Page 1368 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1368

Financial Attacks


               Financial attacks are carried out to unlawfully obtain money or
               services. They are the type of computer crime you most commonly
               hear about in the news. The goal of a financial attack could be to steal
               credit card numbers, increase the balance in a bank account, or place
               “free” long-distance telephone calls.

               Shoplifting and burglary are both examples of financial attacks. You

               can usually tell the sophistication of the attacker by the dollar amount
               of the damages. Less sophisticated attackers seek easier targets, but
               although the damages are usually minimal, they can add up over time.

               Financial attacks launched by sophisticated attackers can result in
               substantial damages. Even attacks that siphon off small amounts of
               money in each transaction can accumulate and become serious
               financial attacks that result in losses amounting to millions of dollars.

               As with the attacks previously described, the ease with which you can
               detect an attack and track an attacker is largely dependent on the
               attacker’s skill level.


               Terrorist Attacks

               Terrorist attacks are a reality in modern society. Our increasing

               reliance on information systems makes them more and more attractive
               to terrorists. Such attacks differ from military and intelligence attacks.
               The purpose of a terrorist attack is to disrupt normal life and instill
               fear, whereas a military or intelligence attack is designed to extract
               secret information. Intelligence gathering generally precedes any type

               of terrorist attack. The very systems that are victims of a terrorist
               attack were probably compromised in an earlier attack to collect
               intelligence. The more diligent you are in detecting attacks of any type,
               the better prepared you will be to intervene before more serious
               attacks occur.

               Possible targets of a computer terrorist attack could be systems that
               regulate power plants or control telecommunications or power

               distribution. Many such control and regulatory systems are
               computerized and vulnerable to terrorist action. In fact, the possibility
               exists of a simultaneous physical and computerized terrorist attack.
   1363   1364   1365   1366   1367   1368   1369   1370   1371   1372   1373