Elementary hazards

Elementary hazards

Table of contents
G 0.1 Fire........................................................................................................................................................................4
G 0.2 Unfavorable climatic conditions ..........................................................................................................................5
G 0.3 Water.....................................................................................................................................................................6
G 0.4 Pollution, dust, corrosion .....................................................................................................................................7
G 0.5 Natural disasters .....................................................................................................................................................8
G 0.6 Disasters in the environment................................................................................................................................9
G 0.7 Major events in the surrounding area.................................................................................................................10
G 0.8 Power supply failure or malfunction..................................................................................................................11
G 0.9 Failure or malfunction of communication networks ..........................................................................................12
G 0.10 Failure or disruption of supply networks .........................................................................................................13
G 0.11 Failure or disruption of service providers ........................................................................................................14
G 0.12 Electromagnetic interference radiation ............................................................................................................15
G 0.13 Interception of compromising radiation ..........................................................................................................16
G 0.14 Spying out information (espionage).................................................................................................................17
G 0.15 Listening ...........................................................................................................................................................18
G 0.16 Theft of devices, data carriers or documents...............................................................................................19
G 0.17 Loss of equipment, data carriers or documents...........................................................................................20
G 0.18 Misplanning or lack of adaptation ...................................................................................................................21
G 0.19 Disclosure of information requiring protection ...............................................................................................22
G 0.20 Information or products from unreliable source..............................................................................................23
G 0.21 Manipulation of hardware or software ............................................................................................................24
G 0.22 Manipulation of information ........................................................................................................................25
G 0.23 Unauthorized intrusion into IT systems ..........................................................................................................26
G 0.24 Destruction of equipment or data carriers ...................................................................................................27
G 0.25 Failure of equipment or systems......................................................................................................................28
G 0.26 Malfunction of devices or systems ..................................................................................................................29
G 0.27 Lack of resources ..............................................................................................................................................30
G 0.28 Software vulnerabilities or errors ....................................................................................................................31
G 0.29 Violation of laws or regulations.......................................................................................................................32
G 0.30 Unauthorized use or administration of devices and systems .....................................................................33
G 0.31 Incorrect use or administration of devices and systems .............................................................................34
G 0.32 Misuse of authorizations ..................................................................................................................................35
G 0.33 Personnel absence .............................................................................................................................................36
G 0.34 Stop ..................................................................................................................................................................37
G 0.35 Coercion, extortion or corruption ....................................................................................................................38
G 0.36 Identity theft......................................................................................................................................................39

last modified on 07.12.2020 / page 2 from 50

 Elementary hazards

G 0.37 Denial of actions ..............................................................................................................................................40

G 0.38 Misuse of personal data ...................................................................................................................................41
G 0.39 Malicious programs...........................................................................................................................................42
G 0.40 Denial of service ..............................................................................................................................................43
G 0.41 Sabotage ...........................................................................................................................................................44
G 0.42 Social engineering ............................................................................................................................................45
G 0.43 Importing messages .........................................................................................................................................46
G 0.44 Unauthorized entry into premises....................................................................................................................47
G 0.45 Data loss ...........................................................................................................................................................48
G 0.46 Loss of integrity of information worthy of protection ...................................................................................49
G 0.47 Harmful side effects of IT-based attacks .........................................................................................................50

last modified on 07.12.2020 / page 3 from 50

 Elementary hazards

G 0.1 Fire
Fires can cause severe damage to people, buildings and their equipment. In addition to direct damage
caused by fire, consequential damage can be identified that can reach catastrophic proportions in terms of its
damaging effect on information technology in particular.
Extinguishing water damage, for example, does not only occur at the site of the fire. They can also occur in
lower lying parts of the building. When PVC burns, chlorine gases are produced which, together with the
humidity in the air and the extinguishing water, form hydrochloric acid. If the hydrochloric acid vapors are
dispersed through the air conditioning system, damage can be caused in this way to sensitive electronic
equipment located in a part of the building far from the site of the fire. But "normal" fire smoke can also
have a damaging effect on IT equipment in this way.
A fire is caused not only by the negligent handling of fire (e.g. unsupervised open flames, welding and
soldering work), but also by the improper use of electrical equipment (e.g. unsupervised coffee machine,
overloading multiple sockets). Technical defects in electrical equipment can also lead to a fire.
The spread of a fire can be favored by, among other things:
• Holding up fire section doors with wedges,
• improper storage of combustible materials (e.g. waste paper),
• Failure to comply with relevant fire prevention standards and regulations,
• Lack of fire detection equipment (e.g., smoke detectors),
• missing or inoperable hand-held fire extinguishers or automatic extinguishing devices (e.g. gas
extinguishing systems),
• inadequate preventive fire protection (e.g. lack of fire barriers on cable routes or use of unsuitable
insulation materials for heat and sound insulation).
Examples:
• In the early 1990s, a major data center in the Frankfurt area suffered catastrophic fire damage that
led to a complete outage.
• It happens again and again that small electrical appliances, such as coffee machines or table lamps, are
improperly installed or set up, causing fires.

last modified on 07.12.2020 / page 4 from 50

 Elementary hazards

G 0.2 Unfavorable climatic conditions

Unfavorable climatic conditions such as heat, frost or high humidity can lead to damage of various
kinds, for example malfunctions in technical components or damage to storage media. Frequent
fluctuations in climatic conditions intensify this effect. Unfavorable climatic conditions can also result in
people being unable to work or even being injured or killed.
Every person and every technical device has a temperature range within which its normal operation or proper
function is ensured. If the ambient temperature exceeds the limits of this range upwards or downwards, work
stoppages, operational malfunctions or equipment failures may occur.
Windows of server rooms are often opened without permission for ventilation purposes. In the
transitional period (spring, fall), this can lead to the permissible humidity being exceeded due to strong
cooling in the event of large temperature fluctuations.
Examples:
• In midsummer temperatures and insufficient cooling, IT equipment can experience temperature-
related failures.
• Too much dust in IT systems can lead to heat buildup.
• Excessive temperatures can demagnetize magnetic data carriers.

last modified on 07.12.2020 / page 5 from 50

 Elementary hazards

G 0.3 Water
Water can affect the integrity and availability of information stored on analog and digital data carriers.
Information in the working memory of IT systems is also at risk. The uncontrolled entry of water into
buildings or rooms can be caused, for example, by:
• Disturbances in the water supply or sewage disposal,
• Defects of the heating system,
• Defects in air conditioners with water connection,
• Defects in sprinkler systems,
• Extinguishing water in firefighting and
• Water sabotage, e.g., by opening faucets and clogging drains.
Regardless of how water gets into buildings or rooms, there is a risk that supply facilities or IT components
will be damaged or put out of operation (short circuit, mechanical damage, rust, etc.). Especially if central
facilities of the building supply (main distribution boards for electricity, telephone, data) are located in basement
rooms without automatic drainage, penetrating water can cause very high damages.
Problems can also arise due to frost. For example, pipes in frost-prone areas can leak if water in them
stands still during prolonged frost. Existing thermal insulation is also overcome by frost over time.
Example:
• In a server room, a water pipe ran underneath the ceiling, which was covered with plasterboard
elements. When a connection of the water pipe started leaking, this was not detected in time. The
leaking water initially collected at the lowest point of the cladding before it escaped there and caused a
short circuit in the power distributor installed below. As a result, both the water and the power supply to
the affected part of the building had to be completely shut down until the final repairs were made.

