AIS Threats
Natural & political disasters
Software errors & equipment malfunctions
Unintentional acts
Intentional computer crimes
Fraud: gaining unfair advantage over others
Perpetrators: white-collar criminals
-
Misappropriation of assets: theft of company assets (employee fraud)
- Gains the trust or confidence of the victim
- Uses trickery, cunning, misleading information
- Hides tracks by falsifying records
- Cannot self-terminate, because of need, greed or anti-detection
- Extravagant lifestyle, rather than savings
- Becomes greedy
- Grows careless and gets caught
- Sheer magnitude leads to detection
- Most factor: absence of internal controls
Fraudulent financial reporting: intentional or reckless conduct resulting in materially misleading financial statements
-
Fraud triangle:
- Pressure (incentive, motivation)
- Opportunity: condition or situation to allow to: commit and conceal the fraud, and to convert it to personal gain
- Rationalization: to allow perpetrators to justify illegal behaviors
Computer fraud: any illegal act for which computer technology is essential for its perpetration, investigation or prosecution
- Not everyone agrees on what constitutes computer fraud
- Many go undetected
- Many uncovered frauds is not reported
- Networks lack of security
- Internet provides instructions
- Law enforcement falls behind
- Total loss difficult to value
Computer fraud classifications
Input fraud
Processor fraud
Computer instruction fraud
Data fraud
Output fraud
Computer attacks
-
Hacking: unauthorized access and use of computer systems
- War dialing, driving, chalking, rocketing
- Botnet, hijacking, bot herders, zombies, denial-of-service attack
- Spamming, dictionary attacks, splogs, spoofing, zero-day attack
- Password cracking, masquerading / impersonation, piggybacking
- Data diddling, data leakage, phreaking
- Economic espionage, cyber-extortion, Internet terrorism, Internet misinformation, e-mail threats
- Click fraud, software piracy
-
Social engineering: tech to obtain confidential information, often by tricking people
- Identity theft, pretexting, posing, phishing, vishing, carding, pharming
- Evil twin, typosquatting, scavenging / dumpster diving,
- Shoulder surfing, skimming, chipping, eavesdropping
-
Malware
- Spyware, adware, key logger, trojan horse, time bombs, trap door, packet sniffers
- Steganography programs, rootkit, superzapping, virus, bluesnarfing, bluebugging, worm
