Alteration of signed message (see CR27-Sig and CR28-Vfy)
Alteration of audit trail (see CR212-Trail)
Eavesdropping on logs (see CR212-Trail)
Insufficient auditing in the first place