When they weren’t waiting to get picked up by government recruiters, the attendees of this weekend’s DefCon hacking convention were proving how vulnerable major corporations — really big ones, who should know better at this point! — still are to cyber attacks. This year marked the nineteen-year-old meet-up’s second annual “social engineering” contest, which is a euphemism for “[conning] people into handing over information or taking actions such as downloading malicious software.” Targets included Apple Inc, AT&T, ConAgra Foods, Delta Air Lines, Symantec, Sysco, United Airlines, and Verizon. (Somewhat ironically, the company whose employees were the easiest to trick was Oracle, which got its start selling secure databases to the CIA.) Luckily for everyone, DefCon’s participants are “white-hat hackers” who want to use their powers for good. But their findings are still likely to result in some uncomfortable Monday-morning meetings:
In one case, a contestant pretended to work for a company’s IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack.
“For me it was a scary call because she was so willing to comply,” said Chris Hadnagy, one of the organizers of the contest at the Defcon conference in Las Vegas.
Contestants were asked to dig up information on everything from how a given corporation “backs up and secures its data” to “names of companies that provide on-site security, toner, and copier paper.” In this day and age, not even the supply closet is safe from online menaces.