ACCORDING to Dark Reading, the piece that became a milestone was Steve Stasiukonis’s column “Social Engineering, the USB Way,” published after Dark Reading recruited him a few days after its launch in 2006, and it went viral, helped by Slashdot coverage and later described as an urban legend.
The original pen test at a credit union used unmarked USB drives dropped in the parking lot to gauge employee curiosity, with a high reported success rate of 15 out of 20 drives plugged in, sometimes after being taken back to desks for inspection.
The approach sparked what the interviewees say evolved into hundreds, perhaps thousands, of thumb-drive–related tests over the years, though today physical devices are far more restricted and engagements often use field systems like Mac minis or compact setups to gain entry. The conversation also touches on how AI-assisted reconnaissance can inform social engineering, and how those lessons translate into modern pen tests and incident response work.
The discussion closes with reflections on safety, ethics, and the enduring human element behind security breaches as the industry anticipates further changes with AI. 5 May 2026.