Contestants at the DefCon hacking convention in Las Vegas have managed to secure company IT data through “social engineering” rather than confrontational hacking.
Posing as friends or colleagues, the contestants contacted employees of large U.S. companies in a bid to collect information through talking, rather than confronting the companies’ security systems.
One case saw a contestant contact an employee and convince her that he was from the company IT department. He then convinced her to give him configuration settings of her computer, which contained information that could allow potential hackers access to the company system.
“For me it was a scary call because she was so willing to comply,” said Chris Hadnagy, one of the organizers of the contest. “A lot of this could facilitate serious attacks if used by the right people,” he continued.
Companies targeted in the contest include Oracle, Apple, AT&T and Delta Air Lines Inc.
Read the full story over at: Reuters.