last modified on 07.12.2020 / page 6 from 50

 Elementary hazards

G 0.4 Pollution, dust, corrosion

In addition to electronics, many IT devices also contain mechanically operating components, as in the case of
hard disks and removable disks, DVD drives, printers, scanners, etc., but also fans of processors and power
supplies. With increasing demands on quality and speed, these devices must operate with ever greater
precision. Even minor contamination can cause a device to malfunction. Dust and contamination can be
caused to a greater extent by the following activities, for example:
• Work on walls, raised floors or other parts of the building,
• Conversion work on the hardware or
• Unpacking actions of equipment (e.g., swirling styrofoam).
Existing safety circuits in the devices usually lead to a timely shutdown. This keeps the direct damage to
the device, the repair costs and the downtimes small, but leads to the affected device being unavailable.
The equipment and infrastructure can also b e attacked by corrosion. This can have a negative impact not only
on IT, but even on building security.
Corrosion can also indirectly cause further hazards. For example, water can escape from corroded areas (see G
0.3 Water).
Overall, contamination, dust or corrosion can thus lead to failures or damage to IT components and supply
equipment. As a result, proper information processing can be impaired.
Examples:
• When a server was installed in a media room, along with a copier and a fax machine, the processor fan
and the power supply fan were paralyzed one after the other due to the high dust load in the room. The
processor fan failure caused sporadic server crashes. The failure of the power supply fan eventually led
to overheating of the power supply resulting in a short circuit, which eventually led to a total failure of
the server.
• In order to hang up a wall panel in an office, holes were drilled in the wall by the building services
department. The employee had left his office for a short time to do this. After returning to his
workplace, he noticed that his PC was no longer working. The cause of this was drilling dust that had
penetrated the PC power supply through the ventilation slots.

last modified on 07.12.2020 / page 7 from 50

 Elementary hazards

G 0.5 Natural disasters

Natural disasters are natural changes that have devastating effects on people and infrastructures. Causes of a
natural disaster can b e seismic, climatic or volcanic phenomena, such as earthquakes, floods, landslides,
tsunamis, avalanches and volcanic eruptions. Examples of extreme meteorological phenomena include
severe weather, hurricanes, or cyclones. Depending on the institution's location, its exposure to risks
from the different types of natural disasters varies.
Examples:
• For data centers located in flood-prone areas, there is often a particular risk of uncontrolled water
entering the building (flooding or rising groundwater levels).
• The frequency of earthquakes, and thus the associated risk, is highly dependent on geographic
location.
Regardless of the type of natural disaster, even in areas not directly affected there is a risk that supply
facilities, communications links or IT components will be damaged or put out of action. In particular, the failure
of central building supply facilities (main distribution boards for electricity, telephone, data) can result in very
high damage. Operating and service personnel may be denied access to the infrastructure due to large-
scale restricted areas.
Examples:
• Many commercial enterprises, including large companies, do not take sufficient account of the risk of
flooding. One company, for example, has already been "surprised" several times by flood damage to its
data center. The data center literally swam away for the second time in 14 months. The resulting damage
amounted to several hundred thousand euros and is not covered by any insurance.
• An IT system will be located at a site whose geographic location is known for volcanic activity
(intermittent phenomenon in which emission phases alternate with sometimes long periods of
quiescence).

last modified on 07.12.2020 / page 8 from 50

 Elementary hazards

G 0.6 Disasters in the environment

An authority or a company can suffer damage if a serious accident o c c u r s in the vicinity, for example a
fire, an explosion, the release of toxic substances or the leakage of hazardous radiation. Danger exists not
only from the event itself, but also from the activities that often result from it, such as closures or rescue
measures.
An institution's properties may be exposed t o various hazards from the surrounding environment, including
traffic (road, rail, air, water), neighboring businesses, or residential areas.
Preventive or rescue measures may directly affect the properties in the process. Such measures can also
result in employees being unable to reach their workstations or personnel having to be evacuated. However,
the complexity of building technology and IT facilities can also lead to indirect problems.
Example:
• A fire in a chemical plant in the immediate vicinity of a data center (approx. 1000 m as the crow flies)
produced a powerful cloud of smoke. The data center had an air conditioning and ventilation system
that did not have any outside air monitoring. Only through the attention of an employee (the accident
happened during working hours), who followed the formation and spread, could the outside air supply be
manually switched off in time.

last modified on 07.12.2020 / page 9 from 50

 Elementary hazards

G 0.7 Major events in the surrounding area

Major events of all kinds can lead to obstructions to the proper operation of an authority or company.
These include street festivals, concerts, sporting events, labor disputes or demonstrations. Riots in
connection with such events can result in additional repercussions, such as intimidation of employees or even
the use of violence against staff or the building.
Examples:
• During the hot summer months, a demonstration took place near a data center. The situation escalated
and violence ensued. In a side street, a window of the data center area was still open, through which
a demonstrator entered and took the opportunity to steal hardware containing important data.
• During the construction of a large fair, a power line was accidentally cut. This led to an outage in a
data center supplied by this, which was, however, intercepted by the available backup power system.

last modified on 07.12.2020 / page 10 from 50

 Elementary hazards

G 0.8 Power supply failure or malfunction

Despite a high level of supply security, interruptions to the power supply occur time and again on the
part of distribution network operators (DSOs) or energy supply companies (utilities). The majority of these
interruptions, with times of less than one second, are so short that people do not notice them. But even
interruptions of more than 10 ms are likely to disrupt IT operations. In addition to disturbances in the
supply network, however, shutdowns during unannounced work or cable damage during civil engineering
work can also cause the power supply to fail.
Not only the obvious, direct power consumers (PC, lighting, etc.) depend on the power supply. Today, many
infrastructure facilities depend on electricity, e.g. elevators, air-conditioning technology, hazard alarm
systems, security gates, automatic door locking systems and sprinkler systems. Even the water supply in
high-rise buildings is dependent on electricity because of the pumps required to generate pressure on the
upper floors. In the event of prolonged power outages, the failure of the infrastructure facilities can mean
that no activities can be carried out i n t h e affected premises.
In addition to outages, other power supply malfunctions can also affect operation. Overvoltage, for
example, can lead to malfunctions or even damage to electrical equipment.
It should also be noted that power failures or disruptions in the neighborhood may also affect the company's
own business processes, for example if access roads are blocked.
Examples:
• Due to a fault in the UPS of a data center, it did not switch back to normal operation after a short power
failure. After discharging the batteries (after about 40 minutes), all computers in the affected server
room failed.
• In early 2001, there was a power emergency in California for over 40 days. The power supply situation there
w a s so tense that the California Grid Monitoring Authority ordered rotating power cuts. These power
cuts, which lasted up to 90 minutes, affected not only households but also high-tech industry.
Because alarm systems and surveillance cameras were also turned off along with the power outage,
the utilities kept their shutdown plans secret.
• In November 2005, after heavy snowfalls in Lower Saxony and North Rhine-Westphalia, many
communities were without power supply for days because many high-voltage pylons had fallen under
the snow and ice load. Restoring the power supply took several days.

last modified on 07.12.2020 / page 11 from 50

 Elementary hazards

G 0.9 Failure or malfunction of communication networks

Many business processes today require intact communication links at least some of the time, be it via telephone, fax,
e-mail or other services over local or wide-area networks. If one or more of these communication links fail over
a longer period of time, this can lead, for example, to the fact that
• Business processes can no longer be further processed because required information cannot be retrieved,
• Customers can no longer reach the institution for queries,
• Orders cannot be submitted or completed.
If time-critical applications are operated on IT systems connected via wide-area networks, the potential
damage and consequential damage caused by a network failure is correspondingly high if there are no
fallback options (e.g., connection to a second communications network).
Similar problems can occur if the required communication networks a r e disrupted, but without failing
completely. Communication links can, for example, have an increased error rate or other quality
deficiencies. Incorrect operating parameters can also lead to impairments.
Examples:
• Today, the Internet has become an indispensable communication medium for many institutions,
among other things for retrieving important information, for external presentation, and for
communicating with customers and partners. Companies that specialize i n Internet-based services
are naturally particularly dependent on a functioning Internet connection.
• As networks converge, voice and data services are often transported via the same technical
components (e.g., VoIP). However, this increases the risk that voice services and data services will fail
simultaneously in the event of a fault in the communications technology.

