The Next Hacking Epidemic: CuriosityBondBeebe
Alex Helfand, ENCE, Computer Forensic Specialist
A wide variety of items can be found discarded on the street, and some – such as a wallet, cell phone, or USB thumb drive – can prove quite valuable, or even malicious. A curious person walking by who picks up the items might not suspect they are in a sting operation, but a recent study by the U.S. Department of Homeland Security has found that hackers might exploit human curiosity and use items like “discarded” USB drives and CD ROMs to launch attacks.
For this study, computer discs and USB thumb drives were planted in the parking lots of government buildings and private contractors. An interesting part of this article states:
“Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.”
This study could be considered a blueprint for any hacker wanting to get inside access to a bank, company or government entity. Attacks like this are hard for network security professionals to prevent, outside of training employees to put their curiosity on hold while at the office. Furthermore, the article describes other types of attacks that are very successful, including spear phishing (sending a limited number of rigged e-mails to a select group of recipients) and social engineering (hacking user IDs), all of which prey on human curiosity, laziness, and hubris.
Who knew that over time a Trojan horse could be shrunk down to the size of a USB stick? As hackers get more and more creative, employees will need to be made increasingly aware of how even the most innocent of actions could open the door for a security attack.