Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat13:

    Name:cyber-gangs

    Complexity: These groups are generally willing to exploit commonly known attacks as well as an occasional novel attack. Perception management and dumpster diving are some of their favorite tools. They are often emboldened by group dynamics.
    fc@red.a.net

    Related Database Material

    [Attack52 - audio/video viewing]
    [Attack68 - audit suppression]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack84 - below-threshold attacks]
    [Attack78 - breaking key management systems]
    [Attack62 - call forwarding fakery]
    [Attack88 - collaborative misuse]
    [Attack91 - combinations and sequences]
    [Attack58 - content-based attacks]
    [Attack48 - data diddling]
    [Attack73 - distributed coordinated attacks]
    [Attack17 - dumpster diving]
    [Attack37 - environment corruption]
    [Attack80 - error insertion and analysis]
    [Attack67 - error-induced mis-operation]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack71 - false updates]
    [Attack18 - fictitious people]
    [Attack61 - hangup hooking]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack64 - illegal value insertion]
    [Attack45 - imperfect daemon exploits]
    [Attack41 - implied trust exploitation]
    [Attack35 - inadequate notice exploitation]
    [Attack86 - inappropriate defaults]
    [Attack69 - induced stress failures]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack63 - input overflow]
    [Attack25 - insertion in transit]
    [Attack33 - invalid values on calls]
    [Attack74 - man-in-the-middle]
    [Attack27 - modification in transit]
    [Attack72 - network service and protocol attacks]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack32 - password guessing]
    [Attack51 - PBX bugging]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack66 - privileged program misuse]
    [Attack57 - process bypassing]
    [Attack19 - protection missetting exploitation]
    [Attack89 - race conditions]
    [Attack53 - repair-replace-remove information]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack55 - shoulder surfing]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack47 - viruses]