If you found a USB flash drive on the sidewalk in front of work, what would you do with it? Would you take it in to work and ask around to find out if it belongs to someone? What if it had important files on it? Shouldn't you open it and find out? Should you keep it for yourself? A recent story (in Dutch) from Elsevier, the Dutch news website, demonstrates the how criminals use our normal human curiosity against us by attempting to spy on Dutch chemical company DSM by dropping spyware-loaded USB drives in the company parking lot. One week earlier The Indian Express reported on USB-delivered malware that spied on the Indian Navy computer systems and sent the data to servers in China.
Much of the talk about data and information security sounds like fearmongering. In theory it is agreed that it is an important topic and we should safeguard our datas; in practice, most of us treat malware like a nuisance to be dealt with once it's discovered instead of a danger to be avoided. Most of us, in our personal lives, don't really feel the effect of malware beyond the trouble it takes to clean up the mess (that is, if we are even aware we have malware on our computers.) Another reason that we downplay the danger of malware is that many of us think of ourselves as not important enough for someone to bother with stealing our data. Sometimes, even bringing upthe topic of information and computer safety in an organization can me feel like Laocoön warning the Trojans to not bring in the horse the Greeks left on the battle field:
O wretched countrymen! what fury reigns?
What more than madness has possess'd your brains?
Think you the Grecians from your coasts are gone?
And are Ulysses' arts no better known?
This hollow fabric either must inclose,
Within its blind recess, our secret foes;
Or 't is an engine rais'd above the town,
T' o'erlook the walls, and then to batter down.
Somewhat is sure design'd, by fraud or force:
Trust not their presents, nor admit the horse.
— Laocoön warning the Trojans not to bring the horse the Greeks left outside the walls of Troy in The Aeneid by Virgil as translated by John Dryden
They don't call it a Trojan virus for nothing. If you find yourself in a position where the security and integrity of an organization's is in your hands, take these warnings to heart; if you find a USB drive in the parking lot or on the sidewalk, give it to an IT professional to handle. It is only a matter of time before malware attacks targeting corporate data become more common. Don't make the jobs of criminals easier.
- Image: "USB Flash Drive" by Ambuj Saxena used with permission under the terms of the Creative Commons Attribution 2.0 license.
- Image: "Danger Style" by thethreesisters used with permission under the terms of the Creative Commons Attribution 2.0 license.
- Elsevier: Cybercriminelen doen poging tot spionage bij DSM
- Indian Express: China hackers enter Navy computers, plant bug to extract sensitive data
- The Internet Classics Archive: The Aeneid by Virgil as translated by John Dryden