Computer Fraud and Abuse Techniques

Computer Fraud and Abuse

• Cyberattack: A shutdown of a top US pipeline, Colonial Pipeline, was forced after a ransomware attack, where criminal groups hold data hostage until the victim pays a ransom.

Hacking

• Hacking: Unauthorized access, modification, or use of an electronic device or computer system.
• Common passwords: Weak passwords, such as "senha" (a Portuguese word meaning "password"), can be easily exploited.

Malware

• Types of malware:
  • Ransomware: Holds data hostage until the victim pays a ransom.
  • Virus: A self-replicating, executable code that attaches itself to a file or program.
  • Worm: A self-replicating computer program similar to a virus, but with some exceptions (e.g., a virus requires human interaction, whereas a worm does not).
• Rootkit: Conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs.

Social Engineering

• Techniques: Used to gain physical or logical access to a building, computer, server, or network.
  • Identity theft: Assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information.
  • Pretexting: Using an invented scenario to increase the likelihood that a victim will divulge information or do something.
  • Posing: Creating a seemingly legitimate business to collect personal information while making a sale.
  • Phishing: Sending an electronic message pretending to be a legitimate company, requesting information or verification of information.

Cybercrime

• Types of cybercrime:
  • Hijacking: Gaining control of a computer to carry out illicit activities without the user's knowledge.
  • Botnet: A powerful network of hijacked computers, used to attack systems or spread malware.
  • Spamming: Simultaneously sending unsolicited messages to many people at the same time.
  • Spoofing: Making an electronic communication look as if someone else sent it to gain the trust of the recipient.
  • Piggybacking: Unauthorized person following an authorized person through a secure door, bypassing physical security controls.
  • Password cracking: Penetrating a system's defenses, stealing the file containing valid passwords, decrypting them, and using them to gain access to programs, files, and data.
  • War dialing: Programming a computer to dial thousands of phone lines searching for dial-up modem lines.
  • Phreaking: Attacking phone systems.
  • Data diddling: Changing data before or during entry into a computer system.
  • Data leakage: Unauthorized copying of company data.
  • Podslurping: Using a small device with storage capacity to download unauthorized data.
  • Cyber-extortion: Threatening to harm a company or person if a specified amount of money is not paid.
  • Cyber-bullying: Using the Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.
  • Sexting: Exchanging sexually explicit text messages and revealing pictures.
  • Internet terrorism: Using the Internet to disrupt electronic commerce and communications and to harm computers.

Other Cyber Threats

• Internet misinformation (fake news): Using the Internet to spread false or misleading information.
• Internet auction fraud: Using an Internet auction site to defraud another person.
• Web cramming: Offering a free website for a month, developing a worthless website, and charging the phone bill of the people who accept the offer for months.
• Software piracy: Unauthorized copying or distribution of copyrighted software.
• Bluesnarfing: Stealing contact lists, images, and other data using flaws in Bluetooth applications.
• Bluebugging: Taking control of someone else's phone to make or listen to calls, send or read text messages, connect to the Internet, forward the victim's calls, and call numbers that charge fees.
• Carding: Activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers.
• Pharming: Redirecting website traffic to a spoofed website.
• Typosquatting or URL hijacking: Setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site.
• Tabnapping: Secretly changing an already open browser tab.
• Scavenging/Dumpster diving: Searching documents and records to gain access to confidential information.
• Shoulder surfing: Looking over a person's shoulder in a public place to get information such as ATM PIN numbers or user IDs and passwords.
• Lebanese Looping: Inserting a sleeve into an ATM that prevents the ATM from ejecting the card, and then tricking the victim into entering their PIN again.
• Skimming: Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use.