A Case Study Report On Salami Attack
A Case Study Report On Salami Attack
A Case Study Report On Salami Attack
ACKNOWLEDGEMENT
I wish to express my gratitude to all the people involved in the making of the case study for providing suitable environment for the successful completion of this study. I am thankful to guide and mentor Er. Rahul Bhandari, who is very generous in sharing his time & knowledge with me. He provided all the essential guidelines required in completing our study successfully. I would like to express my gratitude to Prof. Pooja Saxena, HOD (Department of Computer Science & Engineering). I can just say that Thank you is not enough for her tremendous support and help. I would also thank my Institution and my faculty members without whom this case study would have been a distant reality. Finally, yet importantly, I would like to express my heartfelt thanks to my beloved parents for their blessings and my friends for their help & wishes for the successful completion of this case study.
2. PREFACE
The Information Technology age has led to the emergence of a dynamic and highly specialized field of law, namely Cyber laws. The unique features of the internet, particularly, its borderless expanse, rapid technological advancements, anonymity, speed of communication & data transfer have posed multiple challenges to legislators of different countries who strive to adapt their existing laws for application in cyberspace or develop new laws to govern the virtual world. This report includes cases of Salami Attack in India as well as it also includes information about Cyber laws & Salami Attack in detail.
3. TABLE OF CONTENTS
1. 2. 3. 4. 5. 6. 7. 8. 9. ACKNOWLEDMENT ................................................................................................... 1 PREFACE ........................................................................................................................ 2 INDEX.............................................................................................................................. 3 EXECUTIVE SUMMERY ................................................................................................ 4 INTRODUCTION............................................................................................................ 5 LITERATURE REVIEW ............................................................................................... 6 METHODOLOGY ........................................................................................................ 12 STUDY ............................................................................................................................ 14 ANALYSIS ..................................................................................................................... 15
10. CONCLUSION AND RECOMMENDATIONS ......................................................... 27 11. REFERENCES AND APPENDICES .......................................................................... 18
4. EXECUTIVE SUMMARY
In this complex computer age where information is accumulated and exchanged at a rate beyond our ability to closely monitor, an attack has been formulated to shave off small pieces of these transactions. The "salami attack" executes barely noticeable small acts, such as shaving a penny from thousands of accounts or acquiring bits of information from less secure means to gain knowledge of the whole undetected. Salami attacks go mostly undetected or unreported and few have been completely substantiated. Salami tactics, also known as the salami-slice strategy, is a divide and conquer process of threats and alliances used to overcome opposition. With it, an aggressor can influence and eventually dominate a landscape, typically political, piece by piece. In this fashion, the opposition is eliminated "slice by slice" until one realizes (too late) that it's gone in its entirety. In some cases it includes the creation of several factions within the opposing political party and then dismantling that party from the inside, without causing the "sliced" sides to protest. According to the Dictionary of Modern Thought by Alan Bullock and Oliver Stallybrass, the term was coined in the late 1940s by the orthodox communist leader Mtys Rkosi to describe the actions of the Hungarian Communist Party(Hungarian: szalmitaktika). Rakosi claimed he destroyed the non-Communist parties by "cutting them off like slices of salami." By portraying his opponents as fascists (or at the very least fascist sympathizers), he was able to get the opposition to slice off its right wing, then its centrists, until only those collaborating with the Communists remained in power. This strategy was also used in the majority of eastern European countries in the second half of the 1940s.This gradual process of amassing power and control, was called Gleichschaltung by the Nazis, but is now referred to as Salamitaktik (salami tactics). The term is also used in business, where it means that someone presents problems or solutions in pieces, making it hard to see the big picture.The term "salami tactics" was used in the British political satire, Yes Prime Minister in Series 1, Episode 1, "The Grand Design". In this episode, the prime minister's chief scientific advisor opines that the Soviets won't suddenly invade western Europe, but will annex areas slice by slice and thus Prime Minister Jim Hacker realizes he will never get to push the nuclear button to stop the Soviets. Examples of salami tactics can also be found in the consumer marketplace, for example the planned obsolescence of automobile makers, in which newer vehicle models are introduced every year. In consumer electronics hardware and software, frequent small changes are often made to lure customers into purchasing intermediate products. Another well-known exponent of salami tactics in product pricing is perhaps the Irish airline Ryanair,[6] which has become infamous for its headlined cheap fares to which arrays of additional costs are added slice by slice: fees are charged for baggage check-in, issuance of boarding cards, payment by credit card, priority boarding, web check-in, etc
5. INTRODUCTION
The origin of the terminology has a double meaning and both definitions accurately describe the methodology of a salami attack. The idea of 'salami slicing' where a small piece is cut off the end with no noticeable difference in the overall length of the original is one way of looking at it. Another definition states is the creation of a larger entity comprised of many smaller scraps similar to the contents of salami. Either way, salami attacks are looked at as when negligible amounts are removed and accumulated into something larger.
