Confidentiality-related threat

Definition
A Confidentiality-related threat occurs when the data stream containing email messages with sensitive information are accessible to an adversary. The type of attack that underlies this threat is passive since the adversary has read access but not write access to the email data being transmitted.

Overview
There are two variations of this type of attack include:


 * The adversary may have access to the packets that make up the email message as they move over a network. This access may come in the form of a passive wiretapping or eavesdropping attack.
 * Software may be installed on a MTA that makes copies of email messages and delivers them to the adversary. For example, the adversary may have modified the target’s email account so that a copy of every received message is forwarded to an email address outside the organization.