Is ’social engineering’ better than software skills to hack into computers?
By ANISaturday, July 31, 2010
MELBOURNE - Hackers at DefCon are gathering to prove that smooth talk works better than software skills any day, in order to launch a computer network attack.
The contest challenges hackers to call workers at 10 companies including technology titans Google, Apple, Cisco, and Microsoft and get them to reveal too much information to strangers.
Other companies targeted were Pepsi, Coca Cola, Shell, BP, Ford, and Proctor and Gamble.
One employee was conned into providing specifications regarding types of software being used, details that would let a hacker tailor viruses to launch at the system.
“You often have to crack through firewalls and burn the perimeter in order to get into the internal organisation,” News.com.au quoted Mati Aharoni of Offensive Security, a company that tests company computer defences, as saying.
“It is much easier to use social engineering techniques to get to the same place,” he added.
“We wanted to show that social engineering is a legitimate attack vector.”
One worker nearly foiled a hacker by insisting he send his questions in an email that would be reviewed and answered if appropriate, but the hacker convinced him not to do that, saying he was under ‘immense pressure’.
“As humans, we naturally want to help other people. I’m not advocating not helping people. Just think about what you say before you say it,” said Offensive Security operations manager Christopher Hadnagy. (ANI)