6. LITERATURE REVIEW
HISTORY OF SALAMI ATTACK: The term Salami Attack is also known as a "piecemeal strategy", as used by the Nazi Party, and Adolf Hitler to achieve absolute power in Germany in the early months of 1933. First, there was the Reichstag fire of February 27, 1933, which rattled the German population and led to the Reichstag Fire Decree, which suspended many civil liberties and outlawed the Communist Party and the Social Democrats. An estimated 10,000 people were arrested in two weeks, soon followed by the Enabling Act on March 24, 1933, which gave Hitler plenary power, allowing him to bypass the Reichstag and further consolidate power. Hitler and the Nazis continued to systematically establish totalitarian control by eliminating potential opponents, such as trade unions and rival political parties. They also established organizations with mandatory membership, such as the Hitler Youth, Bund Deutscher Mdel and Arbeitsdienst. The Enabling Act was renewed in 1937 and 1941. Finally, on April 26, 1942, the Reichstag passed a law making Hitler the oberster Gerichtsherr, the supreme judge of the land, giving him power of life and death over every citizen and effectively extending the Enabling Act for the rest of the war.
http://www.networkworld.com/newsletters/sec/2002/01467137.html
SOME ATTACKS WHICH COMES UNDER SALAMI ATTACK: In the salami technique, criminals steal money or resources a bit at a time. Two different etymologies are circulating about the origins of this term. One school of security specialists claim that it refers to slicing the data thinly, like a salami. Others argue that it means building up a significant object or amount from tiny scraps, like a salami. A programmer modifies arithmetic routines, such as interest computations.
COMPUTER INTRUSIONS; There are various definitions you an find about computer intrusion and let me tell you there is no one "real" definition available. Following are some excerpts form the federal rules. Any person commits computer crime who knowingly accesses, attempts to access or uses, or attempts to use, any computer, computer system, computer network or any part thereof for the purpose of:
Devising or executing any scheme or artifice to defraud; Obtaining money, property or services by means of false or fraudulent pretenses, representations or promises; or Committing theft, including, but not limited to, theft of proprietary information. Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime. INSTANCES OF ATTACKS The more recognized form of a salami attack is taking the rounded off decimal fractions of bank transactions and transferring them into another account (Many will remember this a being a key plot point in such movies as Superman III and Office Space.). Banks often use decimal places beyond the penny when calculating amounts in terms of interest. If a customer earning interest every month has accumulated $50.125 in interest, the fraction of the penny is rounded according to the bank's system . Such an attack was reportedly perpetrated at a Canadian bank where an insider siphoned $70,000 from other customer accounts into his own. "A bank branch decided to honor the customer who had the most active account. It turned out to be an employee who had accumulated $70,000 funneling a few cents out of every account into his own." Taking such a small fraction may seem insignificant or even invisible to the victims, but when done across millions of transactions, the accumulation can be immense for the attacker. Other versions of this kind of attack involve economic gain through less precarious channels. Employees modifying computer-billing programs so that the customer is slightly overcharged on certain transactions fall into this category. One such case involved a rental agency that "modified a computer billing program to add five extra gallons to the actual gas tank capacity of their vehicles" . Customers unaware of the tank capacities would be overcharged with very little suspicion being raised. This clever technique shows that the slicing need not be directly monetary. Exploiting customer unawareness on matters such as gasoline tank size can often go unnoticed. Another example of this happened when a gas station installed modified chips to misread how much gas was being pumped. Customers began noticing that their vehicles were supposedly taking more gas than the tank could hold. Systems to keep this in check failed to notice the attack right away because "the perpetrators programmed the chips to deliver exactly the right amount of gasoline when asked for five- and 10-gallon amounts - precisely the amounts typically used by inspectors." .
