In an Information Security context, fabrication is one of the four broad-based categories used to classify attacks and threats. A fabrication attack creates illegitimate information, processes, communications or other data within a system.
Often, fabricated data is inserted right alongside authentic data. When a known system is compromised, attackers may use fabrication techniques to gain trust, create a false trail, collect data for illicit use, spawn malicious or extraneous processes. In addition, fabricated data may reduce confidence in genuine data with the affected system.
In Pop Culture
Although they are often silly and unrealistic examples, action movies and TV shows are full of examples of fabrication attacks. Does a secret agent need to “get through security” to travel or get into a secure area? No problem. The agent’s crack team almost always includes an impossibly fast and effective hacker, who inserts false identity information into the relevant databases with just a few quick keystrokes.
These fictional scenarios are usually be the work of state-sanctioned “good guys” in these spy movies. But make no mistake, the act of pushing bogus records into public and private databases, without the knowledge or permission of their owners, is definitely an attack.
In The Real Word
While getting a secret agent through a security checkpoint might be a goal in the movies, real-world fabrication attacks are often much less glamorous and require the attacker to discover and utilize specific vulnerabilities. The range of goals and targets that may drive attackers in a fabrication attack are very broad. Fabrication could be used for general disruption, for financial gain or to set up for a future, even more elaborate, malicious operation.
Real-world examples of fabrication attack patterns include:
- SQL Injection
- Route Injection
- User / Credential Counterfeiting
- Log / Audit Trail Falsification
- Email Spoofing
- SPIT Attacks
Major Attack Classifications
In common IT security parlance, fabrication is one of the four major categories that classify attacks. The three others are:
Within The Security Models
Fabrication targets the Integrity pillar of the CIA Triad security model and Integrity and Authenticity pillars of the Parkerian Hexad security model.