Social engineering better than software skills to hack into computers?

August 2, 2010

Hackers at an infamous DefCon gathering are proving that old-fashioned smooth talk rivals slick software skills when it comes to pulling off attacks on computer networks.

A first-ever “social engineering” contest here challenges hackers to call workers at 10 companies including technology titans Google, Apple, Cisco, and Microsoft and get them to reveal too much information to strangers. “Out of all the companies called today, not one company shut us down,” said Offensive Security operations manager Christopher Hadnagy, part of the social-engineer.org team behind the competition that kicked off on Friday.

The team kept hackers within the boundaries of the law, but had them coax out enough information to show that workers would have unintentionally made it easier to attack networks. Workers that unknowingly ended up on calls with hackers ranged from a chief technical officer to IT support personnel and sales people. One employee was conned into opening programs on a company computer to read off specifications regarding types of software being used, details that would let a hacker tailor viruses to launch at the system. “You often have to crack through firewalls and burn the perimeter in order to get into the internal organization,” said Mati Aharoni of Offensive Security, a company that tests company computer defenses.

“It is much easier to use social engineering techniques to get to the same place.”
Aharoni said. One worker nearly foiled a hacker though by insisting he send his questions in an email that would be reviewed and answered if appropriate.

Read More

Ready for a Private and Secure Online Workspace – GoSecure

%d bloggers like this: