June 04, 2010

New Defcon contest tests hackers' social-engineering skills

Kooky capture-the-flag-style contest gives participants 20 minutes to cajole information from target companies' employees

By Paul F. Roberts | InfoWorld

Follow @infoworld

Print |

New Defcom contest tests hackers' social-engineering skillz

Social engineering has evidently earned a new level of respect from hacker community: For the first time, this year's Defcon gathering in Las Vegas will feature a contest in which participants will compete to gather nuggets of information from unsuspecting target companies -- over the telephone instead of the Internet.

Social engineering has enjoying an increasingly effective and prominent role in effective online attacks. The term itself is a big one, encompassing targeted surveillance and information-gathering techniques that early hacking stars such as Kevin Mitnick mastered (and went on to write about), down to the ubiquitous phishing and spam email message.

[ Also on InfoWorld: Facebook has proposed one security solution: Require developers to have verified accounts. Will it help? | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

These days, we hear lots about the centrality of social engineering in advanced attacks by what we at The 451 Group calls "adaptive persistent adversaries." These were the kinds of attacks leveraged at more than 100 Western firms in the so-called Aurora attacks. Much of the press coverage of the Aurora attack focused on the IE vulnerability used to gain access to systems in Google, Adobe, and other companies, as well as the Hydraq Trojan that siphoned data from them. However, social engineering was a critical -- but overlooked -- component in those attacks: Attackers targeted high-level employees with malicious Web links that provided an entry for the attackers' malware and remote administration tools.

The potency of social engineering has garnered new respect in the hacker world. Witness: Social-Engineer.org is partnering with Defcon to present spotlight social-engineering techniques in the form a new capture-the-flag (CTF)-style contest.

next page ›

Tags: Hacking

Print |

The iEverything Enterprise: Understanding and Addressing IT's Dilemma in a World Dominated by Wireless Smart Devices

Reduce the cost and complexity of wireless networks with cloud-enabled, distributed Wi-Fi and routing. By removing the architectural limitations of traditional WLANs, you can support identity-based access and enable delivery of mission-critical applications and services to any user, on any device, at any time without a single point of failure.

View now »