One unique type of cyber attack.

1. SALAMI ATTACK
Prepared by: Santosh Kavhar
Sumit Bharsawde

2. True Meaning
The thin
slice here
is a part of
“SALAMI”
Looks Yummy !!!

3. Definition
• One type of computer crime that gets mentioned in
introductory courses or in conversations among
security experts is the salami fraud. In the salami
technique, criminals steal money or resources a bit at a
time. Two different etymologies are circulating about
the origins of this term.
• One school of security specialists claim that it refers to
slicing the data thin – like a salami.
• Others argue that it means building up a significant
object or amount from tiny scraps – like a salami.

4. Origin

5. How It’s Done
• The classic story about a salami attack is the old “collect-
the-round off” trick. In this scam, a programmer modifies
the arithmetic routines such as interest computations.
Typically, the calculations are carried out to several decimal
places beyond the customary 2 or 3 kept for financial
records.
• For example, when currency is in Rupee, the round off goes
up to the nearest paisa about half the time and down the
rest of the time. If the programmer arranges to collect
these fractions of paisa in a separate account, a sizable
fund can grow with no warning to the financial institution.
• Statutory Warning: Don’t try it until you are an expert or
you love Indian Jails.

6. The Difference
• Remember 1.01365 =37.78...
• While 0.99365 =0.02…

7. Salami Attack In Student’s Life
• There is this person who
Eats from everybody's tiffin
Leaving his own at home, its
kind of Partial Salami Attack,
but it is definitely an Attack.
• Writing Research or Assignments without
mentioning the Researchers.

8. Past Cases
• In January 1993, four executives of a rental-car
franchise in Florida were charged with defrauding at
least 47,000 customers using a salami technique.
• In Los Angeles, in October 1998, district attorneys
charged four men with fraud for allegedly installing
computer chips in gasoline pumps that cheated
consumers by overstating the amounts pumped.
• In 2008, a man was arrested for fraudulently creating
58,000 accounts which he used to collect money
through verification deposits from online brokerage
firms a few cents at a time.

9. Movies on SALAMI Attack
• Office Space
• Blackhat
• Hackers
• Superman III

10. Prevention or Cure
• There is no Prevention for this!!!
• Its because normal humans will always stay vulnerable to attacks for
whatsoever reasons.
• There are cures however.

11. Cure from SALAMI Attack
• Unfortunately, salami attacks are designed to be difficult to detect. The
only hope is that random audits, especially of financial data, will pick up
a pattern of discrepancies and lead to discovery.
• As any accountant will warn, even a tiny error must be tracked down,
since it may indicate a much larger problem.
• For example, Cliff Stoll's famous adventures tracking down spies in the
Internet began with an unexplained $0.75 discrepancy between two
different resource accounting systems on UNIX computers at the Keck
Observatory of the Lawrence Berkeley Laboratories. Stoll's
determination to understand how the problem could have occurred
revealed an unknown user; investigation led to the discovery that
resource-accounting records were being modified to remove evidence of
system use. The rest of the story is told in Stoll’s book.

12. Trying to Avoid the
SALAMI Attack
• The main resolution for this attack is educating the user.
Only through user awareness, we can avoid this.
• Users should report back to the bank or the concerned
authority if they notice any deductions without their
knowledge even if it is a small amount.
• Don’t store any personal bank information like credit card,
debit card number in any of the online websites, these days
we are getting an option of saving our card details in
different websites.
• Another important thing is to track your money, most
people don’t know their remaining balance in the account.

13. Conclusion
• SALAMI Attack is a type of serious cyber
crime, can be financial or data theft related.
• Moral: Don’t ignore what appear to be errors
in computer-based financial or other
accounting systems.
• Boond Boond se hi Samandar banta hai…
• Satark rahe, Savdhan rahe. Kyuki JURM aapki
chaukhat pe dastak de sakta hai. Jai Hind.

14. References
• Salami fraud By M. E. Kabay Network World
Security Newsletter, 07/24/02.
• "Hacker takes $50,000 a few cents at a time". PC
Pro. 2008-05-28.
• "The Salami Technique“
• Salami Fraud by M. E. Kabay, PhD, CISSP,
Associate Professor, Computer Information
Systems, Norwich University, Northfield VT.
• www.fraudfighting.org
• Images from various sources.