Security test reveals simple user flaw

A SECURITY outfit found the easiest way to crack into a company's systems was to leave a few Trojan laced USB drives scattered around the front door.

Secure Network Technologies was hired by a credit union to check the security of its network. However, employees knew that an attack was planned and were ready for it.

According to SNT boss Steve Stasiukonis it was decided to crack the company's security using social engineering. Social engineering is a hacker definition for the term "depending on the stupidity of the network users".

What SNT did was scatter 20 trojan filled USB drives around the front entrance. More than 15 of them were picked up by employees who took them inside and installed them on their machines to find out what was on them.

The specially written trojan that collected passwords, logins and machine-specific information from the user's computer, and then emailed the company with the findings. Stasiukonis said that the attack was so simple and beat the hell out of hanging out with the smokers, sweet-talking receptionists, or commandeer a meeting room and jack into the network.

Writing here, Stasiukonis said "We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management". No security outfit ever got broke relying on the stupidity of users.