A salami attack is when small attacks add up to
one major attack that can go undetected due to the nature of this type of cyber
crime. It also known as salami slicing/penny shaving where the attacker uses an
online database to seize the information of customers, that is bank/credit card
details, deducting minuscule amounts from every account over a period of time.
These amounts naturally add up to large sums of money that is unnoticeably
taken from the collective accounts. Most people do not report the deduction,
often letting it go because of the amount involved. This could be a fraction of
a cent, so as to avoid suspicion from the unsuspecting customer states Raj B Lonsane.
The victims that take the fall for such acts are
usually bank holders, and websites that store account information like PayPal.
It can be quite scary to have amounts disappear in large portions at once,
making it a onetime incident for the company. Raj B Lonsane states that the amount of money that is then
lost cannot be replaced by the company, leading them to take on court battles without
the money to replace what is lost. Therefore for an insider to do this on a
regular basis, he/she deducts money slyly in small quantities without having
the customer in question, take notice.
How to
Avoid a Salami Attack
A company that protects personal account
information of a customer has to be on the lookout for individuals who wish to
put them in a compromising situation when it comes to another’s funds. Raj B Lonsane states that it is
important to know how to tackle this from an angle that is highly
sophisticated.
a)
Banks have to update their
security so that the attacker doesn’t familiarize himself/herself with the way
the framework is designed, before finally hacking into it states Raj B Lonsane.
b) Raj B Lonsane adds that banks should advise customers
on reporting any kind of money deduction that they aren’t aware that they were
a part of. Whether a small or big amount, banks should encourage customers to
come forward and openly tell them that this could mean that an act of fraud
could very well be the scenario.
c) Most Important according to Raj B Lonsane is that Customers should ideally not
store information online when it comes to bank details, but of course they
can’t help the fact that banks rely on a network that has all customers hooked
onto a common platform of transactions that require a database. The safe thing
to do is to make sure the bank/website is highly trusted and hasn’t been a part
of a slanderous past that involved fraud in any way.
A salami attack can seem innocent at first,
especially if people do not keep track of their finances when it exits their
accounts. A lot of people aren’t aware of how money comes and goes, with
attackers taking the advantage for such indifference on the part of customers.
In the world of cyber criminals, these acts are a way at the end of it all, to seize
funds as a way of going against the company for personal reasons, or for no
reason at all.
Raj B Lonsane states that a common case of a salami attack is what is
called the ‘collect the roundoff’ technique, where a programmer tweaks the
arithmetic code sequence, where the calculation exceeds the customary two/three
that is meant for financial record keeping. It is like when the currency is in
dollars, the roundoff is made to the nearest penny half the time, where it can
be lesser the other times. If these fractions are collected, they can then
amount to quite a sum of money that financial companies will not take notice of.
Another major cause found a programmer cutting off 20 to 30 cents per account
two or three times a year, where it went unnoticed by account holders who
didn’t pay much attention to small amount deducted.
Salami attacking is a security issue that many
places have had to deal with given the malicious intent of those who break
through the security that these financial institutions have on their databases. Raj B Lonsane states that Cyber crime amounts to devastating and overseen attacks that plague the world
we live in. Security officials are battling it out on the Internet every day to
keep the attacks under control, without breaching it on a national or worldwide
scale.
Companies of a financial nature need to know how
important it is to practice safety measures of keeping the public safe from
such crimes says Raj b Lonsane. Salami attacks are usually done from those who work within the
company – evaluating employees who have access to these accounts is crucial,
especially when they have access to large sums of money and people’s personal
account details.