Beruflich Dokumente
Kultur Dokumente
2.
3.
COMPUTER FRAUD
Computer fraud is any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organization whose computer system was compromised. The intention is to execute a fraudulent scheme or financial criminal act. It can be difficult to detect by fraud examiner or forensic professional because it:
. Lacks a traditional paper audit trail; . Requires understanding of the technology used to commit the crime; . Requires an understanding of the technology of the victim computer; . Requires use computer specialists to assist the fraud examiner.
3
COMPUTER CRIME
Computer crime is an act where the computer hardware, software, or data is altered, destroyed, manipulated, or compromised due to acts that are not intended. It is a crime that is committed where the computer or electronic data device is integral to the criminal act. The function of computer in crime is fourfold:
. As an Object: physical sabotage, theft, or destruction of information; . As a Subject: technologists use to commit the crime such as virus attacks, illegal access, etc.; . As a Tool: electronic device is used to commit the crime such as embezzlement, theft of information, or hacking; . As a Symbol: it is as a victim into investment, pyramid, other traditional fraud schemes adapted to digital environment.
4
CYBER CRIME IN INDONESIA Based on Symantec Corporation Survey: Conducted in April 2010; 499 respondents (male and female= 6:4); Attacked at least 86% internet users; Completion of cyber crime cases was 36 days; Average cost IDR11,558,945 (USD1,265).
SURVEY
7
COMPUTER HACKING
Hacker= computer enthusiast; someone seeking unauthorized access to computer systems & its information. Hackers include employees, individuals operating alone, hacker gangs, and entrepreneurial hackers who seek financial reward for their illegal acts. Hacking: . Breaking computer systems guess users access codes; . Social engineering: enter a company to reveal information.
10
HACKING METHODS
Trojan Horse Virus: converting instruction to unauthorized access; Trap Doors: inserting instruction in a program to circumvent control hackers take advantage of it; Salami Techniques: unauthorized program to steal small amount from asset, e.g. interest rounding at banking; Logic Bombs: executing at specific event, e.g. deleting payroll if the user name is removed; Data Diddling: changing data before or during entry into computer system, e.g. replacing valid disk with modified ones; Scavenging & Dumpster Diving: obtaining data from the trash by knowing user name; Data Leakage: removing, smuggling, hiding information from facility; Piggybacking/Impersonation: gaining restricted area using users password & tapping to terminal link;
11
HACKING METHODS
Simulation & Modeling: manipulation to plan or control criminal act; Wire Tapping: taking transmitted data between computers. Encryption can minimize it; Network Weaving: looping using network to avoid detection; Altering Password Generation: using randomizer to generate name and password; Buffer Overflow Exploits: overflowing a program to alter system files, installing backdoors, etc.; Privilege Escalation Exploits: unauthorized access to exploit grand administrator or root level access to users; Backdoors: remote access to the system at a point time; HTTP Exploits: performing malicious activities to web server applications; Anti-hacker Measures: remote access to customers, vendors, and suppliers to companys server.
12
COMPUTER VIRUSES
Computer virus is a hidden computer programs that use computer resources or other computer activities to shut down or slow the system significantly. Infected computers resources to replicate itself and spread the infection to other computer systems on a network, internet, email, text messages, infected software, shared program application, demonstration software, freeware, and shareware. Diversity from harmless (displaying a message or greeting) to those that shut down entire computer network, ruin data, or destroy the ability of computer function.
14
16
20
COMBATING INTERNET FRAUD Encrypt confidential information; Validate user names and password into its protocol; Do not put financial information, customer data, and other valuable databases on the web server; Put firewall to prevent unauthorized access.
23