Workers at the Dutch offices of DSM, a chemical company, report finding USB sticks in the company parking lot, which appeared to have been lost. However, when the company's IT department examined the sticks, they discovered that they were loaded with malware set to autorun in company computers, which would harvest employee login credentials. It appears that criminal dropped the keys in the hopes of tricking a employees into getting them into the company network.
Cybercriminelen doen poging tot spionage bij DSM
Cybercriminals do attempt to commit espionage at DSM (Google Translate)
(via /.)
report this ad
Andrew McGill’s internet-connected toaster isn’t really a toaster: it’s a “honeypot” designed to resemble the insecure “internet of things” gadgets— cameras, LED lightbulbs, fridges, etc—that make up the vast botnets behind recent internet attacks. The honeypot was hacked within an hour. I switched on the server at 1:12 p.m. Wednesday, fully expecting to wait days—or […]
All through 2016, Jessica Leigh Clark-Bojin (aka @ThePieous) has sent us a stream howtos for of amazing, artistic pies — an HR Giger pie, a James Bond pie, and a Predator pie. Now she’s kickstarting a set of pie templates to help you make perfect pop-culture pastry in your own kitchen.
Andrew Lekashman offers a brief pictorial a history of mechanical keyboards, from adding machines to dumb terminals to Symbolics monstrosities to modern blank-key hacker totems. There was a lot of ingenious tech left by the wayside on the way to finding the perfect click. Pictured above is one not included in the roundup, a particularly […]
With Xamarin, coders can develop native apps for both iOS and Android without learning two different programming languages. Obviously, hiring one programmer rather than two is beneficial for companies and makes Xamarin experts highly in demand.You can easily learn Xamarin online with this Xamarin Cross-Platform Development Bundle. It will teach you to use Xamarin and code […]
TV antennas are making a comeback, and the Ghost Indoor HDTV antenna is a great example of why. Unlike the old bunny ear-style antennas, this compact antenna is barely noticeable and picks up channels easily. Plus with the addition of streaming services like Netflix, we find ourselves with plenty to watch without a pricey monthly cable bill. The Ghost […]
I’ve never really felt the need to purchase a smartwatch because a lot of them aren’t very functional, but at just shy of $30, the Martian Notifier Smartwatch was worth checking out. For that low of a price, it actually does feature an impressive amount of functionality, and comes in handy when you don’t want to be carrying around your […]
report this ad
What a brilliant tactic!
I read about it at least five years ago, possibly on bb or slashdot.
I read something similar, oh, say, 20 years ago.
I believe it was called the Aeneid, or something . . .
(Oh, c’mon, someone had to say it! ;) )
I read something exactly like this about 2,000 years ago. It originated from Judas.net
C’mon, Trojan incident happened at least 1000 years before you read it, circa 1190 BC
I’ve seen this reported several times before (I work in a security-conscious industry, so they brief us on these things, as well as banning USB keys). I wish I could find the reference. I’m sure it’s old news! But if not, it’s a good thing to be aware of.
Also be careful of USB keys you find lying around INSIDE the building, especially common areas (bathrooms, cafeterias, halls) that accessed by visitors.
Old trick, actually.
I remember a few stories a long time ago about different entities that did the same thing ON PURPOSE to see how many employees would just plug them into their workstations. The programs on them would phone home upon insertion for tracking.
It really is one of THE best attack vectors these days. Thankfully, Microsoft realized this and threw out a patch http://technet.microsoft.com/en-us/security/advisory/967940
Still an “optional” update, though :( I’ve had autoplay disabled through GPO for many years, though, for this very reason.
Social engineering at its finest. Well, naturally I’ll need to closely examine the contents of this flash drive… to discover its owner, of course. It’s not snooping if I have a good reason!
This is going to work for as long as there’s removable storage. Fairly won, malware criminals!
Wasn’t this the theorized technique used to get Stuxnet onto the computers at the Iranian nuclear facilities?
An old ruse! I would mail them to named employees inside innocuous PR guff from the Humane Society or whatever. I’m 1337, me!
Its not a new idea.
At a company I once worked for, the IT department tried this trick (dropping the sticks in common areas in the building) as a way to see if people would plug in the USB…of course the USB had a program on it to tell IT that the fool employee had done just that.
Yeah, internal testing is way easier than external. Even with autorun disabled, you still get a pretty high success rate.
Filename :Sarah_From_Marketing_NAKED.jpg.bat
Contents:
echo off
echo that idiot %username% plugged a ‘found’ thumbdrive into %computername% at %date %time% >> \serveridiots.log
msg %username% /server:%computername% Way to forget your training. You are going to get in soooo much trouble.
exit
1. Find USB stick lying on the ground in the parking lot.
2. Wait until {rival for promotion/hated enemy/guy who stole my food from the fridge} goes for lunch leaving their computer unlocked
3. Insert USB stick in their computer
4. ????
5. PROFIT!
archfiend of the week award in mail.
Why wait to find a USB stick? Just bring your own ton of malware and load it onto the guy’s PC.
As of 2012, ‘Classic’.
Autorun was one of Microsoft’s best ideas
“Security? Our customers don’t want security, they want convenience!”
could not autoplay be configured to scan for security automatically first ?
What kind of inept IT department rolls out Windows installs with autorun enabled?
Working at Sprint: Our building was secure. The office/lobby & main hub was separated by key card devices. The only time non-employees were allowed into the lobby was to fill out applications. We had a stream of “applicants” dropping these USB sticks, leaving them in the waiting room, in the couches and bathroom.
Who the hell figured it would be a good idea to let computers run any old code that asked for it as long as it was on a USB stick? The problem isn’t with employees who aren’t familiar with autorun on USB sticks or IT departments that have chosen not to epoxy shut the USB ports, it’s with the enormous backdoor that was built into the computers so people wouldn’t have to click on an icon to execute code.
The amazing part of the story is someone found one of these and rather than slam it into a nearby usb port looking for pron they took it to the IT department to let them deal with it.
I think what people are remembering is that some group, a university class IIRC or perhaps a security group, did this strictly as a feasibility test a few years back and it was widely reported. In that case they had software that autorun started, and all it did was report back to a central server that it had been activated. Quite a lot of them did, way more than half IIRC, so it’s an extremely effective vector.
Turn off autorun, people, there’s no reason to have it on.
Durr. Very old trick.
Seriously though any security is only as strong as the weakest link, which is usually idiot users. Good for the IT guy that found it, or the user that turned it into IT rather than just plug it into their desktop. That said, usually when they employ this tactic, the would probably drop a bunch over a period of time. Could be that a number of accounts are already compromised. However now that they are aware of it, unless it is a local employee looking to divert blame, IT should be able to be vigilant enough about remote access to catch whoever is trying to gain access.
Also interesting is that DSM recently sold off a chunk of business to a German competitor.