All computers connected to the Internet, especially those with

important trade secrets or valuable IT assets are under constant

attack from hackers, foreign governments, terrorist groups,
disaffected employees, industrial spies, and competitors. These
people attack computers looking for valuable data or trying to
harm the computer system.
Hacking is the unauthorized access, modification, or use of an
electronic device or some element of a computer system. Most
hackers break into systems using known flaws in operating systems
or application programs, or as a result of poor access controls.

• Russian hackers broke into Citibank’s system and stole $10 million
from customer accounts.
• Acxiom manages customer information for credit card issuers,
banks, automotive manufacturers, and retailers. A systems
administrator for a company doing business with Acxiom
exceeded his authorized access, downloaded an encrypted
password file, and used a password-cracking program to access
confidential Ids. The intrusion cost Axciom over $5.8 million.
• A 17-year old hacker broke into Bell Laboratories network,
destroyed files, copied 52 proprietary software programs, and
published confidential information on underground bulletin
boards. Many hackers are young, some as young as 12.
• A hacker penetrated a software supplier’s computer and used
its “open pipe” to a bank customer to install a powerful Trojan
horse in the bank’s computer.
• In the worst security breach in gaming history, 101 million Sony
PlayStation accounts were hacked, crashing the network for
over a month. More than 12 million credit card numbers, e-mail
addresses, passwords, home addresses, and other data were
stolen.
Hijacking is gaining control of a computer to carry out illicit
activities without the user’s knowledge.

Botnet, short for robot network, is a powerful network of hijacked

computers, called zombies, that are used to attack systems or
spread malware.

Bot herder is the person who creates a botnet by installing

software on personal computers that respond to the bot herder’s
electronic instructions. Bot software is delivered in a variety of ways
including Trojans, e-mails, instant messages, tweets, or an infected
website. Bot herders use the combined power of the hijacked
computers to mount a variety of Internet attacks.
Denial-of-Service (DoS) attack is a computer attack in which the
attacker sends so many e-mail bombs or web page requests,
often form randomly generated false addresses, that the Internet
service provider’s email server or the web server is overloaded
and shuts down.

• A DoS attack shut down 3000 websites for 40 hours on one of the
busiest shopping weekends of the year.
• CloudNine, an Internet service provider, went out of business
after DoS attacks prevented its subscribers and their customers
from communicating.
• An estimated 1 in 12 e-mails carried the MyDoom virus at its
peak. The virus turned its host into a zombie that attacked
Microsoft, Amazon, Yahoo, CNN, and eBay.
Spamming is simultaneously sending the same unsolicited
message to many people at the same time, often in an attempt to
sell something. Spammers stage dictionary attacks, where they
use special software to guess company e-mail addresses and
send them blank e-mail messages. Unreturned messages are
usually valid e-mail addresses that can be added to spammer e-
mail lists.

A blog, short for web log, is a website containing online journals

and commentaries. Hackers create splogs, combination of spam
and blog, with links to websites they own to increase their Google
PageRank, which is how often a web page is referenced by other
web pages.
Spoofing is making an electronic communication look as if
someone else sent it to gain the trust of the recipient. It can take
various forms including the following:

• E-mail spoofing is making an e-mail appear as though it

originated from a different source. Many spam and phishing
attacks use special software to create random sender
addresses.
• Caller ID spoofing is displaying an incorrect number of the
recipient’s caller ID display to hide the caller’s identity.
• IP address spoofing is creating Internet Protocol (IP) packets with
a forged source IP address to conceal the identity of the sender
or to impersonate another computer system. IP spoofing is most
frequently used in DoS attacks.
• Address Resolution Protocol (ARP) spoofing is sending fake ARP
messages to an Ethernet LAN. ARP is a computer networking
protocol for determining a network host’s hardware address
when only its IP or network address is known.
• SMS spoofing is using the short message service (SMS) to change
the name or number a text message appears to come from.
• Web page spoofing is also called phishing.
• DNS spoofing is sniffing the ID of a Domain Name System (DNS,
the “phone book” of the Internet that converts a domain, or
website name, to an IP address) request and replying before the
real DNS server can.
Zero-day attack (or zero-hour attack) is an attack between the
time a new software vulnerability is discovered and the time a
software developer releases a patch that fixes the problem. A
patch is the code released by the software developers that fixes a
particular software vulnerability.

