COMSEC Quiz 3: L3 (Midterms)

2 types of cyber crime

(1) insider attack
(2) external attack

An attack to the network or the computer system by some person with authorized system access

insider attack

The motive of the insider attack could be (1)_____ or (2)_____

(1) revenge
(2) greed

The insider attack could be prevented by planning and installing an (1)_____ in the organization

(1) Internal intrusion detection systems (IDS)

The attacker is either hired by an insider or an external entity to the organization

(1) external attack

These attacks are generally performed by amateurs who don’t have any predefined motives to perform the cyber attack

UNSTRUCTURED ATTACKS

These types of attacks are performed by highly skilled and experienced people and the motives of these attacks are clear in their mind

STRUCTURED ATTACKS

STRUCTURED ATTACKS

They have access to sophisticated tools and technologies to gain access to other networks without being noticed by their (1)_____

(1) Intrusion Detection Systems (IDSs)

These types of attacks are usually performed by professional criminals, by a country on other rival countries, politicians to damage the image of their rival

STRUCTURED ATTACKS

6 prominent reasons for commission of cyber crimes

(1) money
(2) revenge
(3) fun
(4) recognition
(5) anonymity
(6) cyber espionage

revenge as a reason for commission of cyber crimes comes under the category of (1)_____

(1) cyber terrorism

IDENTIFY WHICH REASON FOR COMMISION OF CYBER CRIME

They just want to test the latest tool they have encountered

FUN

IDENTIFY WHICH REASON FOR COMMISION OF CYBER CRIME

It is considered to be pride if someone hack the highly secured networks like defense sites or networks

RECOGNITION

IDENTIFY WHICH REASON FOR COMMISION OF CYBER CRIME

At times the government itself is involved in cyber trespassing to keep eye on other person/network/country

The reason could be politically, economically socially motivated

CYBER ESPIONAGE

7 kinds of cyber crime

(1) cyber stalking
(2) child pornography
(3) forgery and counterfeiting
(4) software piracy and crime related to IPRS
(5) cyber terrorism
(6) phishing
(7) computer vandalism

IDENTIFY WHICH KIND OF CYBER CRIME

An act of stalking, harassing or threatening someone using Internet/computer as a medium

The behaviour includes false accusations, threats, sexual exploitation to minors, monitoring, etc

CYBER STALKING

IDENTIFY WHICH KIND OF CYBER CRIME

It is an act of possessing image or video of a minor (under 18), engaged in sexual conduct

CHILD PORNOGRAPHY

IDENTIFY WHICH KIND OF CYBER CRIME

It is a use of computer to forgery and counterfeiting of a document

FORGERY AND COUNTERFEITING

(1)_____ is an illegal reproduction and distribution for personal use or business

Software piracy

What does IPR stand for?

Intellectual Property Rights

IDENTIFY WHICH KIND OF CYBER CRIME

It is defined as the use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives

CYBER TERRORISM

IDENTIFY WHICH KIND OF CYBER CRIME

It is a process of acquiring personal and sensitive information of an individual via email by disguising as a trustworthy entity in an electronic communication

PHISHING

The purpose of phishing is (1)_____ and the personal information like username, password, and credit card number etc. may be used to steal money from user account

(1) identity theft

If a telephone is used as a medium for identity theft, it is known as (1)_____

(1) Vishing (voice phishing)

Another form of phishing is (1)_____, in which sms is used to lure customers

(1) Smishing

IDENTIFY WHICH KIND OF CYBER CRIME

It is an act of physically destroying computing resources using physical force or malicious code

COMPUTER VANDALISM

It is a practice of modifying computer hardware and software to accomplish a goal outside the creator’s original purpose

COMPUTER HACKING

3 classifications of hackers

(1) white hat
(2) black hat
(3) blue hat

the persons who hack the system to find the security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers

They are popular known as ethical hackers

white hat

They find the security loopholes the system, and keep the information themselves and exploit the system for personal or organizational benefits till organization whose system is compromised is aware of this, and apply security patches

They are popularly known as crackers

black hat

someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed

blue hat

Sending of unsolicited and commercial bulk message over the internet

spamming

An email can be classified as spam, if it meets following 3 criteria

(1) mass mailing
(2) anonymity
(3) unsolicited

Taking the advantage of the reputation of these websites, some of the cyber criminals lure the customers to (1)_____ schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made

(1) online auction fraud

A form of cybercrime where the perpetrator buys or registers a domain name that is identical or similar to existing domain with the intention of profiting from a recognizable trademark, company name, or personal name

(1) Cybersquatting

The hacker gain access to a website of an organization and either blocks it or modify it to serve political, economical or social interest

WEB JACKING

Hacking the username and password of ISP of an individual and surfing the internet at his cost

Internet Time Thef

It is a cyber attack in which the network is choke and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic

DENIAL OF SERVICE ATTACK

It is an attack which proceeds with small increments and final add up to lead to a major attack

Ex: gaining access to online banking of an individual and withdrawing amount in such a small amounts that it remains unnoticed by the owner

SALAMI ATTACK

It is a process of changing the header information of an e-mail so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source

EMAIL SPOOFING