Archive for the ‘security’ category

Hacking your PC over USB

June 10, 2006

Would YOU fall for this?

Social engineering is where a hacker tricks you out of your login information, finds details in trash, etc. Here is a social social engineering technique that falls into the bait and hook approach. A security company was hired to do a penetration test. The security consultant knew that the staff of the company being penetrated were alert to the test. The security company collected all the USB drives they had accumulated from trade shows, promotions, etc. and put a trojan on the drives. This trojan would collect login and machine specific information and email it back to the security company. They then seeded 20 of these USB drives in the parking lot before employees arrived. 15 of the drives were found. The result: "all [of the drives] had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management."

Recommended reading — Read the whole article here Social Engineering, the USB way also other interesting information here Schneier on Security; search for Hacking Computers over USB.