What is Salami Attack ?

Spread The Knowledge

“Salami Slicing Attack” or “Salami Fraud” is a technique by which Cyber-criminals steal money or resources a bit at a time so that there’s no noticeable difference in overall size. The perpetrator gets away with these little pieces from a large number of resources and thus accumulates a considerable amount over a period of time. The essence of this method is the failure to detect the misappropriation. The most classic approach is “collect-the-round off” technique. Salami Attack consists of merging bits of seemingly inconsequential data to produce huge results. A simple example is when an attacker/forger removes Rs. 0.01 (1 paise) from each bank account. No one will notice such a tiny mismatch. But when one paise is deducted from all account holders of that bank; it produces a huge amount. Computer computations many a times rounded off to nearest small fractions. It is while doing such corrections many bankers tries to rob money. A small attack that transform into a large attack is known Salami attack. It is sometimes called Salami slicing, because the attack goes almost unnoticed by the victims due to the nature of the attack. In general, Salami slicing is defined as anything that is reduced interested in minor activities or segments. Most calculations are carried out in a particular currency are rounded off up to the nearest number. If a programmer decides to collect these excess fractions of money to a separate account, no net loss to the system seems apparent. This is done by carefully transferring the funds into the perpetrator’s account. Attackers insert a program into the system to automatically carry out the task. Logic bombs may also be employed by unsatisfied greedy employees who exploit their know-how of the network and/or privileged access to the system. In this technique, the criminal programs the arithmetic calculators to automatically modify data, such as in interest calculations.

Stealing money electronically is the most common use of the Salami slicing technique, but it’s not restricted to money laundering. The Salami technique can also be applied to gather little bits of information over a period of time to deduce an overall picture of an organization. This act of distributed information gathering may be against an individual or an organization. Data can be collected from web sites, advertisements, documents collected from trash cans, and the like, gradually building up a whole database of factual intelligence about the target. Since the amount of misappropriation is just below the threshold of perception, organizations need to be more vigilant. Careful examination of company assets, transactions and every other dealing including sharing of confidential information with others might help reduce the chances of an attack by this method.