Social Engineering Using USB Drives

Wow! That handy autorun feature of Windows really came in handy for these guys, eh? "Microsoft security" is becoming as much of an oxymornon as "military intelligence"...

What's the easiest way to hack into the computer systems of a credit union? It turns out that all you need to do is copy a virus/trojan onto USB drives and scatter them around the front door of the credit union. This was how a recent security audit was performed at a credit union where the employees had actually been tipped off to the audit. Security experts collected 20 old USB thumb drives and filled them with images and other data along with a trojan that would collect sensitive information and e-mail it back to them. Early one morning they planted the thumb drives around the entrances to the credit union as well as other public places where the employees were known to congregate. In very little time 15 of the 20 USB drives were plugged into company computer systems and started e-mailing usernames, passwords, etc. back to the auditors.

(link) [Slashdot]

05:17 /Technology | 1 comment | permanent link