*Look, to call this "idiotic" shows a poor understanding of user behavior. If you find a loose thumb drive, in your own parking lot, with your own organization's logo on it, you pick it up and insert it because you are trying to help. For good reason. Suppose that the CEO dropped it and it has vital business information in there? Are you supposed to drop it in the incinerator as if it were a deadly toxin? It's a lost thumb drive, and the odds of it being a hack are ten thousand to one.
*It's like finding a car in your parking lot with the lights on and the motor running, and thinking that it must be a terrorist car-bomb. Maybe, yeah. Are you idiotic to turn off the key and shut the door? No.
*They say that Stuxnet got deployed like this. Awesome hack, Stuxnet.
"The U.S. Department of Homeland Security ran a test this year to see how hard it was for hackers to corrupt workers and gain access to computer systems. Not very, it turned out.
"Staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.
“There’s no device known to mankind that will prevent people from being idiots,” said Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC)
"The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers. The intruders’ ability to exploit people’s vulnerabilities has tilted the odds in their favor and led to a spurt in cyber crimes. (((This elides the fact that "sophisticated hackers" are quite often idiots, but never mind.)))
"In real-life intrusions, executives of EMC Corp.’s RSA Security, Intel Corp. (INTC) and Google Inc. were targeted with e-mails with traps set in the links. And employees unknowingly post vital information on Facebook or Twitter. (((That's because guys who don't post vital information on the Internet get ignored by everyone in the office.)))
"It’s part of a $1 trillion problem, based on the estimated cost of all forms of online theft, according to McAfee Inc., the Santa Clara, California-based computer security company.
"Rule No. 1
"Hundreds of incidents likely go unreported, said Rasch, who previously headed the Justice Department’s computer crime unit...."
(((Later: yup, the dropped-drive hack is a pro's dream:)))
