USB Sticks Pose As ‘Party Invitation’ For UK Companies
Almost 50 percent of U.K. companies were willing to insert a USB stick pretending as invitation to a party, into their systems even if it increased security risk of the networks, notes a research by IT Consultancy NCC. Without disclosing its name NCC launched USB memory-sticks to 500 directors of finance inviting them to a fake "party of a lifetime". The research found 47 percent recipients to have fitted the devices to their PCs.
People did this while ignoring warning messages that asked users if they were interested to move ahead with the application.
Paul Vlissidis, NCC's Penetration Testing Head expressed concern over these findings. He said, in company's press release, that the research results provided evidence for need to go on with improving awareness about network security in the U.K. The purpose of the campaign was to bring to light the potential dangers that organization networks can face by inserting media that came from an unknown source.
The first batch of USB sticks were offered at 8a.m and within three and a half hours 70 people had fitted the sticks, many of them eluding the warning message.
Vlissidis called this a demonstration of a basic lack of healthy doubt by IT users, even at advanced level. According to him this was the time for greatest real security awareness. Vlissidis added it was a serious issue amongst current businesses and something that should be in the forefront of everyone's mind.
The campaign targeted broadcasters, retailers, utility companies, banks and telecom companies comprising the 500 plcs. All these organizations were storehouses of confidential and sensitive information such as private financial details.
Vlissidis apprehended that slippages of such information could not only allow fraudsters to steal customers' and employees' personal information and identities but they could gain complete access to the e-mail account of a finance director. They could use trading information and results from the acquired source and influence share dealing.
He notes that a seasoned hacker could use Trojan horses to aim for users' credentials and then by planting keystroke loggers, could read the users' passwords and un-lock protected data.
Related article: UCSF Server Holding Personal Information Encounters Hack
» SPAMfighter News - 29-01-2007