Examples of general threats and a control
Types of attack
Botnets
Bots are items of automated software running over the internet. A botnet is a group of computers controlled by a “bot herder.” Computer users can unwittingly add their computer to the group by visiting a rogue website. A botnet often comprises in excess of a million computers. (See “Zombie.”)
Man-in-the-middle attack
In this type of attack the attacker gets in between two parties who are communicating. See Figure A.2.
Relay attack
In a “relay attack” (think relay race) information is relayed from one place to another by the fraudster, without the victim being aware of it. An example of a relay attack is when a legitimate restaurant customer in the UK or Ireland is given a fake terminal by a waiter, who is a thief, and asked to give the details of their Chip and PIN card. The terminal communicates with the thief’s accomplice in a jewelry shop, who uses a fake card in the shop’s valid terminal. Not only have the thieves purchased jewelry, but the diner customer sees $10 displayed whereas $100 has been charged.
Replay attack
In replay attacks the attacker observes the format of data being transmitted and sends copies of data in the same format whenever the attacker wishes.
Rootkit
A rootkit is a set of software tools that a third party installs on a computer system for use after gaining access to the system. They conceal the running of processes and their associated files and data, which give access to a system without the user’s knowledge. A rootkit serves to conceal malicious software such as spyware.
A security control
Nonce
A nonce is a number used to initiate a communications session; a different number is used for each session. For example, in the scenario shown in Figure A.3 Alice and Bob share a secret method of encrypting a nonce (x).
