[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Tigerteam Contract
A request for all tigerteam specialists:
If any of you has access to a sample of a tigerteam contract (a
company orders an attempt to break into their information system) -
for any country - preferably
European, I would very much appreciate you directing me to it (or
sending it). I
have assembled a team of various security specialists but really
wouldn't like to step into some legal trap that may have been avoided.
My primary concerns
are:
- attempt to "steal" information that the company considers
confidential or classified (are they allowed to authorize such attempt
at all and who gets
sued if they can't but do it anyway)
- possible hinderance or partial destruction of company's information
system - software, data, functionality (e.g. when conducting highly
violent attacks)
- using forged identity (very handy when doing social engineering but
what is the legal aspect of it?)
- "attacking" company's employees (can a company authorize someone to
do a background research on their employees, to hack into their home
computers as well, to social engineer them out-of-work, to abduct and
threaten them etc.?)
- protecting from your own team members (trust nobody: a member of my
team could eventually - under threat or some other pressure - insert a
backdoor/trojan/virus
etc. into the company's information system)
Thank you in advance for your answers and have a nice day.
Please respond to me directly or CC.
Martin Bishop
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com