Cross-site scripting (XSS) is a vulnerability in dynamic web pages

that allows an attacker to bypass a browser’s security mechanisms
and instruct the victim’s browser to execute code, thinking it
came from the desired website.

Buffer overflow attack happens when the amount of data entered

into a program is greater than the amount of memory set aside to
receive it. The input overflow usually overwrites the next computer
instruction causing the system to crash.
SQL injection (insertion) attack is a malicious code in the form of
an SQL query inserted into input so it can be passed to and
executed by an application program. The idea is to convince the
application to run SQL code that it was not intended to execute
by exploiting a database vulnerability. It is one of several
vulnerabilities that occur when one programming language is
embedded inside another. A successful SQL injection can read
sensitive data from the database; modify, disclose, destroy, or limit
the availability of the data; allow the attacker to become a
database administrator; spoof identity; and issue operating system
commands. An SQL injection attack can have a significant impact
that is limited only by the attacker’s skill and imagination and
system controls.
Man-in-the-middle attack places a hacker between a client and
a host and intercepts network traffic between them. A MITM
attack is often called a session hijacking attack. MITM attacks are
used to attack public key encryption systems where sensitive and
valuable information is passed back and forth.
 Intended
Connection

Client Host Server

Actual MITM Actual MITM

Connection Connection

Hacker
Masquerading or impersonation is pretending to be an authorized
user to access a system. This is possible when the perpetrator
knows the user’s ID number and password or uses the computer
after the user logs in.

Piggybacking
• The clandestine use of a neighbor’s WiFi network; this can be
prevented by enabling the security features in the wireless
network.
• Tapping into a communication line and electronically latching
onto a legitimate user before the user enters a secure system;
the legitimate user unknowingly carries the perpetrator into the
system.
• An unauthorized person following an authorized person through
a secure door, bypassing physical security controls such as
keypads, ID cards, or biometric identification scanners.

Password cracking is penetrating a system’s defenses, stealing the

file containing valid passwords, decrypting them, and using them
to gain access to programs, files, and data.

War dialing is programming a computer to dial thousands of

phone lines searching for dial-up modem lines. Hackers break into
the personal computer attached to the modem and access the
network to which it is connected.
Phreaking is attacking phone systems. The most common reason
for the attack it to obtain free phone line access, to transmit
malware, and to steal and destroy data.

Data diddling is changing data before or during entry into a

computer system in order to delete, alter, add, or incorrectly
update key system data. Examples include forging or changing
documents used for data entry and replacing files containing
input data with modified files.

Data leakage is the unauthorized copying of company data.

Podslurping is using a small device with storage capacity, such as

an iPod or flash drive, to download unauthorized data.
Salami technique is used to embezzle money a “salamy slice” at a
time from many different accounts.

Run-down fraud. All interest calculations are truncated at 2

decimal places and the excess decimals put into an account the
perpetrator controls. No one is the wiser, since all the books
balance. Overtime, these fractions of a cent add up to a
significant amount, especially when interests are calculated daily.

Economic espionage is the theft of information, trade secrets, and

intellectual property.

Cyber-extortion is threatening to harm a company or a person if a

specified amount of money is not paid.
Cyber bullying is using the Internet, cellular phones, or other
communication technologies to support deliberate, repeated,
and hostile behaviour that torments, threatens, harasses,
humiliates, embarrasses, or otherwise harms another person.

Sexting is exchanging sexually explicit text messages and

revealing pictures, usually by means of a phone.

Internet terrorism is using the Internet to disrupt electronic

commerce and communications to harm computers.

Internet misinformation is using the Internet to spread false or

misleading information. Another form is pretending to be someone
else and posting web-based messages that damage the
reputation of the impersonated person.
Internet auction fraud is using an Internet auction site to defraud
another person.

Internet pump-and-dump fraud is using the Internet to pump up

the price of a stock and then selling it.

Web cramming is offering free website for a month, developing a

worthless website, and charging the phone bill of the people who
accept the offer for months, whether they want to continue using
the website or not.
Software piracy is the unauthorized copying or distribution of
copyrighted software. 3 frequent forms of software piracy include:

• Selling a computer with pre-loaded unauthorized software;

• Installing a single license copy on multiple machines; and
• Loading software on a network server and allowing unrestricted
access to it in violation of the software license agreement.
Social engineering refers to techniques or psychological ricks used
to get people to comply with the perpetrator’s wishes in order to
gain physical or logical access to a building, computer, server, or
network – usually to get the information needed to access a
system and obtain confidential data. Often, the perpetrator has a
conversation with someone to trick, lie to, or otherwise deceive
the victim. Often, the perpetrator has information, authority, or
confidence that makes it appear that he belongs or knows what
he is doing.