last modified on 07.12.2020 / page 12 from 50

 Elementary hazards

G 0.10 Failure or disruption of supply networks

There are a large number of networks in a building that serve basic supply and disposal and thus as the basis
for all of an institution's business processes, including IT. Examples of such supply networks are:
• Current,
• Phone,
• Cooling,
• Heating or ventilation,
• Water and sewage,
• Firefighting Water Supplies,
• Gas,
• Signaling and control systems (e.g. for burglary, fire, building management systems) and
• Intercoms.
The failure or disruption of a supply network can, among other things, mean that people can no longer
work in the building or that IT operations and thus information processing are impaired.
The networks are interdependent to varying degrees, so operational disruptions in any one network can
affect others.
Examples:
• A heating or ventilation failure can result in all employees having to leave the affected buildings.
Under certain circumstances, this can result in high damages.
• The failure of the power supply not only affects IT directly, but also all other networks that are equipped
with electrically operated control and regulation technology. Even wastewater pipes may contain
electric lift pumps.
• The failure of the water supply may affect the operation of air conditioning systems.

last modified on 07.12.2020 / page 13 from 50

 Elementary hazards

G 0.11 Failure or disruption of service providers

Hardly any institution today operates without service providers such as suppliers or outsourcing providers.
When organizational units are dependent on service providers, failures of external services can impair task
accomplishment. The partial or complete failure of an outsourcing service provider or supplier can have a
significant impact on business continuity, especially for critical business processes. There are various causes
for such failures, for example insolvency, unilateral termination of the contract by the service provider or supplier,
operational problems due to natural forces, for example, or staff absences. Problems can also arise if the
services provided by the service provider do not meet the quality requirements of the customer.
It should also be noted that service providers also frequently use subcontractors to perform their services
for the customer. Disruptions, quality deficiencies and failures on the part of the subcontractors can thus
indirectly lead to impairments for the client.
Business processes at the customer may also be impaired by failures of IT systems at the service provider or of
the communication links to the service provider.
Any necessary retrieval of outsourced processes may be severely hampered, for example because the
outsourced processes are not sufficiently documented or because the previous service provider does not
support the retrieval.
Examples:
• A company has installed its servers in a data center of an external service provider. After a fire in this
data center, the company's finance department was no longer able to act. Significant financial losses
were incurred by the company.
• A company's just-in-time production was dependent on the supply of operating resources from external service
providers. After a truck broke down due to a defect at the service provider, the delivery of urgently needed
parts was drastically delayed. As a result, a number of customers could not be supplied on time.
• A banking institution handled all cash transports with a cash-in-transit company. The cash-in-
transit company unexpectedly filed for bankruptcy. The arrangement and route planning with a new
cash-in-transit company took several days. As a result, there were considerable problems and time
delays in the supply and disposal of cash to the bank branches.

last modified on 07.12.2020 / page 14 from 50

 Elementary hazards

G 0.12 Electromagnetic interference radiation

Today, information technology is largely made up of electronic components. Although optical transmission
technology is increasingly being used, computers, network interface elements and storage systems, for
example, generally contain a large number of electronic components. Electromagnetic interference acting on
such components can impair the function of electronic devices or even damage them. As a result, failures,
malfunctions, incorrect processing results or communication errors can occur, among other things.
Wireless communication can also be affected by electromagnetic interference. Under certain circumstances,
a sufficiently strong interference of the frequency bands used is sufficient for this.
Furthermore, information stored on certain types of data carriers can be erased or falsified by electromagnetic
interference radiation. This applies in particular to magnetizable data carriers (hard disks, magnetic tapes,
etc.) and semiconductor memories. Damage to such data carriers by electromagnetic interference radiation
is also possible.
There are many different sources of electromagnetic fields or radiation, for example radio networks such as
WLAN, Bluetooth, GSM, UMTS etc., permanent magnets and cosmic radiation. In addition, every electrical
device emits electromagnetic waves of greater or lesser strength, which can propagate through t h e air and along
metallic conductors (e.g. cables, air conditioning ducts, heating pipes, etc.), among other things.
In Germany, the Electromagnetic Compatibility of Equipment Act (EMVG) contains regulations on this subject.

last modified on 07.12.2020 / page 15 from 50

 Elementary hazards

G 0.13 Interception of compromising radiation

Electrical devices emit electromagnetic waves. In the case of devices that process information (e.g.
computers, monitors, network interface elements, printers), this radiation can also carry the information that
is currently being processed. Such information-carrying radiation is called exposing or compromising
radiation. An attacker who is in a neighbor's house or in a vehicle parked nearby, for example, can try to
receive this radiation and u s e it to reconstruct the processed information. The confidentiality of the
information is thus called into question. One possible objective of such an attack is industrial espionage.
The limit values of the law on the electromagnetic compatibility of equipment (EMVG) are generally not
sufficient to prevent the interception of the exposing radiation. If this risk cannot be accepted, additional
protective measures must therefore generally be taken.
Exposing radiation is not limited to electromagnetic waves. Under certain circumstances, useful information
can also be obtained from sound waves, for example from printers or keyboards.
It should also be noted that in certain cases, exposing radiation can also be caused or amplified by
external manipulation of devices. For example, if a device is irradiated with electromagnetic waves, the
reflected waves may carry confidential information.

last modified on 07.12.2020 / page 16 from 50

 Elementary hazards

G 0.14 Spying out information (espionage)

Espionage refers to attacks aimed at collecting, evaluating and processing information about companies,
people, products or other target objects. The processed information can then be used, for example, to give
another company certain competitive advantages, to blackmail people or to copy a product.
In addition to a variety of technically complex attacks, there are often much simpler methods of obtaining
valuable information, for example by combining information from several publicly available sources that
may look innocuous individually but can be compromising in other contexts. Since confidential data i s
often not adequately protected, it can often be spied out by visual, acoustic or electronic means.
Examples:
• Many IT systems are protected against unauthorized use by identification and authentication
mechanisms, e.g. in the form of user ID and password checks. However, if the password is sent over the line
unencrypted, it may be possible for an attacker to read it.
• In order to withdraw money from an ATM, the correct PIN must be entered for the ec or credit card
being used. Unfortunately, the visual protection at these machines is often insufficient, so that an attacker can
easily look over a customer's shoulder when entering the PIN. If the attacker steals the card afterwards, he
can use it to plunder the account.
• In order to gain access rights to a PC or otherwise manipulate it, an attacker can send the user a Trojan
horse attached to an e-mail as an ostensibly useful program. In addition to immediate damage, Trojan
horses can be used to spy on a wide variety of information not only about the individual computer, but
also about the local network. In particular, many Trojan horses aim to spy out passwords or other access
data.
• In many offices, workstations are not acoustically well shielded from each other. As a result, colleagues and
visitors may overhear conversations and learn about information that is not intended for them or is
even confidential.

last modified on 07.12.2020 / page 17 from 50

 Elementary hazards

G 0.15 Listening
Eavesdropping refers to targeted attacks on communications links, conversations, noise sources of all kinds, or IT
systems to gather information. This starts with unnoticed, clandestine eavesdropping on a conversation
and extends to highly engineered complex attacks to intercept signals sent via radio or lines, e.g. with the help
of antennas or sensors.
Not only because of the low risk of detection, eavesdropping on cables or radio connections is a threat to
information security that should not be neglected. Basically, there are no cables that are tap-proof. The only
difference between cables is the effort required to tap them. Whether a line is actually being tapped can only
be determined with a great deal of metrological effort.
The unprotected transmission of authentication data is particularly critical in the case of plain-text protocols such
as HTTP, FTP or Telnet, as these are easy to analyze automatically due to the clear structure of the data.
The decision to intercept information somewhere is essentially determined by the question of whether the
information is worth the technical or financial effort and the risk of discovery.
The answer to this question depends very much on the individual capabilities and interests of the attacker.
Examples:
• In the case of telephone calls, it is not only the eavesdropping on conversations that can be of interest to an
attacker. The information transmitted during signaling can also b e misused by an attacker, e.g., if a
faulty setting in the terminal device causes the password to be transmitted in clear text during logon.
• In the case of unprotected or insufficiently protected radio transmission (e.g., if a WLAN is only secured
with WEP), an attacker can easily eavesdrop on the entire communication.
• E-mails can be read throughout their journey through the network if they are not encrypted.
Unencrypted e-mails should therefore not be compared with classic letters, but with postcards.

