Salami Attack ppt

19
A Presentation On Salami Attack Presented to: Mr. Anuj Rai Mrs. Swati Vijay Presented by: Harsh Data IV Year, B.tech (IT)

description

It is a seminar ppt. It is give on Salami attack.

Transcript of Salami Attack ppt

Slide 1

APresentation OnSalami Attack

Presented to:Mr. Anuj RaiMrs. Swati Vijay

Presented by:Harsh DataIV Year, B.tech (IT)

OUTLINECyber CrimesSalami AttackForms Of Salami AttackSalami SlicingPenny ShavingCase Study 1Case Study 2PreventionActsReferences

Cyber CrimesCrimes that involve a computer or a computer network.

Motive of causing physical or mental harm maligning the reputation of the victim, financial gains or threatening matters of security.

Computer may be used in the commission of crime or it may be the target.

Salami AttackA salami attack is a form of cyber crime usually used for the purpose of committing financial crimes in which criminals steal money or resources a bit at a time from financial accounts on a system.

A salami attack is when small attacks add up to one major attack.

These attacks often go undetected due to the nature of this type of cyber crime.

Forms Of Salami AttackMajor forms of salami attack are :

Salami Slicing

Penny Shaving

Salami Slicing Salami slicing is when the attacker uses an online database to seize the information of customers, that is bank/credit card details.

The attacker deducts minuscule amounts from every account over a period of time.

Salami Slicing (Contd.)

These amounts naturally add up to large sums of money that is unnoticeably taken from the collective accounts. Most people do not report the deduction, often letting it go because of the amount involved.

Penny Shaving

Penny shaving is the fraudulent practice of stealing money repeatedly in extremely small quantities.

By taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions.

The idea is to make the change small enough that any single transaction will go undetected.

Penny Shaving (Contd.)

Case Study 1 In California, Between November and March of2008, Michael Largent, a 21 year old wrote aprogram.

which allowed him to take advantage of the practice ofchallenge deposits which companies like Google, E*Trade, Charles Schwab, and othercompanies use to validate a clientsbank account .

Case Study 1 (Contd.) Theprogram set up more than 58,000 useraccounts which resulted inchallenge transactions between $0.01 to $2.00 tobe sent to accounts belonging to Largent; the funds, amounting to somewhere between $40,000 and$50,000, were then transferred into other accounts belonging to Largent.

Animportant element of Largents fraud is that his program created accounts using fraudulent names and socialsecurity numbers which under 18 U.S.C.

Case Study 2 In Pune, city-based senior High Court lawyer Amit Kumar Bhowmik, lost Rs 180 after getting three calls from an unknown number during August 2013.He had received three blank calls on his mobile phone from an unknown number (+9126530000300).

When he checked his billing account with Airtel online, he realised he was charged Rs 60 for each call.

Case Study 2 (contd.) Annoyed with the repeated badgering, Bhowmik lodged a complaint with the Cyber Crime Cell of the Pune police crime branch.

The Cyber Crime Cell failed to trace the location or identify the user of the phone yet, as the privacy policies of mobile companies have been a hurdle in the tracking down of the offenders.

Victims hardly ever approach the Cyber Crime Cell, so racketeers consider this method a safe way to make big money.

PreventionBanks have to update their security so that the attacker doesnt familiarize himself/herself with the way the framework is designed.

Banks should advise customers on reporting any kind of money deduction that they arent aware that they were a part of.

Customers should ideally not store information online when it comes to bank details.

ACTS Salami Attacks:

Anyone found guilty for salami attacks are liable for punishment under Section 66 IT Act.

Accessing protected system:

Any unauthorized person who secures or attempts to secure access to a protected system is liable to be punished with imprisonment, which may extend to 10 years and may also be liable to fine.This is an offence under Section 70 in IT Act, 2000.

ACTS (Contd.) Penalty for breach of confidentiality and privacy:

Any person who has secured access to any electronic record, information, document etc. and discloses these to any other person, is liable to be punished with imprisonment, which may extend to two years, or with fine of about one lakh rupees.

This is an offence under Section 70 in IT Act, 2000.

Conclusion Salami Attack is a type of cyber crime of stealing money in small fractions.

It can be of two forms : Salami Slicing and Penny Shaving.

The harm caused is so miniscule that it remains unnoticed.

If found guilty for salami attack, the attacker is liable for imprisonment under Section 66 IT Act 2000.

References[1] http://cybcrime.blogspot.in/2012/08/salami-attack.html

[2] http://www.punemirror.in/pune/cover-story/Salami-attacks-are-latest-phishing-hack/articleshow/31278235.cms

[3] http://all.net/CID/Attack/papers/Salami2.html

[4] http://ethical-hacking-gzb.blogspot.in/2011/06/salami-attack.html

Thank You