A

Presentation
On

Salami Attack
Presented to:
Mr. Anuj Rai
Mrs. Swati Vijay

Presented
by:
Harsh Data
IV Year, B.tech
(IT)

OUTLINE
Cyber Crimes
Salami Attack
Forms Of Salami Attack
Salami Slicing
Penny Shaving
Case Study 1
Case Study 2
Prevention
Acts
References

Cyber Crimes
Crimes that involve
computer network.

computer

or

Motive of causing physical or mental harm

maligning the reputation of the victim,
financial gains or threatening matters of
security.
Computer may be used in the commission
of crime or it may be the target.

Salami Attack
A salami attack is a form of cyber crime
usually used for the purpose of committing
financial crimes in which criminals steal
money or resources a bit at a time from
financial accounts on a system.
A salami attack is when small attacks add up to
one major attack.
These attacks often go undetected due to the
nature of this type of cyber crime.

Forms Of Salami Attack

Major forms of salami attack are :
Salami Slicing
Penny Shaving

Salami Slicing
Salami slicing is when the attacker uses an
online database to seize the information of
customers, that is bank/credit card details.
The
attacker
deducts
minuscule
amounts
from
every
account
over a period of
time.

Salami Slicing (Contd.)

These amounts naturally add up to large

sums of money that is unnoticeably taken
from the collective accounts.
Most people do not report the deduction,
often letting it go because of the amount
involved.

Penny Shaving

Penny shaving is the fraudulent practice of

stealing money repeatedly in extremely
small quantities.
By taking advantage of rounding to the
nearest cent (or other monetary unit) in
financial transactions.
The idea is to make the change small
enough that any single transaction will go
undetected.

Penny Shaving (Contd.)

Case Study 1
In California, Between November and
March of2008, Michael Largent, a 21 year
old wrote aprogram.
which allowed him to take advantage of
the practice ofchallenge deposits which
companies like Google, E*Trade, Charles
Schwab, and othercompanies use to
validate a clientsbank account .

Case Study 1 (Contd.)

Theprogram set up more than 58,000
useraccounts which resulted inchallenge
transactions between $0.01 to $2.00 tobe
sent to accounts belonging to Largent; the
funds, amounting to somewhere between
$40,000
and$50,000,
were
then
transferred into other accounts belonging
to Largent.
Animportant element of Largents fraud is
that his program created accounts using
fraudulent names and socialsecurity

Case Study 2
In Pune, city-based senior High Court
lawyer Amit Kumar Bhowmik, lost Rs 180
after getting three calls from an unknown
number
during
August
2013.

He had received three blank calls on his

mobile phone from an unknown number
(+9126530000300).
When he checked his billing account with
Airtel online, he realised he was charged
Rs 60 for each call.

Case Study 2 (contd.)

Annoyed with the repeated badgering,
Bhowmik lodged a complaint with the
Cyber Crime Cell of the Pune police crime
branch.
The Cyber Crime Cell failed to trace the
location or identify the user of the phone
yet, as the privacy policies of mobile
companies have been a hurdle in the
tracking down of the offenders.
Victims hardly ever approach the Cyber

Prevention
Banks have to update their security so that
the attacker doesnt familiarize himself/herself
with the way the framework is designed.
Banks should advise customers on reporting
any kind of money deduction that they arent
aware that they were a part of.
Customers should ideally not store information
online when it comes to bank details.

ACTS
Salami Attacks:
Anyone found guilty for salami attacks
are liable for punishment under Section
66 IT Act.
Accessing protected system:
Any unauthorized person who secures
or attempts to secure access to a
protected system is liable to be
punished with imprisonment, which
may extend to 10 years and may also
be liable to fine.

ACTS (Contd.)
Penalty for breach of confidentiality
and privacy:
Any person who has secured access to
any electronic record, information,
document etc. and discloses these to
any other person, is liable to be
punished with imprisonment, which
may extend to two years, or with fine of
about one lakh rupees.
This is an offence under Section 70 in IT

Conclusion
Salami Attack is a type of cyber crime of
stealing money in small fractions.
It can be of two forms : Salami Slicing and
Penny Shaving.
The harm caused is so miniscule that it
remains unnoticed.
If found guilty for salami attack, the
attacker is liable for imprisonment under
Section 66 IT Act 2000.

References
[1] http://cybcrime.blogspot.in/2012/08/salami-attack.html
[2] http://
www.punemirror.in/pune/cover-story/Salami-attacks-are-latest-phi
shing-hack/articleshow/31278235.cms
[3] http://all.net/CID/Attack/papers/Salami2.html
[4] http://
ethical-hacking-gzb.blogspot.in/2011/06/salami-attack.html

Thank
You