last modified on 07.12.2020 / page 18 from 50

 Elementary hazards

G 0.16 Theft of devices, data carriers or documents

The theft of data carriers, IT systems, accessories, software or data results on the one hand in costs for
replacement as well as for restoring a working condition, and on the other hand in losses due to lack of
availability. If confidential information i s disclosed as a result of the theft, this can result in further damage.
In addition to servers and other expensive IT systems, mobile IT systems that are inconspicuous and easy to
transport are also frequently stolen. However, there are also cases where data carriers, such as documents or
USB sticks, have been deliberately stolen in order to gain access to the confidential information stored on
them.
Examples:
• In spring 2000, a notebook disappeared from the U.S. State Department. In an official statement, it was
not ruled out that the device might contain confidential information. Nor was it known whether the
device was cryptographically or otherwise secured against unauthorized access.
• A German federal office was broken into several times through the same unsecured windows. In
addition to other valuables, mobile IT systems also disappeared. Whether files were copied or
manipulated could not be ruled out beyond doubt.
• In the UK, there have been a number of data breaches in which confidential records have been
exposed because disks were stolen. In one case, several computer hard drives were stolen from the British
Air Force that contained very personal information that had been collected for security clearance of
personnel.
• An employee of a call center made copies of a large amount of confidential customer data shortly before he
had to leave the company. After leaving the company, he then sold this data to competitors. As details
about the incident subsequently leaked to the press, the call center lost many important customers.

last modified on 07.12.2020 / page 19 from 50

 Elementary hazards

G 0.17 Loss of equipment, data carriers or documents

There are a variety of causes that can lead to the loss of devices, data carriers and documents. This directly
affects availability, but confidential information can also fall into unauthorized hands if the data carriers are
not fully encrypted. Costs are incurred for the replacement of devices or data carriers, but also when they
reappear, information may have been disclosed or unwanted programs may have been installed.
Mobile devices and mobile data media in particular can be easily lost. Today, huge amounts of data can be
stored on small memory cards. But it also happens time and again that documents in paper form are
accidentally left behind, for example in restaurants or on public transport.
Examples:
• An employee uses the streetcar ride to her workplace to look through some documents. As she frantically gets
off at her destination stop, she accidentally leaves the papers on the seat next to her. Although the documents
are not confidential, several signatures of high-ranking executives subsequently have to be obtained
again.
• At a major event, an employee accidentally and unnoticed drops a memory card with confidential
calculations on the floor while searching in his briefcase. The finder views the contents on his laptop and
sells the information to the competition.
• A manufacturer sends troubleshooting software update CDs to its customers by mail. Some of these CDs are
lost in transit without the sender or recipient being informed. As a result, the software malfunctions at the
affected customers.

last modified on 07.12.2020 / page 20 from 50

 Elementary hazards

G 0.18 Misplanning or lack of adaptation

If organizational processes that directly or indirectly serve information processing are not properly
designed, this can lead to security problems. Although each individual process step is carried out correctly,
damage often occurs because processes as a whole are incorrectly defined.
Another possible cause of security problems are dependencies with other processes t h a t themselves have no
obvious relation to information processing. Such dependencies can easily be overlooked during planning and
thus trigger impairments during operation.
Security problems can also arise when tasks, roles or responsibilities are not clearly assigned. Among other
things, this can cause processes to be delayed, safety measures to be neglected, or regulations to be
disregarded.
Danger also exists if devices, products, processes or other means for realizing information processing are
not used appropriately. The selection of an unsuitable product or weaknesses in the application architecture or
network design, for example, can lead to security problems.
Examples:
• If maintenance or repair processes are not aligned with business requirements, this can result in
unacceptable downtime.
• There may be an increased risk from attacks on the company's own IT systems if security requirements
are not taken into account when procuring information technology.
• If needed consumables are not provided in a timely manner, IT processes that depend on them can stall.
• Vulnerabilities can arise if unsuitable transmission protocols are selected when planning an IT
procedure.
Information technology and the entire environment of an authority or a company are constantly
changing. Whether employees leave or join the company, new hardware or software is procured, or a supplier
goes bankrupt. If the necessary organizational and technical adjustments are not or only insufficiently taken
into account, hazards can arise.
Examples:
• Due to structural changes in the building, existing escape routes are altered. As employees have not been
adequately briefed, the building cannot be evacuated in the required time.
• When transmitting electronic documents, no care is taken to use a data format that is readable by the
receiving side.

last modified on 07.12.2020 / page 21 from 50

 Elementary hazards

G 0.19 Disclosure of information requiring protection

Confidential data and information must only be accessible to persons authorized to take note of it.
Alongside integrity and availability, confidentiality is one of the fundamental values of information
security. Confidential information (such as passwords, personal data, company or official secrets,
development data) is subject to the inherent risk of being disclosed due to technical failure, carelessness or
even deliberate actions.
This confidential information can b e accessed at different points, for example
• on storage media within computers (hard disks),
• on removable storage media (USB sticks, CDs or DVDs),
• in printed form on paper (printouts, files) and
• on transmission paths during data transmission.
The way information is disclosed can also v a r y widely, for example:
• unauthorized reading of files,
• careless passing on, e.g. in the course of repair orders,
• insufficient deletion or destruction of data carriers,
• Theft of the data carrier and subsequent evaluation,
• Transmission line tapping,
• Infection of IT systems with malware,
• Reading along on the screen or listening to conversations.
If sensitive information is disclosed, this c a n have serious consequences for an institution. Among other things,
the loss of confidentiality can lead to the following negative consequences for an institution:
• Violation of laws, for example, data protection, banking secrecy,
• Negative internal effect, for example, demoralization of employees,
• Negative external impact, for example, impairment of relationships with business partners, lost
trust of customers,
• Financial implications, for example, claims for damages, fines, legal costs,
• Impairment of the right to informational self-determination.
A loss of confidentiality is not always noticed immediately. It is often only later that it becomes apparent, for
example through press inquiries, that unauthorized persons have gained access to confidential information.
Example:
• Buyers of used computers, hard disks, cell phones or similar devices often find highly confidential
information such as patient data or account numbers on them.

last modified on 07.12.2020 / page 22 from 50

 Elementary hazards

G 0.20 Information or products from unreliable source

If information, software or devices are used that originate from unreliable sources or whose origin and
correctness have not been adequately checked, their use can entail high risks. Among other things, this can
lead to business-relevant information being based on an incorrect database, calculations producing incorrect
results, or incorrect decisions being made. Equally, however, the integrity and availability of IT systems can
also be impaired.
Examples:
• A recipient may be tricked into performing certain actions that are detrimental to him or others by
emails whose origin he has not checked. For example, the e-mail may contain interesting attachments
or links that, when clicked on, lead to malware being installed on the recipient's computer. The sender of
the e-mail may be fake or imitate that of a known communication partner.
• The assumption that a statement is true because it is "in the newspaper" or "was broadcast on TV" is not
always justified. As a result, false statements can be incorporated into business-critical reports.
• The reliability of information disseminated via the Internet varies widely. If statements are taken from the
Internet without further source checks, incorrect decisions can result.
• If updates or patches are applied from untrusted sources, this can lead to undesirable side effects. If the
origin of software is not checked, there is an increased risk that IT systems will be infected with malicious
code.

last modified on 07.12.2020 / page 23 from 50

 Elementary hazards

G 0.21 Manipulation of hardware or software

Manipulation is defined as any form of targeted but clandestine intervention to change target objects of any kind
without being noticed. Manipulation of hardware or software can be carried out, among other things, out
of a sense of revenge, to deliberately c a u s e damage, to gain personal advantages or to enrich o n e s e l f . The
focus may be on devices of all k i n d s , accessories, data carriers (e.g. DVDs, USB sticks), applications,
databases or similar.
Manipulation of hardware and software does not always result in immediate damage. However, if the
information processed with it is compromised, this can result in all kinds of security implications (loss of
confidentiality, integrity or availability). The tampering can be more effective the later it is discovered, the
more extensive the knowledge of the perpetrators, and the more profound t h e impact on a work process. The
effects range from unauthorized access to data worthy of protection to the destruction of data carriers or IT
systems. Manipulations can also result in considerable downtime.
Examples:
• In a Swiss financial company, an employee had manipulated the application software for certain
financial services. This enabled him to illegally obtain larger sums of money.
• By manipulating ATMs, attackers have repeatedly succeeded in reading the data stored on
payment cards without authorization. In conjunction with spied-out PINs, this data was then later
misused to withdraw money at the expense of the cardholder.

