Question

Eagle Airlines is headquartered in Chicago. The corporate administrative offices consist of 10 buildings in a complex that spreads over four square miles. The main data center is centrally located. All the buildings in the complex contain computer users and, therefore, are connected to the main computer center by way of Ethernet cables. Recently, the company’s computer network was violated by the following scheme: A couple of college students from a nearby university purchased an inexpensive line analyzer and packet sniffer. Using this device and a notebook PC, the two students recorded everything that came across the Ethernet cable.
To their amazement, the captured data included various employee sign- on IDs and passwords for access to all the company’s major databases, including accounts payable and accounts receivable. To exploit this information, it was necessary for the students to obtain access to the company’s computer through a data terminal. This posed a problem, however, because most of the company’s data terminals were carefully guarded. To get around this, one of the students suggested that the company might have a telephone dial in port. The biggest problem, however, was finding the correct telephone number of the port. They reasoned that the company’s computer dial- in telephone number was probably very similar to the telephone number for the administrative offices. Therefore, they wrote a computer program that simply dialed one telephone number after another looking for a computer modem carrier signal. The program was set to try all numbers that matched administrative telephone numbers in the first four digits. Therefore, the program was set to test 999 different telephone numbers. This procedure worked out very well, and the company’s dial- in port was discovered on about the twentieth try. As it turned out, the computer’s number differed from the administrative number in only the last two digits.
Once into the company’s network, it then became necessary to try a scheme to try to defraud the company. After much discussion, they finally decided to order the computer’s accounts payable program to issue checks to a post office box registered under a fictitious name. Finally, the illegally obtained checks were deposited to the bank account registered to the fictitious name.
The students might have gotten away with their scheme if they had not gotten greedy. They had requested a large number of small checks totaling $ 100,000. This would have gone unnoticed; however, the checks requested bounced because there was not enough money in the company’s bank account to pay them. Once the checks bounced, the accountant immediately figured out that the checks were not supported by adequate documentation. The authorities were notified, and the students were caught while checking their post office box for mail.

Required
Discuss the specific security measures that could have been taken to prevent this scheme.



$1.99
Sales2
Views92
Comments0
  • CreatedFebruary 26, 2015
  • Files Included
Post your question
5000