You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company.
You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer Misuse
Act of 1990?
Installing a password sniffing program on an employee's personal computer without consent can incur criminal liability under the Computer Misuse Act of 1990. This act specifically addresses unauthorized access to computer material and unauthorized modification of computer material. Installing a password sniffer without consent is a clear violation as it involves both unauthorized access and monitoring, which is illegal under the Act.
Among these, the action most likely to incur criminal liability under the Computer Misuse Act of 1990 is: C. Installing a password sniffing program on an employee's personal computer without consent This action involves accessing a computer system without authorization, which is explicitly forbidden under the Act. Additionally, the use of a password sniffer could intercept data (such as passwords), compounding the legal violations, especially if done without the knowledge or consent of the computer owner.