Cisco reported that fraudsters take advantage of the following 7

human traits in order to entice a person to reveal information or
take a specific action:
1. Compassion – the desire to help others who present
themselves as really needing your help.
2. Greed – people are more likely to cooperate if they get
something free or think they are getting a once-in-a-lifetime
deal.
3. Sex appeal – people are more like to cooperate with
someone who is flirtatious or viewed as “hot”.
4. Sloth – few people want to do things the hard way, waste
time, or do something unpleasant; fraudsters take advantage
of our lazy habits and tendencies.
5. Trust – people are more likely to cooperate with people who
gain their trust.
6. Urgency – a sense of urgency or immediate need that must be
met leads people to be more cooperative and
accommodating.
7. Vanity – people are more likely to cooperate if you appeal to
their vanity by telling them they are going to be more popular
or successful.
Establishing the following policies and procedures – and training
people to follow them – can help minimize social engineering:

1. Never let people follow you into a restricted building.

2. Never log in for someone else on a computer, especially if your
have administrative access.
3. Never give sensitive information over the phone or through e-
mail.
4. Never share passwords or user Ids.
5. Be cautious of anyone you do not know, who is trying to gain
access through you.
Identity theft is assuming someone’s identity, usually for economic
gain, by illegally obtaining and using confidential information such
as social security number, bank account, or credit card number.

Pretexting is using an invented scenario (the pretext) to increase

the likelihood that a victim will divulge information or do
something. The pretext is more than just a simple lie; it usually
involves creating legitimacy in the target’s mind that makes
impersonation possible.

Posing is creating a seemingly legitimate business, collecting

personal information while making a sale, and never delivering the
product. Fraudsters also create Internet job listing sites to collect
confidential information.
Phishing is sending an electronic message pretending to be a
legitimate company, usually a financial institution, and requesting
information or verification of information and often warning of
some negative consequences if it is not provided.

Voice phishing, or vishing, is like phishing except that the victim

enters confidential data by phone.

Carding refers to activities performed on stolen credit cards,

including making a small online purchase to determine whether
the card is still valid and buying and selling stolen credit card
numbers.
Pharming is redirecting website traffic to a spoofed website. It is a
very popular social engineering tool for 2 reasons:

1. It is difficult to detect because the user’s browser shows the

correct website. Antivirus and spyware removal software are
currently ineffective protections against pharming. Instead,
complicated antipharming techniques are required.
2. The ability to target many people at a time through domain
spoofing rather than one at a time with phishing emails.

Evil twin is a wireless network with the same name (called Service
Set Identifier or SSID) as a legitimate wireless access point.
Evil twin is a wireless network with the same name (called Service
Set Identifier or SSID) as a legitimate wireless access point. The
hacker either uses a wireless signal that is stronger than the
legitimate signal or disrupts or disables the legitimate access point
by disconnecting it, directing a DoS against it, or creating radio
frequency interference around it. Users are unaware that they
connect to the evil twin. The perpetrator monitors the traffic
looking for confidential information. Hackers also use evil twin to
unleash a wide variety of malware and to install the software to
attack other computers.

Typosquatting or URL hijacking is setting up similarly named

websites so that users making typographical errors when entering
a website name are sent to an invalid site.
Tabnapping is secretly changing an already open browser tab. It
begins when a victim is tricked into opening an e-mail link or
visiting and infected website.

Scavenging or dumpster diving is searching documents and

records to gain access to confidential information.

Shoulder surfing, as its name suggests, occurs when a perpetrator

looks over a person’s shoulders in a public place to get
information such as ATM PIN or user Ids and passwords.

Lebanese looping is where the perpetrator inserts a sleeve into an

ATM that prevents the ATM from ejecting the card.
Skimming is double-swiping a credit card in a legitimate terminal
or covertly swiping a credit card in a small, hidden, hand-held
card reader that records credit card data for later use.

Chipping is posing as a service engineer and planting a small chip

that records transaction data in a legitimate credit card reader.
The chip is later removed to access the data recorded on it.