last modified on 07.12.2020 / page 24 from 50

 Elementary hazards

G 0.22 Manipulation of information

Information can be manipulated in many ways, e.g. by incorrectly or intentionally recording data, changing the
content of database fields or correspondence.
In principle, this applies not only to digital information, but also to paper documents, for example.
However, a perpetrator can only manipulate the information to which he has access. The more access rights
a person has to files and directories of IT systems, or the more access they have to information, the more
serious manipulations they can carry out. If the manipulations are not detected at an early stage, the smooth
running of business processes and specialist tasks can be severely disrupted as a result.
Archived documents usually represent information worth protecting. The manipulation of such documents is
particularly serious, as it may only be noticed after years and verification is then often no longer possible.
Example:
• An employee was so annoyed about the promotion of her roommate in the accounting department that she
gained unauthorized access to her colleague's computer during a short absence. Here, she has had an
enormous negative impact on the company's published annual results by making some changes to
the figures in the monthly balance sheet.

last modified on 07.12.2020 / page 25 from 50

 Elementary hazards

G 0.23 Unauthorized intrusion into IT systems

In principle, every interface on an IT system not only involves the possibility of authorized use of certain IT
system services, but also the risk of unauthorized access to the IT system.
Examples:
• If a user ID and the associated password are spied out, unauthorized use of the applications or IT
systems protected with them is conceivable.
• Hackers could gain unauthorized access to IT systems via inadequately secured remote maintenance
access points.
• If the interfaces of active network components are inadequately secured, it is conceivable that
attackers could gain unauthorized access to the network component. If they also manage to overcome
the local security mechanisms, e .g., have obtained administrative authorizations, they could perform all
administrative activities.
• Many IT systems have interfaces for the use of exchangeable data storage devices, such a s additional
memory cards or USB storage media. If an IT system with the corresponding hardware and software is left
unattended, there is a risk that large amounts of data can be read out unauthorized or malware can be
introduced.

last modified on 07.12.2020 / page 26 from 50

 Elementary hazards

G 0.24 Destruction of devices or data carriers

Negligence, improper use, but also untrained handling can lead to destruction of devices and data carriers,
which can severely disrupt the operation of the IT system.
There is also a risk that destruction will result in the loss of important information that cannot be reconstructed or
can only be reconstructed with great effort.
Examples:
• At one company, an inside perpetrator used his knowledge that a key server was sensitive to
excessive operating temperatures and blocked the ventilation slots for the power supply fan with an
object hidden behind the server. Two days later, the hard drive in the server suffered a temperature-related
failure, and the server went down for several days.
• An employee had become so angry about the repeated crashing of the system that he took his anger out
on his workstation computer. In the process, the hard drive was so badly damaged by kicks to the
computer that it became unusable. The data stored here could only be partially reconstructed by a
backup from the previous day.
• Coffee cups that are knocked over or moisture that penetrates when watering flowers can cause short
circuits in an IT system.

last modified on 07.12.2020 / page 27 from 50

 Elementary hazards

G 0.25 Failure of equipment or systems

If time-critical applications are operated on an IT system, the consequential damage after a system failure is
correspondingly high if there are no fallback options.
Examples:
• Firmware is imported into an IT system that is not intended for this type of system. The IT system then no
longer starts without errors and must be made ready for operation again by the manufacturer.
• At an Internet service provider (ISP), a power supply error in a storage system caused it to shut down.
Although the actual fault was quickly rectified, the affected IT systems could not be restarted
afterwards due to inconsistencies in the file system. As a result, several web servers operated by the
ISP were unavailable for days.

last modified on 07.12.2020 / page 28 from 50

 Elementary hazards

G 0.26 Malfunction of devices or systems

Today, devices and systems used for information processing often have many functions and therefore have a
correspondingly complex structure. In principle, this applies to both hardware and software
components. Due to the complexity, there are many different sources of error in such components. As a result,
devices and systems repeatedly fail to function as intended, leading to security problems.
There are many causes for malfunctions, for example material fatigue, manufacturing tolerances, conceptual
weaknesses, exceeding of limit values, unintended operating conditions or lack of maintenance. Since there are
no perfect devices and systems, a certain residual probability of malfunction must always be accepted anyway.
All basic values of information security (confidentiality, integrity, availability) can be impaired by
malfunctions of devices or systems. In addition, malfunctions may also go unnoticed for a longer period of time.
This means, for example, that calculation results may be falsified and not corrected in time.
Examples:
• Due to a clogged ventilation grille, a storage system overheats. As a result, the system does not fail
completely, but only shows sporadic malfunctions. Only a few weeks later is it noticed that the stored
information is incomplete.
• A standard scientific application is used to perform a statistical analysis for a pre-collected dataset stored in a
database. However, according to the documentation, the application is not released for the database product
used. The analysis appears to work, but random checks reveal that the calculated results are incorrect.
Compatibility problems between the application and the database were identified as the cause.

last modified on 07.12.2020 / page 29 from 50

 Elementary hazards

G 0.27 Lack of resources

If the available resources in an area are insufficient, this can lead to bottlenecks in the supply of these
resources and even to overloads and failures. Depending on the type of resources affected, a small event, the
occurrence of which was also foreseeable, can ultimately affect a large number of business processes.
Resource shortages can occur in IT operations and communications links, but also in other areas of an
institution. If insufficient personnel, time and financial resources are made available for certain tasks, this
can have a variety of negative effects. For example, roles required in projects may not be filled by appropriate
people. If operating resources such as hardware or software are no longer sufficient to meet the
requirements, specialist tasks may not be successfully processed.
Often, deficiencies in terms of personnel, time, finances, technology and other factors can still be
compensated for during regular operations for a limited period of time. Under high time pressure, however,
they become all the more apparent, for example in emergency situations.
Resources can also be intentionally overloaded if someone intentionally generates an intensive demand for a
resource and thereby provokes an intensive and permanent disruption of the resource, see also G 0.40 Denial of
service.
Examples:
• Overloaded electrical cables heat u p , this can lead to a smoldering fire if they are not installed properly.
• If new applications are operated on the network with higher bandwidth requirements than taken into
account at the time of planning, this can lead to a loss of availability of the entire network if the
network infrastructure cannot be scaled sufficiently.
• If administrators only sporadically check the log files of the IT they support due to overload, attacks
may not be detected in a timely manner.
• Web servers can b e so overloaded by a high volume of requests arriving at the same time that regulated
access to data becomes almost impossible.
• When a company i s in insolvency proceedings, there may b e no money for urgently needed spare parts or
important service providers may not be able to be paid.

last modified on 07.12.2020 / page 30 from 50

 Elementary hazards

G 0.28 Software vulnerabilities or errors

The following applies to any software: the more complex it is, the more frequently errors occur. Even with
intensive testing, not all errors are usually discovered before delivery to the customer. If software errors are
not detected in time, the crashes or errors that occur in the application can lead to far-reaching consequences.
Examples of this are incorrect calculation results, wrong decisions by the management level and delays in the
flow of business processes.
Software vulnerabilities or errors can lead to serious security gaps in an application, an IT system or all IT
systems networked with it. Under certain circumstances, such security vulnerabilities can be exploited by
attackers to introduce malware, read unauthorized data, or carry out manipulations.
Examples:
• Most of the alerts issued by Computer Emergency Response Teams (CERTs) in recent years have been
related to security-related programming errors. These are errors that occur during the creation of software and
mean that this software can be misused by attackers. A large proportion of these errors were caused by
memory overflows (buffer overflow).
• Internet browsers are an important software component on clients today. Browsers are often used not only
to access the Internet, but also for internal web applications in companies and government agencies.
Software vulnerabilities or errors in browsers can therefore have a particularly strong impact on
information security as a whole.

