudsters to capture passwords, credit card numbers, etc. A keystroke logger can be a hardware device attached to a computer or can be downloaded on an individual’s computer in the same way that any Trojan horse might be downloaded. |
|
|
Superzapping
|
Unauthorized use of special system programs to bypass regular system controls and perform illegal acts.
The name is derived from an IBM software utility called Superzap that was used to restored crashed systems. |
|
|
Trap Doors
|
(Also called back doors.)
Programmers create trap doors to modify programs. The trap door is a way into the system that bypasses normal controls. The trap door should be removed before the program is implemented. If it is not, the programmer or others may later gain unauthorized access to the system. |
|
|
Trojan Horse
|
A set of unauthorized computer instructions planted in an authorized and otherwise properly functioning program.
Allows the creator to control the victim’s computer remotely. Programs that launch denial of service attacks are often Trojan horses. |
|
|
War Dialing
-driving -biking -walking/jogging -kitting |
Hackers search for an idle modem by programming their computers to dial thousands of phone lines.
Hackers enter through the idle modem and gain access to the connected network. -call all #s via a computer -call via wireless network/wi-fi -call via wi-fi + PDAs or cells -replaced w/ software to seize all control of the victim's computer. |
|
|
virus
|
Many viruses have two phases:
First, when some predefined event occurs, the virus replicates itself and spreads to other systems or files. Another event triggers the attack phase in which the virus carries out its mission. A virus may lay dormant or propagate itself without causing damage for an extended period. Damage may take many forms: Send email with the victim’s name as the alleged source. Destroy or alter data or programs. Take control of the computer. Destroy or alter file allocation tables. Delete or rename files or directories. Reformat the hard drive. Change file content. Prevent users from booting. Intercept and change transmissions. Print disruptive images or messages on the screen. Change screen appearance. As viruses spread, they take up much space, clog communications, and hinder system performance. |
|
|
worms
|
A worm is similar to a virus except for:
A worm is a stand-alone program, while a virus is only a segment of code hidden in a host program or executable file. A worm will replicate itself automatically, while a virus requires a human to do something like open a file. Worms often reproduce by mailing themselves to the recipient’s mailing list. |
