Computer & Internet Crime (Group 3)

What is Computer and Internet Crime?

It is a crime involving computers, networks, or online systems, including unauthorized access, malware, phishing, data theft, and cyberterrorism.

Why is IT security important today?

Because increasing complexity, vulnerabilities, and evolving threats have led to more frequent and costly incidents.

What is a virus?

A piece of programming code, usually disguised as something else, that causes a computer to behave unexpectedly and undesirably.

What is a worm?

A standalone malware program that replicates itself to spread to other computers automatically.

What is a Trojan horse?

Malware disguised as a normal program to mislead users about its true intent.

What is a logic bomb?

A piece of code inserted into software that triggers a malicious function when certain conditions are met.

What is ransomware?

Malware that disables a device until the victim pays a ransom.

What is a rootkit?

Software that enables unauthorized access and hides its presence or other malware.

What is an exploit?

Code or a program that takes advantage of vulnerabilities to install malware or initiate attacks.

What is a zero-day vulnerability?

A security flaw unknown to the vendor and not yet patched.

What is a virus signature?

A unique string of code used by antivirus software to detect a specific virus.

What is phishing?

Fraudulent emails or websites that trick users into revealing personal data.

What is spear phishing?

A targeted phishing attack aimed at a specific individual, group, or organization.

What is smishing?

A cyberattack that uses SMS messages to trick victims.

What is vishing?

Voice phishing that uses phone calls to obtain sensitive information.

What is spam?

The abuse of email systems to send unsolicited messages.

What is a micro virus?

A virus written in macro languages that infects document templates.

What is the ILOVEYOU virus?

A worm disguised as a love letter created by Onel de Guzman that stole passwords and deleted files.

What is a DDoS attack?

An attack that floods a system with traffic from botnets to prevent legitimate use.

Who are hackers?

People who gain unauthorized access to systems, sometimes to test limits or expose weaknesses.

Who are crackers?

Individuals who break into systems with malicious intent.

Who are malicious insiders?

Employees or insiders who misuse internal access to commit fraud or theft.

Who are industrial spies?

Individuals who steal trade secrets for competitive advantage.

Who are cybercriminals?

Attackers motivated by monetary gain, often hacking to steal or sell data.

Who are hacktivists?

Activists who hack to promote political or social causes.

Who are cyberterrorists?

Attackers seeking maximum destruction, often targeting critical infrastructure.

What is the USA Patriot Act?

A law that defines cyberterrorism penalties (5–20 years imprisonment for severe damages).

What is the Identity Theft and Assumption Deterrence Act?

A law that criminalizes identity theft and imposes severe penalties.

What is the Fraud and Related Activity in Connection with Access Device Statute?

A law that criminalizes credit card fraud and the production or use of counterfeit access devices.

What does the CAN-SPAM Act regulate?

Unsolicited commercial emails, requiring truthful headers, opt-out options, and content labeling.

What is Trustworthy Computing (TWC)?

A computing approach focused on security, privacy, reliability, and business integrity.

What is a risk assessment?

The process of evaluating security risks from internal and external threats.

What is a security policy?

A written set of requirements and rules defining acceptable use and responsibilities.

What is a security audit?

A process that evaluates whether an organization’s security policies are adequate and followed.

What is a smart card?

A chip-based card used for secure authentication and resource access.

What is user education in security?

Training employees to recognize, avoid, and report security threats like phishing and smishing.

What are three key prevention measures?

Installing firewalls, using antivirus software, and conducting periodic security audits.

What does an Intrusion Detection System (IDS) do?

Monitors network traffic for suspicious activity and alerts on anomalies.

What are the main steps of incident response?

Notification, evidence protection, containment, eradication, and follow-up.

What is computer forensics?

The process of collecting and preserving digital evidence for legal use.

What is a botnet?

A network of compromised computers controlled remotely for malicious tasks.

What is a zombie computer?

A compromised computer controlled remotely without the owner's knowledge.

What is a data breach?

The exposure of confidential or sensitive information to unauthorized parties.

What is a VPN?

A secure, encrypted tunnel between a device and a remote server.

What is a CAPTCHA?

A test used to differentiate humans from bots.