- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
To office workers trudging to their cubicles, the promotion looked like a chance at sweet relief from the five-day-a-week grind.
By simply running a free CD on their computers, they would have a chance to win a vacation. But the beguiling morning giveaway in London's financial district last month was more nefarious than it appeared.
Like flies to garbage, dozens of victims took the CD, unable to control the irresistible attraction of "free."
Secret agents behind enemy lines, the CDs piggybacked through companies' physical security systems tucked in the bags and pockets of their couriers. The office workers dutifully took the CDs to their desks and plopped them in their employers' computers.
The mission was complete.
In the process, the CDs likely skirted an array of IT security systems in place to prevent malicious code from being installed. Although the CDs did not contain malicious code, the exercise accomplished the point Robert Chapman wanted to make: People are misinformed about what actions could damage their computers or expose them to malware, adware and viruses.
"All these things are bypassed by human nature and curiosity and a level of ignorance and naiveté," says Chapman, director of The Training Camp Ltd., a computer training and consulting firm based in London, who came up with the idea. "The lure of a free holiday entices them more than the potential damage that they may make to their corporate network."c
When a user ran the CD, the code on it prompted a browser window that opened a Web site, Chapman says. The site then tried to load an image from another Web site, Chapman says.
The number of people who opened the CD could be tracked by the number of times the image was accessed, he says. Users saw only an error message saying the page could not be loaded, he says.
"There is nothing clever about it or illegal," Chapman said of the CD's code.
Although the front of the CD contained a written warning to users to check their company's internal security guidelines before running it, as many as 75 of the 100 CDs were played. Chapman says he was able to trace the IP addresses of those computers that tried to access the image and found that employees at two well-known insurance companies and a retail bank were among the duped.
The Leader in Network Knowledge
Comment