Threat Model Test Cases
Possible Information Attacks for Threat-Model Building
This is an aggregation of potential information-based attacks.
This list should always be growing.
These attacks should be considered when building a threat model for information defense.
General Information Attacks
- Spying by communications and content delivery engines for sale to advertisers.
- Types of agencies (expand and reorganize)
- Verizon, AT&T, Sprint, PCS,
- Comcast, Sonic,
- CDN Services
- Internet level traffic (upstream of digital ocean)
- Digital Ocean, AWS, storage and compute providers
- Types of agencies (expand and reorganize)
- Business Espionage
- Small business espionage
- cryptolocker
- Big Business on Small Business
- high level coordination between content storage services (gmail) and related companies (Alphabet) to use competitor data for markets of interest
- Amazon, Google, Microsoft
- high level coordination between content storage services (gmail) and related companies (Alphabet) to use competitor data for markets of interest
- Small business espionage
Targeted Information Attacks
- Device tampering
- Loss of control over physical device
- Organizations tampering with physical device before transfer of ownership
- Lenovo + Superfish
- Any government tampering
- Intel ME
- Coercive power
- Organizations are always in a legal jurisdiction
- Organizations have parent companies
- Reddit + Conde Nast