Espionage refers to attacks with the aim of collecting, evaluating and processing information
about companies, people, products or other target objects. The processed information can then
be used, for example, in order to obtain a specific competitive edge for another company,
extort people or be able to copy a product.
In addition to the large number of technically complex attacks, there are often much simpler
methods for obtaining valuable information, for example, by combining information from
several publicly accessible sources, which seem to be harmless separately, but can be
compromising in other contexts. Since confidential data is not adequately protected in many
cases, it is possible to obtain this data using visual, acoustic, or electronic methods.
Examples:
• Many IT systems are protected against unauthorised use by identification and
authentication mechanisms, for example in the form of user ID and password
verification. However, if the passwords are transmitted in unencrypted form over lines,
it may be possible for an attacker to read the passwords under certain circumstances.
• In order to be able to withdraw money from an automatic cash dispenser, the correct
PIN must be entered for the debit or credit card. Unfortunately, the privacy protection
offered by these machines is often inadequate, and an attacker can watch customers
entering their PINs simply by looking over their shoulder. If the attacker is then able to
steal the card later, they can use it to raid the account.
• To obtain access rights to a PC or to otherwise manipulate the PC, an attacker could
send the user an e-mail containing a Trojan horse disguised as a supposedly useful
program. In addition to the direct damage caused by Trojan horses, they may also be
used to collect a wide range of information on the individual computer, and possibly
even on the local network. In fact, the goal of many Trojan horses is to obtain
passwords or other access data.
• In many offices, the workplaces are not properly protected to prevent people nearby
from listening in on conversations. This way, colleagues, but also visitors may listen in
on conversations and may obtain information that was not intended for their ears or is
even confidential.