Eavesdropping is listening to private communications or tapping

into data transmissions.
Malware is any software that is used to harm.

Spyware is a software that secretly monitors computer usage,

collects personal information about users, and sends it to someone
else, often without the computer user’s permission. Spyware
infections, of which users are usually unaware, come from the
following:

• Downloads such as file sharing programs, system utilities, games,

wallpapers, screen savers, music, and videos.
• Websites that secretly download spyware. This is called drive-by
downloading.
• A hacker using security holes in web browsers and other
software.
• Malware masquerading as antispyware security software.
• A worm or virus.
• Public wireless networks.

Adware is spyware that can pop banner ads on a monitor, collect

information about the user’s web surfing and spending habits, and
forwards it to the adware creator.

Some malware developers intentionally make their software

difficult to uninstall. Malware companies sometimes battle each
other over whose software will infect a computer. Some of them
have developed torpedo software that destroys competing
malware, resulting in “malware warfare” between competing
developers.
Scareware is a software that is often malicious, is of little or no
benefit, and is sold using scare tactics. That is, it uses fear to
motivate some sort of user action.

Ransomware is a software that encrypts programs and data until a

ransom is paid to remove it.

Keylogger is a software that records computer activity, such as a

user’s keystrokes, e-mails sent and received, websites visited, and
chat session participation. Parents use the software to monitor
their children’s computer usage and businesses use it to monitor
employee activity.
Trojan horse is a set of malicious computer instructions in an
authorized and otherwise properly functioning program.

Time bombs and logic bombs are trojan horses that lie idle until
triggered by a specified date or time, by a change in the system,
by a message sent to the system, or by an event that does not
occur. Once triggered, the bomb goes off, destroying programs,
data, or both.

Trap door or back door is a set of computer instructions that allows

as user to bypass the system’s normal controls.

Packet sniffers are programs that catches information packets as

they travel over networks. Captured data are examined to find
confidential or proprietary information.
Steganography program is a program that can merge
confidential information with a seemingly harmless file, password
protect the file, send it anywhere in the world, where the file is
unlocked and the confidential information is re-assembled. The
host file can still be heard or viewed because humans are not
sensitive enough to pick up the slight decrease in image and
sound quality.
A rootkit conceals processes, files, networks connections, memory
addresses, systems utility programs, and system data from the
operating system and other programs. Rootkits often modify the
operating system and install themselves as drivers. A rootkit is used
to hid the presence of trapdoors, sniffers, and keyloggers; conceal
software that originates a DoS or an e-mail spam attack; and
access usernames and login information. Unlike viruses and worms,
rootkits do not spread to other systems.

Superzapping is the unauthorized use of special system programs

to bypass regular system controls and perform illegal acts, all
without leaving an audit trail.
Virus is a segment of self-replicating, executable code that
attaches itself to a file or program. During its replication phase, the
virus spreads to other systems when the infected file or program is
downloaded or opened by the recipient. Newer viruses can
mutate each time they infect a computer, making them more
difficult to detect and destroy. During the attack phase, usually
triggered by some pre-defined event, viruses destroy or alter data
or programs, take control of the computer, destroy the hard
drive’s file allocation table, delete or rename files or directories,
reformat the hard drive, change the content of files, or keep users
from booting the system or accessing data on the hard drive.
A virus can intercept and change transmissions, display disruptive
images or messages, or cause the screen image to change color
or disappear. Computer virus symptoms include:

• Computers do not start or execute

• Unexpected read or write operations
• Inability to save files
• Long program load times
• Abnormally large file sizes
• Slow systems operation
• Incessant pop-ups
• Unusual screen activity, error messages, or filenames
A worm is a self-replicating computer program similar to a virus,
with some exceptions:

• A virus is a segment of code hidden in or attached to a host

program or executable file, whereas a worm is a stand-alone
program.
• A virus requires a human to do something to replicate itself,
whereas a worm does not and actively seeks to send copies of
itself to other network devices.
• Worms harm networks whereas viruses infect or corrupt files or
data on a targeted computer.
Bluesnarfing is stealing contact lists, images, and other data using
Bluetooth.

Bluebugging is taking control of someone else’s phone to make or

listen to calls, send or read text message, connect to the Internet,
forward the victim’s calls, and call numbers that charge fees.
 JIMMY DE VERA ROLDAN, MSIT