Computer FraudPertemuan XVI

Matakuliah : F0184/Audit atas KecuranganTahun : 2007

Bina Nusantara

• Mahasiswa diharapkan dapat mengidentifikasi metode-metode kecurangan berbasis komputer

• Mahasiswa diharapkan mampu mengetahui pengendalian yang diperlukan untuk mengatasi kecurangan berbasis komputer

Learning Outcomes

3

Bina Nusantara

• Computer fraud category • Computer Fraud Theory• Nature of Computer Fraud• Type of Computer Fraud• Internal Control for Computer Fraud

Outline Materi

4

Characteristics of the Computer Environment

• Data are concentrated in one place• The storage medium is vulnerable• The audit trail may be obscure• Visible records may be nonexistent• Programs and Data can be altered leaving no

trace of the alteration• Tampering can be carried out almost instantly• Network increase the risks

Bina Nusantara

Characteristics of the Computer Environment (Con’t)

• Computer systems are not widely understood• Security features are not always built in• Internal control features may be inadequate• Trusted Personnel may circumvent controls

Bina Nusantara

Vulnerability in the Computer Crimes• Almost all corporate data stored in the corporate

database• Internal and often external parties can access to

the system• Programs or Applications only need to be

changed or modified without permission once• Computer system face a number of unique

challenges

Bina Nusantara

Categorization of Threats to Computer Systems

Theft, including theft of assets, data, and programs

Manipulations, including the additions or deletions of information in data files or program

Theft of computer time

Bina Nusantara

Computer Fraud Classifications

Bina Nusantara

Computer Fraud Techniques• Adware• Data diddling• Data leakage• Denial of Service• Dictionary attack• Eavesdropping• Email forgery• Email threats• Hacking

• Hijacking• Identity theft• Internet

misinformation• Internet terrorism• Key logger• Logic time bomb• Masquerading• Packet Sniffing

Bina Nusantara

Computer Fraud Techniques (Con’t)• Password cracking• Phishing• Phreaking• Piggybacking• Round-down• Salami techniques• Scavenging /

dumpster diving• Shoulder surfing

• Social Engineering• Software piracy• Spamming• Spyware• Superzapping• Trap door• Trojan horse• Virus• War dialing• WormBina Nusantara

Prevention Method• Develop a strong internal control system• Proper segregation duties• Segregate the accounting functions of

authorization, recording, and custody• Restrict physical and remote access to authorized

personnel• Adequate supervisory control• Use properly designed documents and records to

capture and process transactions• Safeguard all assets, records and data

Bina Nusantara

Prevention Method (Con’t)• Require independent checks on performance• Implement computer based controls over input,

process, storage, transmission, and output• Encrypt stored and transmitted data and

programs to protect them from unauthorized access and use

• Fix known software vulnerabilities

Bina Nusantara