From: Martin Bishop <martybishop@yahoo.com>
Date: Sat, 6 Jun 1998 18:59:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Tigerteam Contract
Message-ID: <19980607015916.1565.rocketmail@send1e.yahoomail.com>
MIME-Version: 1.0
Content-Type: text/plain


A request for all tigerteam specialists:

If any of you has access to a sample of a tigerteam contract (a
company orders an attempt to break into their information system) -
for any country - preferably

European, I would very much appreciate you directing me to it (or
sending it). I

have assembled a team of various security specialists but really
wouldn't like to step into some legal trap that may have been avoided.
My primary concerns
are:

- attempt to "steal" information that the company considers
confidential or classified (are they allowed to authorize such attempt
at all and who gets
sued if they can't but do it anyway)
- possible hinderance or partial destruction of company's information
system - software, data, functionality (e.g. when conducting highly
violent attacks)
- using forged identity (very handy when doing social engineering but
what is the legal aspect of it?)
- "attacking" company's employees (can a company authorize someone to
do a background research on their employees, to hack into their home
computers as well, to social engineer them out-of-work, to abduct and
threaten them etc.?)
- protecting from your own team members (trust nobody: a member of my
team could eventually - under threat or some other pressure - insert a
backdoor/trojan/virus
etc. into the company's information system)

Thank you in advance for your answers and have a nice day.

Please respond to me directly or CC.

Martin Bishop





_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com