Salami attacks are hard to track down and examples like this show the importance of tracking even the slightest error because it could be an sign of a bigger problem. In addition to financial gains through salami attacks, information is another asset that be accumulated in unnoticeable quantities. Acquiring small quantities of information from multiple sources or channels and piecing them together can yield a clear picture of the target. "The intelligence gathering process consists of piecing together fragments of information to predict the future. It is not tantamount to looking for a needle in a haystack, but for the right three or four pieces of hay in a haystack that will add up to a prediction of a terrorist attack." [Lake] . In this example, information about an attack can be gleamed from piecing together bits of phone conversations, emails, knowledge of where the person traveled, or where they shopped can be used to discover the overall picture of the organization.
BANKING FRAUD - PREVENTION AND CONTROL Banking Fraud is posing threat to Indian Economy. Its vibrant effect can be understood be the fact that in the year 2004 number of Cyber Crime were 347 in India which rose to 481 in 2005 showing an increase of 38.5% while I.P.C. category crime stood at 302 in 2005 including 186 cases of cyber fraud and 68 cases cyber forgery. Thus it becomes very important that occurrence of such frauds should be minimized. More upsetting is the fact that such frauds are entering in Banking Sector as well. In the present day, Global Scenario Banking System has acquired new dimensions. Banking did spread in India. Today, the banking system has entered into competitive markets in areas covering resource mobilization, human resource development, customer services and credit management as well. Indian's banking system has several outstanding achievements to its credit, the most striking of which is its reach. In fact, Indian banks are now spread out into the remotest areas of our country. Indian banking, which was operating in a highly comfortable and protected environment till the beginning of 1990s, has been pushed into the choppy waters of intense competition. A sound banking system should possess three basic characteristics to protect depositor's interest and public faith. Theses are (i) a fraud free culture, (ii) a time tested Best Practice Code, and (iii) an in house immediate grievance remedial system. All these conditions are their missing or extremely weak in India. Section 5(b) of the Banking Regulation Act, 1949 defines banking... "Banking is the accepting for the purpose of lending or investment, deposits of money from the purpose of lending or investment, deposits of money from the public, repayable on demand or otherwise and withdraw able by cheque, draft, order or otherwise." But if his money has fraudulently been drawn from the bank the latter is under strict obligation to pay the depositor. The bank therefore has to ensure at all times that the money of the depositors is not drawn fraudulently. Time has come when the security aspects of the banks have to be dealt with on priority basis.
