Beware of the modern day equivalent of the Trojan horse. It could have been placed there to trap you by a hacker or a security firm testing your employer’s security measures. That’s what Secure Network Technologies, Inc. did for a client when word got around the client’s employees that the firm’s security would be tested. See “Social Engineering, the USB Way,” Steve Stasiukronis, June 7, 2006, www.darkreading.com.
The security consultant wrote a “Trojan program that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.” This stealth program was imprinted on the drives prior to scattering them in the parking lot.
“After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management.”
Didn’t your mother tell not to connect unknown equipment on to your computer? Oops, it was your mother who told you not to talk to strangers, (which is actually another technique used by this security firm—chatting up employees.) Your IT department told not to connect unknown equipment to your computer. Now you know why. So beware of any computer equipment you find. Your boss could be checking on you or even worse, a hacker or an unethical competitor could be trying to break into your computer system.
Concerned about these issues? Come to the Boston SCIP Chapter meeting on June 28, 2006 which features Dr. Kevin Desouza speaking on Covert Competitive Intelligence Operations, specifically focusing on the operations that involve human penetration of organizations. Register via www.scip.org/education&events/eventcalendar/June 28 Boston Meeting.