“Lost” USB Drives == Access Key

Posted on June 9, 2006
Filed Under /dev/null/ | 45 views |

I absolutely love this:

We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.
…
The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.

That’s the most low-effort/low-risk social engineering scam I think I’ve ever heard of that’s paid out that well. Brilliant.

(Via /.)

Comments

Leave a Reply

About

This is an area on your website where you can add text. This will serve as an informative location on your website, where you can talk about your site.
Search
Admin
- Log in
- Wordpress
- XHTML

“Lost” USB Drives == Access Key

Comments

The Other Blog (for geeks)

Pages

Recent Posts

Software

Stuff and Things

Categories

About

Search

Admin