The banking system in our country has been taking care of all segments of our socio-economic set up. The Article contains a discussion on the rise of banking frauds and various methods that can be used to avoid such frauds. A bank fraud is a deliberate act of omission or commission by any person carried out in the course of banking transactions or in the books of accounts, resulting in wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank. The relevant provisions of Indian Penal Code, Criminal Procedure Code, Indian Contract Act, and Negotiable Instruments Act relating to banking frauds has been cited in the present Article. EVOLUTION OF BANKING SYSTEM IN INDIA Banking system occupies an important place in a nation's economy. A banking institution is indispensable in a modern society. It plays a pivotal role in economic development of a country and forms the core of the money market in an advanced country. Banking industry in India has traversed a long way to assume its present stature. It has undergone a major structural transformation after the nationalization of 14 major commercial banks in 1969 and 6 more on 15 April 1980. The Indian banking system is unique and perhaps has no parallels in the banking history of any country in the world. RESERVE BANK OF INDIA-ECONOMIC AND SOCIAL OBJECTIVE The Reserve Bank of India has an important role to play in the maintenance of the exchange value of the rupee in view of the close interdependence of international trade and national economic growth and well being. This aspect is of the wider responsibly of the central bank for the maintenance of economic and financial stability. For this the bank is entrusted with the custody and the management of country's international reserves; it acts also as the agent of the government in respect of India's membership of the international monetary fund. With economic development the bank also performs a variety of developmental and promotional functions which in the past were registered being outside the normal purview of central banking. It also acts an important regulator.
DEFINITION OF FRAUD Fraud is defined as "any behavior by which one person intends to gain a dishonest advantage over another". In other words , fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise. Fraud is defined u/s 421 of the Indian Penal Code and u/s 17 of the Indian Contract Act. Thus essential elements of frauds are: 1. There must be a representation and assertion; 2. It must relate to a fact; 3. It must be with the knowledge that it is false or without belief in its truth; and 4. It must induce another to act upon the assertion in question or to do or not to do certain act. BANK FRAUDS Losses sustained by banks as a result of frauds exceed the losses due to robbery, dacoity, burglary and theft-all put together. Unauthorized credit facilities are extended for illegal gratification such as case credit allowed against pledge of goods, hypothecation of goods against bills or against book debts. Common modus operandi are, pledging of spurious goods, inletting the value of goods, hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and connivance of in negligence of bank staff, pledging of goods belonging to a third party. Goods hypothecated to a bank are found to contain obsolete stocks packed in between goods stocks and case of shortage in weight is not uncommon. An analysis made of cases brings out broadly the under mentioned four major elements responsible for the commission of frauds in banks. 1. Active involvement of the staff-both supervisor and clerical either independent of external elements or in connivance with outsiders. 2. Failure on the part of the bank staff to follow meticulously laid down instructions and guidelines. 3. External elements perpetuating frauds on banks by forgeries or manipulations of cheques, drafts and other instruments. 4. There has been a growing collusion between business, top banks executives, civil servants and politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking norms thrown to the winds. FRAUDS-PREVENTION AND DETECTION A close study of any fraud in bank reveals many common basic features. There may have been negligence or dishonesty at some stage, on part of one or more of the bank employees. One of them may have colluded with the borrower. The bank official may have been putting up with the borrower's sharp practices for a personal gain. The proper care which was expected of the staff, as custodians of banks interest may not have been taken. The bank's rules and procedures laid down in the Manual instructions and the circulars may not have been observed or may have been deliberately ignored.
10
Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud banks. But if the banker is upright and knows his job, the task of defrauder will become extremely difficult, if not possible. Detection of Frauds Despite all care and vigilance there may still be some frauds, though their number, periodicity and intensity may be considerably reduced. The following procedure would be very helpful if taken into consideration: 1. All relevant data-papers, documents etc. Should be promptly collected. Original vouchers or other papers forming the basis of the investigation should be kept under lock and key. 2. All persons in the bank who may be knowing something about the time, place a modus operandi of the fraud should be examined and their statements should be recorded. 3. The probable order of events should thereafter be reconstructed by the officer, in his own mind. 4. It is advisable to keep the central office informed about the fraud and further developments in regard thereto. Classification of Frauds and Action Required by Banks The Reserve Bank of India had set-up a high level committee in 1992 which was headed by Mr. A... Ghosh, the then Dy. Governor Reserve Bank of India to inquire into various aspects relating to frauds malpractice in banks. The committee had noticed/observed three major causes for perpetration of fraud as given hereunder: 1. Laxity in observance of the laid down system and procedures by operational and supervising staff. 2. Over confidence reposed in the clients who indulged in breach of trust. 3. Unscrupulous clients by taking advantages of the laxity in observance of established, time tested safeguards also committed frauds.
