Social engineering hackers -- people who trick employees into doing and saying things that they shouldn't -- took their best shot at the Fortune 500 during a contest at Defcon Friday and showed how easy it is to get people to talk, if only you tell the right lie.
Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple and Shell, to give up all sorts of information that could be used in a computer attack... The first two contestants made it look easy.
Wayne, a security consultant from Australia who wouldn't give his last name, was first up Friday morning. His mission: Get data from a major U.S. company.
Wayne, a security consultant from Australia who wouldn't give his last name, was first up Friday morning. His mission: Get data from a major U.S. company.
Sitting behind a sound-proof booth before an audience, he connected with an IT call center and got an employee named Ledoi talking. Pretending to be a KPMG consultant doing an audit under deadline pressure, Wayne got Ledoi to spill details, big time... (more)
Security DIrector's Tip: This topic should be part of every employee's security briefing. (instant education)