Matakuliah : F0184/Audit atas Kecurangan
Tahun
: 2007
Computer Fraud
Pertemuan XVI
Learning Outcomes
• Mahasiswa diharapkan dapat mengidentifikasi metodemetode kecurangan berbasis komputer
• Mahasiswa diharapkan mampu mengetahui
pengendalian yang diperlukan untuk mengatasi
kecurangan berbasis komputer
3
Bina Nusantara
Outline Materi
•
•
•
•
•
Computer fraud category
Computer Fraud Theory
Nature of Computer Fraud
Type of Computer Fraud
Internal Control for Computer Fraud
4
Bina Nusantara
Characteristics of the Computer
Environment
•
•
•
•
•
Data are concentrated in one place
The storage medium is vulnerable
The audit trail may be obscure
Visible records may be nonexistent
Programs and Data can be altered leaving no trace of
the alteration
• Tampering can be carried out almost instantly
• Network increase the risks
Bina Nusantara
Characteristics of the Computer
Environment (Con’t)
•
•
•
•
Computer systems are not widely understood
Security features are not always built in
Internal control features may be inadequate
Trusted Personnel may circumvent controls
Bina Nusantara
Vulnerability in the Computer Crimes
• Almost all corporate data stored in the corporate
database
• Internal and often external parties can access to the
system
• Programs or Applications only need to be changed or
modified without permission once
• Computer system face a number of unique challenges
Bina Nusantara
Categorization of Threats to Computer
Systems
Theft, including theft of assets, data, and programs
Manipulations, including the additions or deletions of
information in data files or program
Theft of computer time
Bina Nusantara
Computer Fraud Classifications
Data
Fraud
Input
Fraud
Processor
fraud
Program
fraud
Bina Nusantara
Output
fraud
Computer Fraud Techniques
•
•
•
•
•
•
•
•
•
Adware
Data diddling
Data leakage
Denial of Service
Dictionary attack
Eavesdropping
Email forgery
Email threats
Hacking
Bina Nusantara
• Hijacking
• Identity theft
• Internet
misinformation
• Internet terrorism
• Key logger
• Logic time bomb
• Masquerading
• Packet Sniffing
Computer Fraud Techniques (Con’t)
•
•
•
•
•
•
•
Password cracking
Phishing
Phreaking
Piggybacking
Round-down
Salami techniques
Scavenging /
dumpster diving
• Shoulder surfing
Bina Nusantara
•
•
•
•
•
•
•
•
•
•
Social Engineering
Software piracy
Spamming
Spyware
Superzapping
Trap door
Trojan horse
Virus
War dialing
Worm
Prevention Method
• Develop a strong internal control system
• Proper segregation duties
• Segregate the accounting functions of authorization,
recording, and custody
• Restrict physical and remote access to authorized
personnel
• Adequate supervisory control
• Use properly designed documents and records to
capture and process transactions
• Safeguard all assets, records and data
Bina Nusantara
Prevention Method (Con’t)
• Require independent checks on performance
• Implement computer based controls over input, process,
storage, transmission, and output
• Encrypt stored and transmitted data and programs to
protect them from unauthorized access and use
• Fix known software vulnerabilities
Bina Nusantara