Académique Documents
Professionnel Documents
Culture Documents
Examples of Deliberate Human Error E. Deliberate Acts – acts by employees by organizational employees (i.e.,
insiders) account for large number of information security breaches.
1. Social Engineering – is an attack in which the
perpetrator uses social skills to trick or manipulate a Examples of deliberate:
legitimate employee into providing company 1. Espionage or Tresspass – occurs when an authorized
information such as password. individual attempt to gain illegal access to organizational
2. Reverse Social Engineering – the employees information.
approach the attacker. For example the attacker 2. Information extortion – occurs when an attacker either
gains employment at a company and, in informal threatens to steal or actually steals information from a
conversations with his co-workers, while he is company.
helping them. He loads Trojan horses on their 3. Sabotage or vandalism – are deliberate acts that involve
computers that email him with their passwords and defacing an organization’s web site, possibly causing the
information about their machines. organization to lose its image and experience a loss of
3. Social Data Mining – also called buddy mining, confidence by its customers.
occurs when attackers seek to learn who knows who
in an organization and how.
4. Theft or equipment or information – computing devices and 3. Trojan horse – programs that hide in other computer
storage devices are becoming smaller yet more powerful with programs and reveal their designed behaviour only
vastly increased storage. when they are activated.
5. Identity theft – is deliberate assumption of another person’s 4. Back- door – typically a password, known only to the
identity, usually to gain access to their financial information attacker, that allows him to access a computer
or to frame them for a crime. system at will, without having to go through any
Techniques for obtaining information include; security procedures (also called trap door)
1. Stealing mail or dumpster diving – 5. Blended attack – an attack using several delivery
2. Stealing personal information in computer databases methods (e.g. email and Web), and combines
3. Infiltrating organizations that store large amounts of multiple components, such as phishing, spam,
person information – worms, and Trojan in one attack.
4. Impersonating a trusted organization in an electronic 6. Logic bomb – Segment of computer code that is
communication (phishing) – embedded with an organization’s existing computer
6. Compromises to intellectual property – vital issue for people programs and is designed to activate and perform a
who make their livelihood in knowledge fields. destructive action at a certain time and date.
Intellectual Property – property created by individuals or 7. Password Attack
corporation that is protected under trade secret, patent a. Dictionary Attack – attack that tries
and copyright laws. combination of letters and numbers those
Trade secret – an intellectual work, such as a business are most likely to succeed, such as all words
plan, that is a company secret and not based on public from a dictionary.
information. An example is a corporate strategic plan. b. Brute Force Attack – attack sends uses
Patent – is a document that grants the holder exclusive massive computing resources to try every
rights on an invention or process for 20 years. possible combination of password options
Copyright – is a statutory grant that provides the to uncover a password.
creators of intellectual property with ownership of the 8. Denial-of-Service attack – attacker sends so many
property for the life of the creator plus 70 years. information request to a target computer system
Piracy – copying a software program without making that the target cannot handle them successfully and
payment to the owner – including giving disc to a friend typically crashes (cease function)
to install on a computer – is a copyright violation. 9. Distributed Denial-of-Service attack – an attacker
7. Software attacks – malicious software tried to infect as many first takes over many computers, typically by using
computers worldwide. malicious software. These computers are called
1. Virus – Segment of the computer code that performs zombies or bots. The attacker uses these bots (which
malicious actions by attaching to another computer from botnet) to deliver a coordinated stream of
program. information to a target computer, causing it to crash.
2. Worm – segment of computer code that performs 10. Phishing attack – use deception to acquire sensitive
malicious actions and will replicate, or spread, by personal information by masquerading as official-
itself (without requiring another computer program) looking emails or instant messages.
11. Spear Phishing attack – target large groups of Note: cookies are also necessary if you want to shop
people. In spear phishing attacks, the perpetrators online because they are used for your shopping carts
find out as much information about individual as at various online merchants.
possible to improve their chances that phishing 9. Supervisory control and data acquisition (SCADA) attacks –
techniques will be able to obtain sensitive personal are used to monitor or to control chemical, physical, or
information. transport processes such as oil refineries, water, sewerage or
12. Zero-day attack – takes advantage of a newly treatment plants, electrical generators, and nuclear power
discovered, previously unknown vulnerability in a plants.
software product. Perpetrators attack the
vulnerability before the software vendor can prepare 10. Cyber-terrorism and Cyber-warfare – attackers use a target’s
a patch for the vulnerability. computer systems, particularly via internet, to cause physical,
8. Alien Software – clandestine software that is installed on real-world harm or severe disruption, usually to carry out a
your computer through duplicitous methods, sometimes political agenda
called pestware.
Different types of alien software;
1. Adware – software that is designed to help pop-up
advertisements to appear on your screen.
2. Spyware – software that collects personal
information about users without consent.
a. Keystroke loggers (keyloggers) – records
your keystrokes and record your Internet
Web browsing history.
b. Screen scrappers – software that records a
continuous “movie” of a screen contents
rather than simply keystrokes.
3. Spamware – designed to use your computer as
Launchpad for spammers.
Spam – is unsolicited e-mail, usually for the purpose
of advertising for the products and services.
4. Cookies – small amounts of information that web
sites store on your computer, temporarily or more or
less permanently.