Monday, April 7, 2008

Social Engineering with USB Drives

I thought that the following short story from Inspired eLearning was very interesting. I you found a USB drive without an owner would you plug it into your computer? Before reading this story I think that I would have. Now I'm more inclined to put it under the car's tire and run over it.

Social Engineering with USB Drives

A network security organization was hired to assess the strength of a credit union's security. They were asked to focus on social engineering because of past problems with employees giving up passwords or other information easily.

Because the credit union indicated that USB drives were a concern, since they make it easy to steal information or bring in potential vulnerabilities such as viruses and Trojans, an experiment using USB drives was implemented.

The security group planted 20 Trojan laced USB drives throughout the parking lot and other areas frequented by employees designed to collect passwords, logins and other information and to email the collected information back to the security group.

The experiment, which worked based on peoples' innate curiosity, resulted in 15 of 20 drives being found by employees and all of those being plugged into and infecting workplace computers.

Copyright © Inspired eLearning Inc, 2003-2007

No comments:

Post a Comment