Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing.
a. A teenage gang known as the “414s” broke into the Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank. One gang member appeared in Newsweek with the caption “Beware: Hackers at play.”
b. Daniel Baas was the systems administrator for a company that did business with Acxiom, who manages customer information for companies. Baas exceeded his authorized access and downloaded a file with 300 encrypted passwords, decrypted the password file, and downloaded Acxiom customer files containing personal information. The intrusion cost Acxiom over $5.8 million.
c. Cyber-attacks left high-profile sites such as Amazon.com, eBay, Buy.com, and CNN Interactive staggering under the weight of tens of thousands of bogus messages that tied up the retail sites’ computers and slowed the news site’s operations for hours.
d. Susan Gilmour-Latham got a call asking why she was sending the caller multiple adult text messages per day. Her account records proved the calls were not coming from her phone. Neither she nor her mobile company could explain how the messages were sent. After finding no way to block the unsavory messages, she changed her mobile number to avoid further embarrassment by association.
e. A federal grand jury in Fort Lauderdale claimed that four executives of a rental-car franchise modified a computer-billing program to add five gallons to the actual gas tank capacity of their vehicles. Over three years, 47,000 customers who returned a car without topping it off ended up paying an extra $2 to $15 for gasoline.
f. A mail-order company programmer truncated odd cents in sales-commission accounts and placed them in the last record in the commission file. Accounts were processed alphabetically, and he created a dummy sales-commission account using the name of Zwana. Three years later, the holders of the first and last sales-commission accounts were honored. Zwana was unmasked and his creator fired.
g. MicroPatent, an intellectual property firm, was notified that their proprietary information would be broadcast on the Internet if they did not pay a $17 million fee. The hacker was caught by the FBI before any damage was done.
h. When Estonia removed a Russian World War II war memorial, Estonian government and bank networks were knocked offline in a distributed DoS attack by Russian hackers. A counterfeit letter of apology for removing the memorial statue was placed on the website of Estonia’s prime minister.
i. eBay customers were notified by e-mail that their accounts had been compromised and were being restricted unless they re-registered using an accompanying hyperlink to a web page that had eBay’s logo, home page design, and internal links. The form had a place for them to enter their credit card data, ATM PINs, Social Security number, date of birth, and their mother’s maiden name. Unfortunately, eBay hadn’t sent the e-mail.
j. A teenager hijacked the eBay.de domain name and several months later the domain name for a large New York ISP. Both hijacked websites pointed to a site in Australia.
k. Travelers who logged into the Alpharetta, Georgia, airport’s Internet service had personal information stolen and picked up as many as 45 viruses. A hacker had set up a rogue wireless network with the same name as the airport’s wireless access network.
l. Criminals in Russia used a vulnerability in Microsoft’s server software to add a few lines of Java code to users’ copies of Internet Explorer. The code recorded the users’ keyboard activities, giving the criminals access to usernames and passwords at many banking websites. The attacks caused $420 million in damage.
m. America Online subscribers received a message offering free software. Users who opened the attachments unknowingly unleashed a program hidden inside another program that secretly copied the subscriber’s account name and password and forwarded them to the sender.
n. Rajendrasinh Makwana, an Indian citizen and IT contractor who worked at Fannie Mae’s Maryland facility, was terminated at 1:00 P.M. on October 24. Before his network access was revoked, he created a program to wipe out all 4,000 of Fannie Mae’s servers on the following January 31.
o. A man accessed millions of ChoicePoint files by claiming in writing and on the phone to be someone he was not.
p. A 31-year-old programmer unleashed a Visual Basic program by deliberately posting an infected document to an alt.sex Usenet newsgroup using a stolen AOL account.
The program evaded security software and infected computers using the Windows operating system and Microsoft Word. On March 26, the Melissa program appeared on thousands of e-mail systems disguised as an important message from a colleague or friend. The program sent an infected e-mail to the first 50 e-mail addresses on the users’ Outlook address book. Each infected computer would infect 50 additional computers, which in turn would infect another 50 computers. The program spread rapidly and exponentially, causing considerable damage. Many companies had to disconnect from the Internet or shut down their e-mail gateways because of the vast amount of e-mail the program was generating. The program caused more than $400 million in damages.
q. Microsoft filed a lawsuit against two Texas firms that produced software that sent incessant pop-ups resembling system warnings. The messages stated “CRITICAL ERROR MESSAGE! REGISTRY DAMAGED AND CORRUPTED” and instructed users to visit a website to download Registry Cleaner XP at a cost of $39.95.
r. As many as 114,000 websites were tricked into running database commands that installed malicious HTML code redirecting victims to a malicious web server that tried to install software to remotely control the web visitors’ computers.
s. Zeus records log-in information when the user of the infected computer logs into a list of target websites, mostly banks and other financial institutions. The user’s data is sent to a remote server where it is used and sold by cyber criminals. The new version of Zeus will significantly increase fraud losses, given that 30% of Internet users bank online.
t. It took Facebook 15 hours to kill a Facebook application that infected millions of PCs with software that displays a constant stream of pop-up ads. The program posted a “Sexiest Video Ever” message on Facebook walls that looked like it came from a friend. Clicking the link led to a Facebook installation screen, where users allowed the software to access their profiles and walls. Once approved, the application told users to download an updated, free version of a popular Windows video player. Instead, it inserted a program that displayed pop-up ads and links. A week later a “Distracting Beach Babes” message did the same thing.
u. Robert Thousand, Jr. discovered he lost $400,000 from his Ameritrade retirement account shortly after he began receiving a flood of phone calls with a 30-second recording for a sex hotline. An FBI investigation revealed that the perpetrator obtained his Ameritrade account information, called Ameritrade to change his phone number, created several VoIP accounts, and used automated dialing tools to flood the dentist’s phones in case Ameritrade called his real number. The perpetrator requested multiple monetary transfers, but Ameritrade would not process them until they reached Thousand to verify them. When the transfers did not go through, the attacker called Ameritrade, gave information to verify that he was Thousand, claimed he had been having phone troubles, and told Ameritrade he was not happy that the transfers had not gone through. Ameritrade processed the transfers, and Thousand lost $400,000.
v. The Internet Crime Complaint Center reports a “hit man” scam. The scammer claims that he has been ordered to assassinate the victim and an associate has been ordered to kill a family member. The only way to prevent the killings is to send $800 so an Islamic expatriate can leave the United States.
w. In an economic stimulus scam, individuals receive a phone call from President Obama telling them to go to a website to apply for the funds. To receive the stimulus money, victims have to enter personal identification information, complete an online application, and pay a $28 fee.