11
7. METHODOLOGY
RESEARCH FOCUS This dissertation investigates the locally constructed nature of social and moral order In Internet Relay Chat (IRC); that is, how participants reinforce existing social and moral orders, and in some cases collaboratively constructs new orders. In particular, the research explores how participants in an adult-oriented, alternative sexuality IRC channel use a range of conversational resources, including reference to rules, categorization and affiliate or aggressive humor devices, in their orientation to the local social and moral order. Members, in orienting to issues of social and moral order, perform various types of interactional work that is the work that the talk accomplishes within the interaction. This interactional work both negotiates and maintains the social and moral order of the group. Thus, the interactional maintenance and negotiation of social and moral order is reflexive each acts upon the other. In this way participants are simultaneously drawing upon the existing order as a resource for their chat, while the chat produced serves to further maintain and in some cases change this order
DEFINING SOCIAL AND MORAL ORDER Within the study, social and moral orders are viewed through an ethnomethodology lens. As such, social order refers to the practical orders, the background expectancies of our everyday lives by orienting to these practical orders of everyday experiences, participants enact the social order at a macro level. That is, social order is not static; there are many social orders at work in our daily lives. As a result, we are charged with continually choosing amongst those that could apply at any given time. This is not to say that members are required to interact in appropriate ways, as it is entirely possible for participants to act in ways which challenge the existing social and moral order, thus working in some ways to constitute a different order. Social order is underpinned by the moral foundations of everyday life due to the reflexive nature of practical action. That is, social order is a negotiated product that is produced through interaction as individuals work to define the situations in which they find themselves. This negotiation is constrained by previous interactions which are then used to determine future courses of action. As such a societys members encounter and know the moral order as perceivably normal courses of action familiar scenes of everyday affairs, the world of daily life known in common with others and with others taken for granted . Social and moral orders, then, are constituted through the practical actions of everyday life, which are produced in relation to what is known and understood within the group as normal courses of action.
12
RESEARCH METHODOLOGY Given the text-only nature of IRC interactions and the research focus on social and moral order, the methodologies of Ethnomethodology (EM), Conversation Analysis (CA) and Membership Categorization Analysis (MCA) were adopted as a means of gathering and analyzing the data. An ethnomethodology approach was utilized because it supports the analysis of data collected from one IRC chat room through member observation and it allows for treating the data as situational produced, relevant to participants within the context in which it was produced. Since watching CMC chat without participating may seem suspicious and/or rude to channel. RESEARCH ASSUMPTIONS Through evaluating the relevant literature and theories, as well as considering experiences regarding internet chat, four assumptions regarding communication and SALAMI ATTACK were formulated: 1. Language use is reflexive; it is constrained by the context in which it is used, and its use also influences the context. 2. Any segment of conversation is worthy of close study as social action. 3. Moral and social order in chat rooms is collaboratively produced and locally oriented. 4. Identities are fluid in SALAMI ATTACK interaction and co-constructed by participants in the course of interaction. The assumptions formed the basis for the research questions: 1. What conversational resources do participants in #XXXXXXX use in addressing matters of social and moral order? 2. How are these conversational resources deployed within the channel interaction? 3. What interactional work is locally accomplished through use of these resources?
