Information Theft Social Experiment

A recent article on DarkReading.com details one way you could steal information and logins from employees at any company.
The basic idea?


You can steal information with a $10 thumb drive. Just drop it in front of the bank, house, or other company you wish to hack, and pre-load the thumb drive with files, which distract the user from what’s really on the thumb drive – programs designed to harvest passwords and steal information.
In this experiment, 15 of 20 thumb drives were eventually plugged into computers at a company where employees where expecting a security audit.
“We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”

 

Tags:

Comments are closed.