Manipulation is a term used to refer to each form of targeted, but secret intervention in order
to change all kinds of target objects without being noticed. Hardware or software can be
manipulated out of revenge to intentionally cause damage or for personal or financial reasons,
among others. For these types of attacks, all kinds of devices, accessories, storage media (e.g.
DVDs, USB sticks), applications, databases etc. may be the target.
Manipulations of hardware and software do not always result in immediate damage. If,
however, the information processed by using hardware and software is impaired, this may
cause all types of security impacts (loss of confidentiality, integrity or availability). The impact
of such manipulations becomes even greater the later they are detected, the greater the skills
and knowledge of the perpetrators, and the deeper the impact on a given workflow. The
effects range from unauthorised reading of sensitive data to the destruction of data media or
IT systems. Manipulations may thus also lead to significant downtimes.
Examples:
• In a Swiss financial company, an employee had manipulated the application software
for certain financial services. It was thus possible for him to obtain sizeable amounts of
money illegally.
• By manipulating automatic cash dispensers, attackers have repeatedly succeeded in
illegally reading the data stored on payment cards. In connection with the PINs spied
out, this data was misused at a later point in time to withdraw money at the expense of
the cardholder.