Secure Network Technologies Inc is a company responsible for providing many business related security services. One of those services includes security auditing of participating organizations. I had to laugh as I read a report submitted to Dark Reading, by Steve Stasiukonis, in which SNTI infiltrated a credit union by scattering USB drives containing Trojan software in the parking lot for employees to find.
I made my way to the credit union at about 6 a.m. to
make sure no employees saw us. I then proceeded to scatter the drives
in the parking lot, smoking areas, and other areas employees
Once I seeded the USB drives, I decided to grab some coffee and
watch the employees show up for work. Surveillance of the facility was
worth the time involved. It was really amusing to watch the reaction of
the employees who found a USB drive. You know they plugged them into
their computers the minute they got to their desks.
The credit union probably utilizes all sorts of expensive security mechanisms, only to be infected by a pure disregard for security by curious employees.
Now I know why the federal government makes their employees participate in countless security briefings – at least if you infect their computer network you cannot say you didn’t know, and they can nail you to the wall for it.