13
8. STUDY
CASE 1 http://all.net/CID/Attack/papers/Salami.html In January 1993, four executives of a rental-car franchise in Florida were charged with defrauding at least 47,000 customers using a salami technique. CASE 2 https://groups.google.com/group/comp.risks/browse_frm/month/1997-01?fwc=1&pli=1 Date: Wed, 15 Jan 1997 17:07:30 PST Subject: Taco Bell-issimo Willis Robinson, 22, of Libertytown, Maryland, was sentenced to 10 years in prison (6 of which were suspended) for having reprogrammed his Taco Bell drive-up-window cash register -- causing it to ring up each $2.99 item internally as a 1-cent item, so that he could pocket $2.98 each time. He amassed $3600 before he was caught. [AP item in the *San Francisco Chronicle*, 11 Jan 1997, A11, pointed out to me by Glenn Story.] This is another version of the old salami attack. CASE 3 http://www.networkworld.com/newsletters/sec/2002/01467137.html In Los Angeles in October 1998, the district attorneys charged four men with fraud for allegedly installing computer chips in gasoline pumps that cheated consumers by overstating the amounts pumped. The problem came to light when an increasing number of consumers charged that they had been sold more gasoline than the capacity of their gas tanks. However, the fraud was difficult to prove initially because the perpetrators programmed the chips to deliver exactly the right amount of gasoline when asked for five- and 10-gallon amounts - precisely the amounts typically used by inspectors. CASE 4 http://www.networkworld.com/newsletters/sec/2002/01467137.html Cliff Stoll's famous adventures tracking down spies in the Internet began with an unexplained 75-cent discrepancy between two different resource accounting systems on Unix computers at the Keck Observatory of the Lawrence Berkeley Laboratories. Stoll's determination to 14
understand how the problem could have occurred revealed an unknown user; the investigation led to the discovery that resource-accounting records were being modified to remove evidence of system use. The rest of the story is told in Stoll's book, " The Cuckoo's Egg " (1989, Pocket Books: Simon & Schuster, New York. ISBN 0-671-72688-9).
IPC FOR SALAMI ATTACK Information Technology Act, 2000 66 B. Punishment for dishonestly receiving stolen computer resource or money or communication device Whoever dishonestly receives or retains any stolen computer resource or money or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
USA LAW FOR SALAMI ATTACK Computer Fraud and Abuse Act Threatening a protected computer with the intent of extorting money or something else of value. Punishment A knowing violation of this section is punishable by a fine, imprisonment for not more than five years, or both.
15
9. ANALYSIS
REASONS FOR CYBER CRIME: Hart in his work The Concept of Law has said human beings are vulnerable sorule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cybercrime. The reasons for the vulnerability of computers may be said to be: 1. Capacity to store data in comparatively small spaceThe computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier. 2. Easy to accessThe problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex ethnology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. 3. ComplexThe computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these facts and then penetrate into the computer system. 4. NegligenceNegligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber-criminal to gain access and control over the computer system. 5. Loss of evidenceLoss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
16
10. CONCLUSION
If there is one important lesson to learn from salami attacks, it is that even the minutest amount of information can be vitally important. Salami attacks are meant to go undetected and spread the burden of harm across a large number of transactions. Salami attacks stress the need for constant monitoring of a system and show that even minor discrepancies could be the breadcrumbs of a larger attack. Their difficulty to detect and the perpetrators often being close to the target make it one of the more elusive information attack methods.
17
11. REFERENCES
1. A.P. Taco Bell-issimo San Francisco: Chronicle, 11 Jan 1997 http://catless.ncl.ac.uk/Risks/18.76.html#subj1 2. Kabay, M.E. Salami fraud Network World Security Newsletter: 07/24/02 URL: http://www.nwfusion.com/newsletters/sec/2002/01467137.html 3. Icove, David and Seger, Karl and VonStorch, William. Computer Crime A Crime fighter's Handbook. 1995 Chapter 2 4. Lake, Anthony. Leaders and Followers: Sources of Terrorism: The Middle East Forum. March 21, 2002 URL: http://www.meforum.org/article/178 5. Krause, Micki and Tipton, Harold F. Handbook of Information Security Management: CRC Press - Auerbach Publications 1999 6. Doherty. Elementary Practical Background Material for Computer Security and Computer Warfare: Lecture URL: http://www.headtrauma.com/sclass1a.ppt 7. http://www.networkworld.com/newsletters/sec/2002/01467137.html 8. Cohen, Fred. All.Net Security Database: URL: http://all.net/CID/Attack/Attack93.html
18