A request for all tigerteam specialists: If any of you has access to a sample of a tigerteam contract (a company orders an attempt to break into their information system) - for any country - preferably European, I would very much appreciate you directing me to it (or sending it). I have assembled a team of various security specialists but really wouldn't like to step into some legal trap that may have been avoided. My primary concerns are: - attempt to "steal" information that the company considers confidential or classified (are they allowed to authorize such attempt at all and who gets sued if they can't but do it anyway) - possible hinderance or partial destruction of company's information system - software, data, functionality (e.g. when conducting highly violent attacks) - using forged identity (very handy when doing social engineering but what is the legal aspect of it?) - "attacking" company's employees (can a company authorize someone to do a background research on their employees, to hack into their home computers as well, to social engineer them out-of-work, to abduct and threaten them etc.?) - protecting from your own team members (trust nobody: a member of my team could eventually - under threat or some other pressure - insert a backdoor/trojan/virus etc. into the company's information system) Thank you in advance for your answers and have a nice day. Please respond to me directly or CC. Martin Bishop _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com