last modified on 07.12.2020 / page 31 from 50

 Elementary hazards

G 0.29 Violation of laws or regulations

If an institution's information, business processes and IT systems are inadequately secured (for example,
through inadequate security management), this can lead to violations of legal provisions relating to
information processing or existing contracts with business partners. Which laws must be observed in each
case depends on the nature of the institution or its business processes and services. Depending on where an
institution's sites are located, different national regulations may also need to be observed. The following
examples illustrate this:
• The handling of personal data in Germany is governed by a large number of regulations. These include
the Federal Data Protection Act (Bundesdatenschutzgesetz) and the state data protection laws
(Landesdatenschutzgesetze), but also a large number of area-specific regulations.
• The management of a company is obliged to exercise appropriate care in all business processes. This also
includes observing recognized security measures. In Germany, various legal provisions such as KonTraG
(Law on Control and Transparency in B u s i n e s s ), GmbHG (Law on Limited Liability Companies) or AktG
(Stock Corporation Act) apply, from which corresponding obligations for action and liability of the
management or the Executive Board of a company can be derived with regard to risk management and
information security.
• The proper processing of accounting-relevant data is governed by various laws and regulations. In
Germany, these include the German Commercial Code (e.g. HGB §§ 238 ff.) and the German Fiscal
Code (AO). The proper processing of information naturally includes its secure processing. In many
countries, both of these aspects must be regularly verified, for example by auditors as part of the audit of
the annual financial statements. If serious security deficiencies are identified during this process, a
positive audit report cannot be issued.
• In many sectors (e.g., the automotive industry), it is common for manufacturers to require their
suppliers to comply with certain quality and safety standards. In this context, requirements are also
increasingly being placed on information security. If a contractual partner violates contractually
regulated security requirements, this can result in contractual penalties, but also in the termination of
contracts or even the loss of business relationships.
Only a few safety requirements result directly from legislation. However, legislation is generally based on the
state of the art as a general assessment basis for the degree of achievable security. If the existing security
measures at an institution are not in a healthy relationship to the values to be protected and the state of
the art, this can have serious consequences.

last modified on 07.12.2020 / page 32 from 50

 Elementary hazards

G 0.30 Unauthorized use or administration of devices and systems

Without suitable mechanisms for access, access control and access control, it is practically impossible to
prevent or detect unauthorized use of devices and systems. For IT systems, the basic mechanism is user
identification and authentication. But even in IT systems with a strong identification and authentication
function, unauthorized use is conceivable if the corresponding security features (passwords, smart cards, tokens,
etc.) fall into the wrong hands. Many mistakes can also b e made when assigning and maintaining authorizations,
for example if authorizations are assigned too widely or to unauthorized persons or are not updated
promptly.
Unauthorized persons can obtain confidential information, carry out manipulations or cause malfunctions
through the unauthorized use of devices and systems.
A particularly important special case of unauthorized use is unauthorized administration. If unauthorized persons
change the configuration or operating parameters of hardware or software components, serious damage can
result.
Example:
• While checking logging data, a network administrator came across initially unexplained events that
occurred on different days, but frequently in the early morning and afternoon. Upon closer investigation, it
turned out that a WLAN router was configured insecurely. People waiting at the bus stop in front of the
company building used this access to surf the Internet with their mobile devices while waiting.

last modified on 07.12.2020 / page 33 from 50

 Elementary hazards

G 0.31 Incorrect use or administration of devices and systems

Incorrect or improper use of devices, systems and applications can compromise their security, especially
if existing security measures are disregarded or bypassed. This often leads to malfunctions or failures.
Depending on the types of devices or systems used incorrectly, however, the confidentiality and integrity of
information can also be breached.
A particularly important special case of faulty use is faulty administration. Errors in the installation,
configuration, maintenance and care of hardware or software components can result in serious damage.
For example, overly generous permissions, easily guessed passwords, inadequately protected data carriers
with backup copies, or terminals that are not locked during temporary absences can lead to security
incidents.
Similarly, the incorrect operation of IT systems or applications can also cause data to be accidentally deleted or
modified. However, this could also result in confidential information becoming public, for example if
access rights are set incorrectly.
If power or mains cables are laid unprotected, they can be damaged unintentionally, causing connections to
fail. Device connection cables can b e torn out if employees or visitors trip over them.

last modified on 07.12.2020 / page 34 from 50

 Elementary hazards

G 0.32 Misuse of authorizations

Depending on their roles and tasks, people are given appropriate access, entry and access permissions. On
the one hand, this is intended to manage and control access to information, and on the other hand to enable
people to perform certain tasks. For example, people or groups need certain authorizations to be able to run
applications or edit information.
Misuse of authorizations occurs when legally or unlawfully acquired opportunities are intentionally used
outside the intended scope. The aim is often to gain personal advantages or to harm an institution or certain
persons.
In quite a few cases, for historical, system, or other reasons, individuals have higher or more extensive access,
entry, or access rights than they need for their jobs.
These rights can be abused for attacks under certain circumstances. Examples:
• The more fine-grained the design o f access rights to information, the greater the maintenance effort
required to keep these rights up to date. There is therefore a risk that too little differentiation is made
between the various roles when assigning access rights, making it easier to misuse the authorizations.
• In various applications, access permissions or passwords are stored in system areas that can also be
accessed by other users. This could allow attackers to change the permissions or read passwords.
• People with overly generous permissions might be tempted to access someone else's files, for
example, to view someone else's e-mail because certain information is urgently needed.

last modified on 07.12.2020 / page 35 from 50

 Elementary hazards

G 0.33 Personnel absence

The loss of personnel can have a significant impact on an institution and its business processes. Personnel
can be unpredictably absent due to illness, accident, death or strike, for example. Furthermore, the
foreseeable loss of personnel in the event of vacation, further training or a regular termination of the
employment relationship must also be taken into account, especially if the remaining working time is
reduced, for example, due to a vacation entitlement. A loss of personnel can also be caused by an internal
change of job.
Examples:
• Due to prolonged illness, the network administrator of a company remained off duty. In the
affected company, the network initially continued to run without errors. However, after two weeks,
following a system crash, no one was able to fix the error, as there was only this administrator trained
in network operation. This led to a network outage for several days.
• During an administrator's vacation, an institution needed to access the backup media in the data
backup vault. The access code to the vault had been changed only a short time before and was known
only to this administrator. Only after several days could the data restoration be carried out because
the administrator was not available sooner while on vacation.
• In the event of a pandemic, more and more staff are gradually absent for longer periods, whether due
to the illness itself, the need to care for relatives or to look after children. Some employees also stay off duty
for fear of infection on public transport or in the institution. As a result, only the most necessary work can
be done. The necessary maintenance of the systems, be it the central server or the air conditioning in the data
center, can no longer be provided. Gradually, more and more systems fail as a result.

last modified on 07.12.2020 / page 36 from 50

 Elementary hazards

G 0.34 Stop
An attack can threaten a n institution, specific areas of the institution, or individuals. There are many
technical ways to carry out an attack: thrown bricks, explosion by explosives, use of firearms, arson. Whether and
to what extent an institution is exposed to the risk of an attack depends not only on the location and environment
of the building but also to a large extent on its tasks and the political-social climate. Companies and government
agencies that operate in areas of political controversy are more at risk than others. Institutions near
common demonstration staging areas are more at risk than those in remote locations. In Germany, the state
criminal investigation offices or the Federal Criminal Police Office can be consulted for advice on
assessing the threat or in the event of suspected threats from politically motivated attacks.
Examples:
• In the 1980s, an explosive attack was carried out on the data center of a major federal authority in
Cologne. The high impact of the explosive device destroyed not only windows and walls, but also many
IT systems in the data center.
• The attack on the World Trade Center in New York on September 11, 2001, not only killed many
people, but also destroyed numerous IT facilities. As a result, several companies experienced
considerable difficulties in continuing their business operations.

