Wednesday, September 5, 2018

Social Engineering and the Chinese CD Hack

The easiest way for your data to become someone else’s data is through social engineering.  That means convincing someone with the keys to the kingdom to share those keys with a hacker.
This can be done in lots of ways.  Phone calls with hackers masquerading as legit IT personnel, phishing scams, or even downright physical infiltration.
Lately, the Multi-State Information Sharing and Analysis Center has contacted state governments about a very clever scheme.  It seems that Chinese hackers are  physically mailing CDs to state governments.  When someone inserts the CD into their computer, it installs hidden programs that give the hackers control and access to the data.  Sneaky right?
Basically this is an easy scheme to pull off and it works.  Someone opens a package they receive in the mail that contains a CD and a letter written in broken English.  If anyone was coerced to put the CD into their computer, the hackers have them.
I’ve heard of similar scams before.  One was hackers leaving virus ridden thumb drives on the ground in parking lots of businesses they wanted to hack.  All someone had to do was insert the drive in their USB port and they were infected.
The moral to this story is that vigilance in data security is important.

No comments:

Post a Comment