We all know that the purpose of computer passwords is to protect personal information that you’ve stored on your computer, as well as in your online accounts.
With access to confidential passwords, cyber-criminals (they come in all shapes, sizes and flavors – so don’t be fooled), can and will, steal your identity and without a doubt, severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.
There are numerous ways of course that a password, or software license key, can be stolen. Popular methods employed by cyber criminals include:
Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words, they exploit our curiosity, emotions and fears, to start the process of infecting unaware computer users’ machines
Search engine redirection: Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.
Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware, including password stealers, on your computer without your knowledge.
Now, added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players, into a USB port on our computer.
USBThief is a free hacking application available for download on virtually every torrent download site that I investigated – which can be installed on a USB flash drive, or even an iPod, or other MP3 player. I haven’t tried to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.
USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.
The culprit doesn’t need to be a seasoned hacker; all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.
After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.
Should you now be suspicious of your family, or your friends? Of course not; but you do need to be aware of the ever increasing challenges we all face in protecting our valuable information.
Good news for all of us however, is in the works. Windows 7 addresses this problem with its Guest Mode feature which when activated, will prevent users from writing to any USB, or other attached device or drive.
Bill Mullins' Weblog - Tech Thoughts 
Bill,
It surprises me in the government and in the enterprise settings where users can bring an USB flash drive to work, plug it in, and basically do whatever they want. I could see a disgrunted employee (and there are lots of ’em) taking advantage of something like this to attempt thievery or cause harm… Thanks for pointing this one out.
Rick
Rick,
Yes, it’s amazing how often government and enterprise, “doesn’t know, what
it doesn’t know”.
Bill