last modified on 07.12.2020 / page 37 from 50

 Elementary hazards

G 0.35 Coercion, extortion or corruption

Coercion, extortion or corruption can lead to the security of information or business processes being
compromised. For example, by threatening violence or other disadvantages, an attacker may try to get the victim
to disregard security policies or circumvent security measures (coercion).
Instead of threatening, attackers can also deliberately offer money or other benefits to make employees or others
the instrument for security breaches (corruption). For example, there is a risk that a bribed employee will
forward confidential documents to unauthorized persons.
Coercion or corruption can in principle compromise all the fundamental values of information security.
Among other things, attacks can be aimed at p a s s i n g confidential information to unauthorized persons,
manipulating business-critical information, or disrupting the smooth running of business processes.
There is a particular danger when such attacks are directed against high-ranking executives or persons in special
positions of trust.

last modified on 07.12.2020 / page 38 from 50

 Elementary hazards

G 0.36 Identity theft

In identity theft, an attacker f a k e s a false identity, i.e., he uses information about another person to appear in
his name. For this purpose, data such as date of birth, address, credit card or account numbers are used,
for example, to register with an Internet service provider at someone else's expense or to enrich
themselves in some other way.
Identity theft often also leads directly or indirectly to reputational damage, but also causes a great deal of time
to be spent on clarifying the causes and averting negative consequences for those affected. Some forms of
identity fraud are also referred to as masquerade.
Identity theft i s particularly common where identity verification is handled too carelessly, especially when
expensive services are based on it.
A person who has been deceived about the identity of his or her communication partner can easily be tricked
into disclosing information that requires protection.
Examples:
• With various e-mail providers and auction platforms on the Internet, it was initially sufficient to
think up an imaginary name and to underlay it with a suitable address from the telephone directory
in order to register. At first, attackers could also register under recognizably invented names, such as
those of cartoon characters. When more stringent plausibility tests were introduced, the names, addresses
and account numbers of real people were also used. Those affected only found out about this when they
received the first payment requests.
• The sender addresses of e-mails are easy to forge. It happens time and again that users are fooled in this way
into thinking that an e-mail originates from a trustworthy communication partner. Similar attacks are
possible by manipulating the caller ID for voice connections or by manipulating the sender ID for fax
connections.
• An attacker can use a masquerade to try to hook into an already existing connection without having
to authenticate himself, since this step has already been gone through by the original communication
participants.

last modified on 07.12.2020 / page 39 from 50

 Elementary hazards

G 0.37 Denial of actions

People may deny having committed certain actions for various reasons, for example, because these actions
violate instructions, safety requirements, or even laws. But they might also deny having received a
notification, for example because they f o r g o t an appointment. In the field of information security, therefore,
the emphasis is often on bindingness, a property that i s used to ensure that actions that have been taken cannot
be denied without justification. In the English-speaking world, the term non-repudiation is used for this.
In the case of communication, an additional distinction is made as to whether a communication
participant denies the receipt of a message (repudiation of r e c e i p t ) or the transmission (repudiation of origin).
Denying receipt of a message can be important, for example, in financial transactions,
z. For example, if someone denies having received an invoice on time. It can also happen that a communication
participant denies sending a message, e.g. denies having placed an order. The sending or receiving of messages can
be denied in the same way when sending messages by post a s when using fax or e-mail.
Example:
• An urgently needed spare part is ordered electronically. After a week, a complaint is made about
the missing part; in the meantime, high costs have been incurred due to the loss of production.
The supplier denies ever having received an order.

last modified on 07.12.2020 / page 40 from 50

 Elementary hazards

G 0.38 Misuse of personal data

Personal data is almost always information that requires special protection. Typical examples are information
about the personal or factual circumstances of an identified or identifiable natural person. If the
protection of personal data i s not adequately ensured, there is a risk that the data subject's social position or
economic circumstances may be impaired.
Misuse of personal data may occur, for example, if an institution collects too much personal data, has collected it
without a legal basis or consent, uses it for a purpose other than that permitted when it was collected, deletes
personal data too late, or discloses it without authorization.
Examples:
• Personal data may only be processed for the purpose for which it was collected or stored for the first
time. It is therefore not permissible to use log files in which the logon and logoff of users to IT systems
are recorded exclusively for access control purposes to monitor presence and behavior.
• People who have access to personal data could share it without authorization. For example, an
employee at the reception desk of a hotel could sell guests' login data to advertising companies.

last modified on 07.12.2020 / page 41 from 50

 Elementary hazards

G 0.39 Malicious programs

A malware program is a software developed with the purpose of performing unwanted and mostly harmful
functions. Typical types of malware include viruses, worms and Trojan horses. Malicious programs usually
become active secretly, without the user's knowledge and consent.
Nowadays, malware offers an attacker extensive communication and control options and possesses a
wide range of functions. Among other things, malware can target passwords, remotely control systems,
disable protective software and spy on data.
As damage, the loss or corruption of information or applications in particular is of the greatest significance here.
But the loss of image and the financial damage that can result from malware are also of great significance.
Examples:
• In the past, the W32/Bugbear malware spread in two ways: it searched for computers with write-accessible
shares on local networks and copied itself to them. It also sent itself as an HTML email to recipients in the
email address book of infected computers. Due to a bug in the HTML routine of certain email programs, the
malicious program was executed there when the message was opened, without any further action on
the part of the recipient.
• The W32/Klez malware spread in different variants. Infected computers sent the virus to all recipients in the
computer's email address book. Once this virus had infected a computer, it prevented the installation of
anti-virus programs from widespread manufacturers by continuously manipulating the operating
system, making it much more difficult to disinfect t h e infected computers.

last modified on 07.12.2020 / page 42 from 50

 Elementary hazards

G 0.40 Denial of service

There are a variety of different forms of attack aimed at preventing the intended use of certain services,
functions or devices. The generic term for such attacks is "denial of service". The term "DoS attack" is also
frequently used.
Such attacks can come from disgruntled employees or customers, but also from competitors, blackmailers or
politically motivated perpetrators. The target of the attacks can be business-relevant assets of all kinds. Typical
manifestations of DoS attacks are
• Disruption of business processes, e.g. by flooding the order acceptance department with incorrect
orders,
• Impairment of the infrastructure, e.g. by blocking the doors of the institution,
• Causing IT failures, e.g. by deliberately overloading the services of a server in the network.
This type of attack is often related to distributed resources, in that an attacker makes such heavy demands
on these resources that they are no longer available to the actual users. For example, IT-based attacks can
artificially deplete the following resources: Processes, CPU time, memory, disk space, transmission
capacity.
Example:
• In the spring of 2007, a number of Internet sites in Estonia were subjected to lengthy and severe DoS
attacks. As a result, the use of information and services on the Internet in Estonia was significantly
impaired.

last modified on 07.12.2020 / page 43 from 50

 Elementary hazards

G 0.41 Sabotage
Sabotage refers to the deliberate manipulation or damage of objects or processes with the aim of causing
damage to the victim. Data centers or communication links of authorities or companies can b e particularly
attractive targets, since a great effect can be achieved here with relatively small means.
The complex infrastructure of a data center can be manipulated selectively to cause operational
disruptions by deliberately influencing important components, possibly by perpetrators from the
outside, but above all by internal perpetrators. Particularly at risk are inadequately protected technical
building or communications infrastructures and central supply points that may not be monitored from an
organizational or technical perspective and are easily accessible to external parties without being observed.
Examples:
• In a large data center, tampering with the UPS led to a temporary total failure. The perpetrator had
repeatedly switched the UPS to bypass manually and then manipulated the building's main power supply. In
total, four outages took place in three years. In some cases, there was even hardware damage. The service
interruptions lasted between 40 and 130 minutes.
• Sanitary facilities were also housed within a data center. By clogging the drains and opening the water
supply at the same time, water penetrated central technical components. The damage caused in this way led
to interruptions in the operation of the productive system.
• Sabotage p o s e s a particular risk for electronic archives, as many documents worthy of protection are
usually stored in a small space. Under certain circumstances, this can cause a great deal of damage
through targeted, low-effort manipulation.

