Security test reveals simple user flaw

You can't get the wood these days

By Nick Farrell

Fri Jun 09 2006, 07:04

A SECURITY outfit found the easiest way to crack into a company's systems was to leave a few Trojan laced USB drives scattered around the front door.

Secure Network Technologies was hired by a credit union to check the security of its network. However, employees knew that an attack was planned and were ready for it.

According to SNT boss Steve Stasiukonis it was decided to crack the company's security using social engineering. Social engineering is a hacker definition for the term "depending on the stupidity of the network users".

What SNT did was scatter 20 trojan filled USB drives around the front entrance. More than 15 of them were picked up by employees who took them inside and installed them on their machines to find out what was on them.

The specially written trojan that collected passwords, logins and machine-specific information from the user's computer, and then emailed the company with the findings. Stasiukonis said that the attack was so simple and beat the hell out of hanging out with the smokers, sweet-talking receptionists, or commandeer a meeting room and jack into the network.

Writing here, Stasiukonis said "We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management". No security outfit ever got broke relying on the stupidity of users.

Carberp Trojan makes Facebook users pay to unlock accounts Sophos reveals koobface gang Wednesday, 18 January 2012, 10:46 AM Read more	Stolen Malaysian government certificate was used to sign malware Not the official seal of approval you were expecting Tuesday, 15 November 2011, 13:46 PM Read more
OS X Lion flaws compromise account password security Password hashes exposed through directory services Tuesday, 20 September 2011, 12:33 PM Read more	The INQUIRER reveals appearance of hacker leader Louise Boat Sources share personal details of femme fatale Friday, 22 July 2011, 11:41 AM Read more
First impressions of Mageia Linux We take a fork of Mandriva out for a spin Friday, 10 June 2011, 16:00 PM Read more	Sony is hit with yet another hack attack, thousands of passwords compromised Lulzsec carries out Sownage promise and releases ‘various collections’ of stolen info Friday, 3 June 2011, 11:34 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

IT Security Specialist Mov

IT Security Specialist Move...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Security test reveals simple user flaw

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review