Recently, there were shipments of laptop computers sent to governors’ offices in West Virginia, Vermont, Wyoming, and Washington state. These laptops were not purchased by the governors nor anyone in their offices. The purchases were made with credit cards in the names of each governor but not belonging to any of them. Two things stand out here that are incredibly frightening. First, why were these laptops sent to the governors? Secondly, is there ID theft involved since the credit cards used to purchase the laptops were in some of the governors’ names? The FBI has gotten involved now to learn if there is something nefarious about these free laptops.
The shipment of these mystery machines may be a new twist on the old Trojan horse attack or a newer spear-phishing method. I’ve read of reports of USBs being “gifted” to employees of targeted firms by a seemingly legitimate source. The employees would plug them into their laptop or PC only to unleash the malware that was contained on the USB. The malware would do it’s dirty work, compromise the network, “phone home” with information gleaned and wait for any other instructions to carry on further attacks.
Hopefully this story raises awareness in the mainstream. If it’s learned the laptops the governors were sent contain malware then it will become more clear as to why these machines were “gifted” to the governors. People should be diligent if they receive “free” computers, USBs, email solicitations, email attachments and the like from known or unknown sources. I once had an auditor tell me the best policy to follow is to trust but verify. Education is a key component in IT security. This story can be used to teach your computer users the proper way to handle “gifts” they may receive via FedEx or email.
Related posts:
