What type of attack is conducted by an insider who implants devices to overhear conversations?

Eavesdropping is the correct choice because it specifically refers to the interception of conversations or communications without the participants' knowledge or consent. In the context of an insider threat, an individual with access to sensitive areas may implant listening devices, which allows them to overhear private conversations, gather confidential information, and potentially exploit it for malicious purposes. Eavesdropping can occur through physical means, such as microphones, and it is directly focused on the act of secretly obtaining information, which aligns perfectly with the scenario described.

Privilege escalation, social engineering, and phishing involve different tactics and methods. Privilege escalation deals with gaining unauthorized levels of access or permissions within a system. Social engineering encompasses a broader range of deceptive techniques aimed at manipulating individuals into divulging confidential information. Phishing specifically refers to fraudulent attempts to obtain sensitive information by pretending to be a trustworthy entity through electronic communication, usually targeting victims via email or online platforms. These concepts differ significantly from the act of overhearing conversations through hidden devices.