T 5.102 Sabotage

Sabotage refers to the intentional manipulation or damaging of objects with the aim of inflicting damage on the victim. Computer centres or communications links owned by government agencies and/or companies make particularly attractive targets, since a dramatic effect can be achieved here with a relatively low effort.

The complex infrastructure of a computer centre can be selectively manipulated by external attackers, and particularly by insiders, by attacking specific, important components with the goal of disrupting operations. Here, inadequately protected building management systems and communication infrastructures, as well as central supply points are subject to a particular risk, which may not be monitored organisationally or technically and provide outsiders with easy and unobtrusive access.

Examples:

• In a large computer centre, manipulation of the UPS resulted in a temporary total power failure. It was discovered that the perpetrator had repeatedly switched the UPS to the bypass mode manually and then tampered with the main power supply to the building. The total failure - there were are total of four blackouts over a period of three years - twice even resulted in some damage to hardware. The service outages lasted between 40 and 130 minutes.

• Sanitary facilities are also available in a computer centre. By blocking the drains and turning on all taps at the same time, it is possible to damage central technical components with penetrating water, resulting in disruptions to the operation of the productive system.

• Sabotage poses a special risk to electronic archives, since a large number of documents requiring protection are stored in a confined space. In this way, it is possible to cause extensive damage with just minor, selective tampering under some circumstances.