The Honey Stick Project

Depending on how you look at the Honey Stick Project, it could be considered a technical project or a psychology project… or something in between.

It was actually inspired by the now-legendary social engineering penetration test that I wrote about on the Security Views website (click HERE).

The bottom line in that story was that a credit union hired a penetration tester to use whatever means he could to try to compromise their network. By scattering 20 USB memory sticks with a specially designed trojan horse autorun program around their parking lot, he was able to detect that 15 of them got inserted into company computers connected to the internet.
This project is starting out differently in that it is being done in public places (at my own cost, so far), but with passive tracking instead of a custom program that runs. The results won’t be quite as exciting, but they may be interesting. Since it is being done over a period of time, and across a larger geographic area, I won’t be sitting around in the parking lot waiting for the results.

What I think the results may tell us is that certain places have a higher chance of having people who will pick these things up and use them, and other places will have more people who return them.

I look forward to hearing anyone else’s comments and ideas.

Depending on how you look at the Honey Stick Project, it could be considered a technical project or a psychology project… or something in between.

It was actually inspired by the now-legendary social engineering penetration test that I wrote about on the Security Views website (click HERE).

The bottom line in that story was that a credit union hired a penetration tester to use whatever means he could to try to compromise their network. By scattering 20 USB memory sticks with a specially designed trojan horse autorun program around their parking lot, he was able to detect that 15 of them got inserted into company computers connected to the internet.
This project is starting out differently in that it is being done in public places (at my own cost, so far), but with passive tracking instead of a custom program that runs. The results won’t be quite as exciting, but they may be interesting. Since it is being done over a period of time, and across a larger geographic area, I won’t be sitting around in the parking lot waiting for the results.

What I think the results may tell us is that certain places have a higher chance of having people who will pick these things up and use them, and other places will have more people who return them.

I look forward to hearing anyone else’s comments and ideas.