What best describes a scenario when an employee has been shaving off pennies from multiple
accounts and depositing the funds into his own bank account?

A.
Data fiddling

B.
Data diddling

C.
Data hiding

D.
Data masking

Explanation:
This kind of an attack involves altering the raw data just before it is processed by a computer and
then changing it back after the processing is completed. This kind of attack was used in the past to
make what is stated in the question, steal small quantities of money and transfer them to the
attackers account. See “Data deddling crimes” on the Web. The most correct answer is ‘Salami’, but
since that is not an option the most correct answer is data diddling. “A salami attack is committing
several small crimes with the hope that the overall larger crime will go unnoticed. ….An example
would be if an employee altered a banking software program to subtract 5 cents from each of the
bank’s customers’ accounts once a month and moved this amount to the employee’s bank account.
If this happened to all of the bank’s 50,000 customer accounts, the intruder could make up to $
30,000 a year. Data diddling refers to the alteration of existing data. Many times this modification
happens before it is entered into an application or as soon as it completes processing and is
outputted from an application. There was an incident in 1997, in Maryland, where a Taco Bell
employee was sentenced to ten years in jail because he reprogrammed the drive-up window cash
register to ring up ever 42.99 order as one penny. He collected the full amount from the customer,
put the penny in the till, and pocketed the other $2.98. He made $3600 before his arrest.” Pg. 602-
603 Shon Harris: All-In-One CISSP Certification Exam Guide