51 terms

AIS- Chapter 5

Computer Fraud and Abuse
an intentional act where the intent is to destroy a system or some of its components
a text file created by a web site and stored on a visitor's hard drive. They store information about who the user is and what the user has done on the site
any and all means a person uses to gain an unfair advantage over another person
white-collar criminal
typically businesspeople who commit fraud. They usually resort to trickery or cunning and their crimes usually involve a violation of trust or confidence
misappropriation of assets/ employee fraud
an internal fraud in which an employee or group of employees use or steal company resources for personal gain
fraudulent financial reporting
intentional or reckless conduct, whether by act or ommision, that results in materially misleading financial statements
a person's incentive or motivation for commiting fraud
the condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain
concealing the theft of cash by means of a series of delays in posting collections to accounts. For example, a perpetrator steals customer A's accounts receivable payment. Fund received at a later date from customer B are used to pay off customer A's balance. Funds from customer C are used to pay off B's balance, and so forth.
a fraud scheme where the perpetrator conceals a theft of cash by creating cash through the transfer of maney between banks. For example, suppose a fraud perpetrator opens checking accounts in banks A, B, and C. Then the perpetrator "creates" cash by depositing a $1000 check from bank A into bank B and then withdraws the $1000 from bank B. Since there are insufficient funds in bank A to cover the $1000 check, the perpetator deposits a $1000 check from bank C to bank A before his check to bank B clears the bank A. Since bank C also has insufficient funds, $1000 must be deposited to bank C before the check to bank A clears. The check to bank C is written from bank B, which also has insufficient funds. The scheme contines, with checks and deposits occuring as needed to keep the checks from bouncing.
the excuse tht fraud perpetrators use to justify their illegal behavior
computer fraud
any illegal act for which knowledge of a computer is essential for the crime's perptration, investigation, or prosecution
unauthorized access and use of computer systems, usually by mean of a personal computer and telecommunications networks
war dialing
searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected
war driving
the practice of driving around in cars looking for unprotected home or corporate wireless networks
war chalking
the practice of drawing chalk symbols on sidewalks to mark unprotected wireless networks
gaining control of someone else's computer to carry out illicit activities, such as sending spam without the computer user's knowledge
denial-of-service attack
an attacker sends so many e-mail bombs often from randomly generated false addresses, that the internet service provider's email server is overloaded and shuts down. Another example is sending so many requests for web pages that the web server crashes.
simultaneously e-mailing the same unsolicited message to many people, often in an attempt to sell them some product
dictionary attack
using special software to guess company addresses and send them blank e-mail messages. unreturned messages are usually valid e-mail addresses that can be added to spammer e-mail lists
altering an e-mail message to make it look as if someone else sent it
code released by software developers that fixes a particular vulnerability
password cracking
occurs when an intruder penetrates a system's defenses, steals the file containing valid passwords, decrypts them, and uses them to gain access to system resources such as programs, files, and data
masquerading/ impersonation
when a perpetrator gains access to a system by pretending to be an authorized user. This approach requires that the perprator know the legitmate user's identification numbers and passwords
when a perpetrator latches on to a legitmate user who is logging in to a system. The legitimate user unknowingly carries the perpetrator with himn as he is allowed into the system
data diddling
changing data before, during, and after it is entered into the system. The change can be made to add, delete, or alter system data
data leakage
the unauthorized copying of company data, often without leaving any indication that is was copied
salami technique
a fraud technique in which tiny slices of money are stolen from many different accounts
round-down fraud
a fraud technique used in financial institutions that pay interest. The programmer instructs the computer to round down all interest calculations to two decimal places. The fraction of a cent rounded dound on each calculation is put into the programmer's own account.
a hacker who attacks phone systems
economic espionage
the theft of information and intellectual property
Internet terrorism
hackers using the internet to disrupt economic commerce and destroy company or individual communications
Internet misinformation
using the internet to spread false or misleading information. This can be done in a number of ways, including inflammatory messages in online chats, setting up web sites, and spreading urban legends
e-mail threats
threats sent to victims by e-mail. The threats usually require some follow-up action, often at great expense to the victim
software piracy
the unauthorized copying of software
social engineering
using deception to obtain unauthorized access to information resources. Access is usually obtained by fooling an employee
identity theft
assuming someone's identity, almost always for economic gain, by illegally obtaining confidential information such as a social security number
sending an e-mail pretending to be a legitimate company, usually a financial institution, and requesting information. The recipient is asked to either respond to the e-mail request or visit a web page and submit the data. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim's account
scavenging/ dumpster diving
searching for corporate or personal records to gain unauthorized access to confidential information. These methods include searching garbage cans, communal trash bins, and city dumps to find documents or printouts with confidential personal or company information
shoulder surfing
watching people enter telephone calling card or credit card numbers or listen as they give credit card numbers over the telephone or to a clerk
observing data transmissions intended for someone else. One way unauthorized individuals can intercept signals is by setting up a wiretap
software that monitors computing habits and sends the data to someone else, often without the computer user's permission
a type of spyware that 1)causes banner ads to pop up on your monitor as you surf the Net and 2)collects information about the user's web-surfing and spending habits and forwards it to the compnay gathering the data, often an advertising or media organization. It usually comes bundled with freeware and shareware downloaded form the internet.
key logger
using spyware to record a user's keystrokes, e-mails sent and received, web sites visited, and chat session participation
Trojan horse
a set of unauthorized computer instructions in an authorized and otherwise properly functioning program. It performs some illegal act at a preappointed time or under a predetermined set of conditions
logic time bomb
a program that lies idel until some specified circumstance or a particular time triggers it. Once triggered, the program sabotages the system by destroying programs or data
trap door
a set of computer instructions that allows a user to bypass the system's normal controls
packet sniffers
programs that capture data from information packets as they travel over the internet or company networks. Captured data is sifted to find confidential or proprietary information that can be sold or otherwise used
the unauthorized use of a special system program to bypass regular system controls and perform illegal acts. This utility was originally written to handle emergencies, such as restoring a system that had crashed
a segment of executable code that attaches itself to an applciation program or some othe executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates
similar to a virus except that it is a program rather than a code segment hidden in a host program. It also copies itself automatically and actively transmits itself directly to other systems