Espionage or Trespass
Espionage or trespass occurs when an unauthorized individual attempts to gain illegal access to organizational information. when we discuss trespass, it is important that we distinguish between competitive intelligence and industrial espionage. competitive intelligence consists of legal information-gathering techniques, such as studying a company's website and press releases, attending trade shows, and so on. in contrast, industrial espionage crosses the legal boundary.
In addition to the many complex attacks, there are much simpler methods of obtaining valuable information. Because sensitive data is often not sufficiently protected, it can often be obtained visually, audibly or electronically.
Examples:
- | Most IT systems are protected against unauthorized use through identification and authentication functions, for example user ID and password verification. If a password is sent through the network unencrypted, an attacker could easily read it. |
- | To withdraw money from a cash point, the user needs to enter the correct PIN. Unfortunately, the visual protection at these machines is often insufficient to prevent attackers from looking over the shoulder of a customer to watch them enter their PIN. If he then steals the cash point card, he can raid the account. The customer then has the additional problem of having to prove that he was not careless with the PIN, for example by noting it on the card. |
- | To obtain access rights to a user PC, or to remotely manipulate a PC, an attacker can send a Trojan horse to the user as an attachment disguised as a useful program. Experience has shown that, despite user education, users open e-mail attachments even if they arrive unexpectedly or have strange names. As well as causing damage directly, Trojan horses can be used by outsiders to gather information about the computer to which it was sent and about the network to which it is connected. Trojan horses are often aimed at collecting passwords or other access data. |
- | In many offices, the workstations are not acoustically screened off well enough from each other. Colleagues and visitors may therefore be able to listen in on conversations at adjacent workstations to obtain information that is not intended for their ears and may even be confidential.SabotageSabotage refers to the malicious manipulation or damaging of objects with the aim of inflicting damage on the victim. Computer centers or communications links owned by an official body or company make particularly attractive targets, as a major effect can be achieved here with only slender means. External aggressors and especially insiders can selectively manipulate the complex infrastructure of a computer center through targeted attacks on important components, so as to induce equipment failures. Particularly at risk here are building-related or communications infrastructure that is inadequately protected and central supply points which are not monitored by organizational or technical means and are easy for outsiders to access unobserved. Examples
http://www.bsi.de/english/gshb/manual/t/t05.htm Extortion Extortion, out wresting, or exaction is a criminal offense, which occurs, when a person unlawfully obtains either money, property or services from a person, entity, or institution, through coercion. Refraining from doing harm is sometimes euphemistically called protection. Extortion is commonly practiced by organized crime groups. The actual obtainment of money or property is not required to commit the offense. Making a threat of violence or a lawsuit which refers to a requirement of a payment of money or property to halt future violence or lawsuit is sufficient to commit the offense. Exaction refers not only to extortion or the unlawful demanding and obtaining of something through force, additionally, exact in its formal definition means the infliction of something such as pain and suffering or to make somebody endure something unpleasant. In the United States, extortion may also be committed as a federal crime across a computer system, phone, by mail or in using any instrument of "interstate commerce." Extortion requires that the individual sent the message "willingly" and "knowingly" as elements of the crime. The message only has to be sent (but does not have to reach the intended recipient) to commit the crime of extortion. Extortion is distinguished from blackmail. In blackmail, the blackmailer threatens to do something which would be legal or normally allowed. Extortion is distinguished from robbery. In "strong arm" robbery, the offender takes goods from the victim with use of immediate force. In "robbery" goods are taken or an attempt is made to take the goods against the will of another—with or without force. A bank robbery or extortion of a bank can be committed by a letter handed by the criminal to the teller. In extortion, the victim is threatened to hand over goods, or else damage to their reputation or other harm or violence against them may occur. Under federal law extortion can be committed with or without the use of force and with or without the use of a weapon. A key difference is that extortion always involves a written or verbal threat whereas robbery can occur without any verbal or written threat (refer to U.S.C. 875 and U.S.C. 876). The term extortion is often used metaphorically to refer to usury or to price-gouging, though neither is legally considered extortion. But extortion sometimes lead to more dangerous illicit activities which raises concerns with law enforcement agencies. It is also often used loosely to refer to everyday situations where one person feels indebted against their will, to another, in order to receive an essential service or avoid legal consequences. For example, certain lawsuits, fees for services such as banking, automobile insurance, gasoline prices, and even taxation, have all been labeled "legalized extortion" by people with various social or political beliefs. http://en.wikipedia.org/wiki/Extortion |