I had an interesting experience while traveling a couple of weeks ago. I was in DC for the day and walking through Regan National Airport to catch my flight back home. I have a tendency to look down at the ground when I'm walking - as a result I find a lot of stuff (sometimes even money!) Well, I found what looked like a brand new 1G USB thumb drive. I scooped it up, went to my gate and, not really thinking twice, turned on my notebook and popped the thumb drive in my machine. I caught myself and said wait a minute, pulled it out and ended up tossing it into a trashcan.
On the flight back I got thinking about how careless I had been. I realized I could have picked up a Road Apple and am a little upset I tossed it because it would have been interesting to take a closer look. Here's how Wikipedia defines Road Apples:
"A road apple is a real-world variation of a Trojan Horse that uses physical media and relies on the curiosity of the victim. The attacker leaves a malware infected floppy disc, CD ROM or USB key in a location sure to be found (bathroom, elevator, sidewalk), gives it a legitimate looking and curiosity piquing label - and simply waits.
Example: Get corporate logo off target's web site, make a disk label using logo and write "Executive Salary Summary Q1 2007" on the front."
Let's think about this a minute. Was it a plant? It could have been. Here's my logic - I'm in Regan National Airport in DC - this is the quickest airport to get in and out of and is frequented by Congressmen, Senators, staffers, etc. I've run into my Congressman Richie Neal on a few occasions at National - they all use this airport.A quick search on Amazon indicates I can buy 1G thumb drives for under $10 each and you can get through airport security with thumb drives without a problem - I think I've got 5 or 6 in my bag almost all of the time. Let's say a "social engineer" wants to do a little social engineering and decides to setup a bunch of drives with some malware that does something malicious. This person walks around and drops a drive on the floor every once in a while. For airport access these people would not even have to get through security which requires a ticket purchase - they could just scatter them around the baggage area.
Now let's say a staffer picks one of these drives up or a contractor, etc - someone with access to secure government networks. They pick the thumb drive up, bring it to work and plug it into their work computer. Or maybe they plug the thing into their laptop with classified information on it when they get home. Doing so they may have bypassed millions of dollars of perimeter security, firewalls, etc and provided malicious people with content, access, control, etc, etc.
We've all heard the stories about laptops being stolen with identification databases on them. Using a method like this computers don't have to be stolen any more. Transfer this same scenario to downtown Manhattan on a beautiful spring day like today or London or Tokyo.....
I low-level formatted the drive and then wrote back a bit image I had as backup. I wish I had saved that thumb drive....
No comments:
Post a Comment