Malicious Hackers xxvii
Introduction
6. Finally, they ask for up-front or advance fees for various taxes,
processing fees, license fees, registration fees, attorney fees, etc.
Employee Sabotage
Probably the easiest form of employee sabotage known to all system admin-
istrators is “accidental” spillage. The act of intentionally spilling coffee or
soda on a keyboard for the purpose of making the computer unusable for
some time is a criminal offense. Proving the spillage was deliberate however,
is next to impossible, without the aid of hidden cameras or other surveil-
lance techniques. Some administrators have even experienced severe cases
where servers have been turned off over a weekend resulting in unavailabil-
ity, data loss, and the incurred but needless cost of hours of troubleshooting
by someone. Employees are the people who are most familiar with their
employer’s computers and applications. They know what actions can cause
damage, mischief, or sabotage. The number of incidents of employee sabo-
tage is believed to be much smaller than the instances of theft, but the cost
of such incidents can be quite high [14].
As long as people feel unjustly treated, cheated, bored, harassed, endan-
gered, or betrayed at work, sabotage will be used as a method of achieving
revenge or a twisted sense of job satisfaction. Later in this book, we will
show how implementing methods of strict access control can prevent seri-
ous sabotage acts.
Infrastructure Attacks
Devastating results can occur from the loss of supporting infrastructure.
This infrastructure loss can include power failures (outages, spikes, and
brownouts), loss of communications, water outages and leaks, sewer prob-
lems, lack of transportation services, fire, flood, civil unrest, and strikes. A
loss of infrastructure often results in system downtime, sometimes in the
most unexpected ways. Countermeasures against loss of physical and infra-
structure support include the addition of redundant systems and the estab-
lishment of recurring backup processes. Because of the damage these types
of threats can cause, the Critical Infrastructure Protection Act was enacted.
Malicious Hackers
The term “malicious hacker” refers to someone who breaks into computers
without authorization. Malicious hackers can be outsiders or insiders. The
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
