Viral Story of USB Penetration Test Highlights Social Engineering Risks

Approximately two decades ago, penetration tester Steve Stasiukonis conducted a security assessment by distributing rigged USB thumb drives in the parking lot of a credit union. The test aimed to observe employee behavior after discovering the devices. No specific technical details, dates, or CVE IDs were mentioned regarding the USB payload or compromise method. The incident gained widespread attention as a notable example of social engineering via physical media. The impact described was the viral spread of the story rather than a direct cyberattack or data breach.