C5 Computer Fraud & Abuse

  • AIS Threats

  • Natural & political disasters

  • Software errors & equipment malfunctions

  • Unintentional acts

  • Intentional computer crimes

  • Fraud: gaining unfair advantage over others

  • Perpetrators: white-collar criminals

  • Misappropriation of assets: theft of company assets (employee fraud)

    • Gains the trust or confidence of the victim
    • Uses trickery, cunning, misleading information
    • Hides tracks by falsifying records
    • Cannot self-terminate, because of need, greed or anti-detection
    • Extravagant lifestyle, rather than savings
    • Becomes greedy
    • Grows careless and gets caught
    • Sheer magnitude leads to detection
    • Most factor: absence of internal controls

  • Fraudulent financial reporting: intentional or reckless conduct resulting in materially misleading financial statements

  • Fraud triangle:

    • Pressure (incentive, motivation)
    • Opportunity: condition or situation to allow to: commit and conceal the fraud, and to convert it to personal gain
    • Rationalization: to allow perpetrators to justify illegal behaviors

  • Computer fraud: any illegal act for which computer technology is essential for its perpetration, investigation or prosecution

  1. Not everyone agrees on what constitutes computer fraud
  2. Many go undetected
  3. Many uncovered frauds is not reported
  4. Networks lack of security
  5. Internet provides instructions
  6. Law enforcement falls behind
  7. Total loss difficult to value

  • Computer fraud classifications

  • Input fraud

  • Processor fraud

  • Computer instruction fraud

  • Data fraud

  • Output fraud

  • Computer attacks

  • Hacking: unauthorized access and use of computer systems

    • War dialing, driving, chalking, rocketing
    • Botnet, hijacking, bot herders, zombies, denial-of-service attack
    • Spamming, dictionary attacks, splogs, spoofing, zero-day attack
    • Password cracking, masquerading / impersonation, piggybacking
    • Data diddling, data leakage, phreaking
    • Economic espionage, cyber-extortion, Internet terrorism, Internet misinformation, e-mail threats
    • Click fraud, software piracy

  • Social engineering: tech to obtain confidential information, often by tricking people

    • Identity theft, pretexting, posing, phishing, vishing, carding, pharming
    • Evil twin, typosquatting, scavenging / dumpster diving,
    • Shoulder surfing, skimming, chipping, eavesdropping

  • Malware

    • Spyware, adware, key logger, trojan horse, time bombs, trap door, packet sniffers
    • Steganography programs, rootkit, superzapping, virus, bluesnarfing, bluebugging, worm
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容