last modified on 07.12.2020 / page 44 from 50

 Elementary hazards

G 0.42 Social engineering

Social engineering is a method of gaining unauthorized access to information or IT systems through social
actions. Social engineering exploits human characteristics such as helpfulness, trust, fear or respect for
authority. As a result, employees can be manipulated into acting improperly. A typical case of attacks using
social engineering is the manipulation of employees by telephone call, in which the attacker pretends to be, for
example:
• Front office worker whose supervisor wants to do something quickly, but has forgotten his password
and now needs it urgently,
• Administrator calling about a system error, as he still needs the user's password to fix the error.
When critical queries come, the curious person is supposedly "just a temp" or an "important" personality.
Another strategy in systematic social engineering is to build up a longer relationship with the victim. By
making many unimportant phone calls in advance, the attacker can gather knowledge and build trust that he
can exploit later.
Such attacks can also b e multi-stage, building in further steps on knowledge and techniques acquired in previous
stages.
Many users know that they must not share passwords with anyone. Social engineers know this and therefore have
to use other means to reach the desired target. Examples of this are:
• An attacker may ask the victim to execute commands or applications unknown to him, e.g. because this
is to help with an IT problem. This may be a hidden instruction to change access rights. In this way, the
attacker can obtain sensitive information.
• Many users use strong passwords, but they are used for multiple accounts. If an attacker runs a useful
network service (such as an email address system) that requires users to authenticate themselves, they
can get the passwords and logins they want. Many users will use the credentials they use for that service
on other services as well.
When attackers obtain passwords or other authentication features without permission, for example with the
help of social engineering, this is often referred to as "phishing" (a made-up word from "password" and
"fishing").
In social engineering, the attacker does not always appear visibly. Often, the victim never learns that he or
she has been exploited. If this is successful, the attacker does not have to expect prosecution and also has a
source to obtain further information later.

last modified on 07.12.2020 / page 45 from 50

 Elementary hazards

G 0.43 Importing messages

In this form of attack, attackers send specially prepared messages to systems or people with the aim of
achieving an advantage for themselves or damage for the victim. To construct the messages appropriately,
the attackers use, for example, interface descriptions, protocol specifications, or records of past
communication behavior.
There are two special cases of message importing that are important in practice:
• In a "replay attack" (replaying of messages), attackers record valid messages and replay this information
(almost) unchanged at a later time. It can also be sufficient to use only parts of a message, such as a
password, to gain unauthorized access to an IT system.
• In a man-in-the-middle attack, the attacker unnoticed assumes an intermediary position in the
communication between different participants. To do this, he usually pretends to b e the actual
recipient of a message to the sender, and he pretends to be the actual sender to the recipient. If this succeeds,
the attacker can thereby receive messages that are not intended for him and evaluate and deliberately
manipulate them before forwarding them to the actual recipient.
Encryption of communications does not provide protection against man-in-the-middle attacks if there is no
secure authentication of the communication partners.
Examples:
• An attacker records the authentication data (e.g., user ID and password) during a user's login process and
uses this information to gain access to a system. In the case of purely static authentication protocols,
this means that even a password transmitted in encrypted form can be used to gain unauthorized access to
a third-party system.
• To cause financial harm to the employer (company or government agency), an employee places an
approved order multiple times.

last modified on 07.12.2020 / page 46 from 50

 Elementary hazards

G 0.44 Unauthorized entry into premises

If unauthorized persons enter a building or individual premises, this can result in various other dangers.
These include, for example, theft or manipulation of information or IT systems. In the case of qualified
attacks, the decisive factor is the length of time during which the perpetrators can pursue their goal
undisturbed.
Often, the perpetrators want to steal valuable IT components or other goods that can be easily sold. However,
the aim of a break-in can also be to obtain confidential information, carry out manipulations or disrupt business
processes, among other things.
Thus, several types of damage can result from unauthorized entry into premises:
• Even unauthorized entry can cause property damage. Windows and/or doors are forced open and
damaged in the process; they must be repaired or replaced.
• Stolen, damaged or destroyed devices or components must b e repaired or replaced.
• Damage may result from a breach of confidentiality, integrity or availability of information or
applications.
Examples:
• Vandalism
• During a break-in at a company on a weekend, only minor damage was caused by prying open a
window; only a coffee cash box and minor furnishings were stolen. During a routine check, however, it was
later discovered that a central server had been cleverly manipulated at the exact time of the break-in.

last modified on 07.12.2020 / page 47 from 50

 Elementary hazards

G 0.45 Data loss

A data loss is an event that results in a data stock no longer being able to be used as required (loss of
availability). A common form of data loss is when data is deleted unintentionally or without authorization,
for example as a result of operating errors, malfunctions, power failures, contamination or malware.
However, data loss can also result from damage, loss or theft of devices or data carriers. This risk is often
particularly high for mobile devices and mobile data carriers.
Furthermore, it should be noted that many mobile IT systems are not always online. The data stored on these
systems is therefore not always up to date. When data inventories are synchronized between mobile IT
systems and stationary IT systems, data can be lost through carelessness or malfunction.
Examples:
• The PDA falls out of the shirt pocket and shatters on the tiles, a cell phone is retrieved by the dog instead of
the newspaper, unfortunately with consequences. Such and similar events are the causes of many total
losses of data from mobile devices.
• There are malware programs that specifically delete data on infected IT systems. With some malware,
the deletion function is not executed immediately upon infection, but only when a defined event occurs,
for example, when the system clock reaches a certain date.
• Many Internet services can be used to store information online. If the password is forgotten and not
stored, the stored information may no longer b e accessible unless the service provider offers a suitable
password reset procedure.
• Hard disks and other mass storage media only have a limited service life. If no suitable redundancy
measures are taken, technical defects can lead to data loss.

last modified on 07.12.2020 / page 48 from 50

 Elementary hazards

G 0.46 Loss of integrity of information worthy of protection

The integrity of information can be compromised by a variety of causes, including tampering, human error,
application misuse, software malfunction, or transmission errors.
• The aging of data media can lead to information loss.
• Transmission errors: Transmission errors may occur during data transmission.
• Malicious programs: Malicious programs c a n alter or destroy entire data sets.
• Incorrect entries: Incorrect entries can lead to transactions that are so undesirable that they often go
unnoticed for a long time.
• Attackers can attempt to manipulate data for their own purposes, e.g., to gain access to other IT
systems or databases.
• By manipulating the index database, electronic archives can be induced to archive or reproduce forged
documents.
When information l a c k s integrity, a variety of problems can arise:
• In the simplest case, information can no longer be read, i.e. processed.
• Data can be inadvertently or intentionally falsified in such a way that false information is passed on.
This could, for example, trigger transfers in the wrong amount or to the wrong recipient, the sender
details of e-mails could be manipulated, or much more.
• If encrypted or compressed data sets lose their integrity (the change of one bit is sufficient here), they
may no longer be decrypted or unpacked.
• The same applies to cryptographic keys; here, too, the change of one bit is enough for t h e keys to become
unusable. This then also means that data can no longer be decrypted or checked for authenticity.
• Documents stored in electronic archives lose evidential value if their integrity cannot be proven.

last modified on 07.12.2020 / page 49 from 50

 Elementary hazards

G 0.47 Harmful side effects of IT-based attacks

IT-supported attacks can have effects that are
• are not intended by the perpetrators or
• do not affect the directly attacked target objects or
• harm uninvolved third parties.
The reasons for this are the high complexity and interconnectedness of modern information technology
and the fact that the dependencies of the attacked target objects and the associated processes are usually not
obvious.
Among other things, this can result in the actual protection needs of target objects being incorrectly assessed or in
those responsible for the target objects having no vested interest in remedying deficiencies in these target
objects.
Examples:
• Bots installed on IT systems, which the perpetrators can use to carry out distributed denial-of-service
(DDoS) attacks, often p o s e no direct threat to the infected IT systems themselves, because DDoS attacks
are u s u a l l y directed against third-party IT systems.
• Vulnerabilities of IoT devices in WLANs can be used by perpetrators as a gateway to attack other more
important devices in the same WLAN. Therefore, such IoT devices must be protected even if they
themselves have only a low protection requirement.
• Ransomware attacks on IT systems can trigger chain reactions under certain circumstances and thus also
affect critical infrastructures. This in turn could lead to supply bottlenecks for the population, even though
the perpetrators may not have intended this.

last modified on 07.12.2020 / page 50 from 50