OK, final proof that social engineering is the best way into an organisation. Forget climbing over walls, forget long droopy moustaches – just liberally scatter some USB pen drives around a company car park and watch the security violations grow.
According to this article it really is as simple as that. Relying on the innate noseyness of human beings people cannot resist the urge to plug in a found USB pen drive and see what files it has on it. Of course, the good Samaritan side of me says they were simply trying to identify the owner, but maybe not.
In this experiment of 20 planted USB pen drives, 15 were found and plugged into company computers. This then launched a Trojan file sitting on the drive that sweetly sat there and collected passwords for onward transmission.
Fantastic, and unbelievable in equal measures