No patch for human stupidity: hackers

August 8, 2011
Hackers were able to talk workers at various companies into disclosing revealing information
Skills honed by software renegades at the renowned DefCon hacker gathering that ended Sunday included the art of talking workers into revealing information that can be used to crack into computer networks.

Hackers at DefCon have long understood that there is no patch for human stupidity. Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls.

A "Schmooze Strikes Back" contest challenged hackers to test their "" skills on companies such as Apple, Oracle, Symantec, and Walmart. The contest debuted at the annual DefCon gathering in Las Vegas last year.

"The results are worse than they were last year," said Chris Hadnagy, a social engineering specialist running the contest.

"From what we found, we would own everyone on of these companies."

Hackers were able to talk workers at various companies into disclosing anything from the versions of software used in networks to who provided cafeteria food service.

Knowing specifics about software in company computers lets hackers figure out weaknesses to exploit, and sharing operational information could enable someone intent on corporate espionage to sneak into facilities.

The most effective ruses involved calling companies and posing as a potential customer out to be reassured about the safety of doing business together, according to Hadnagy.

Pretending to be calling from another department in a company, or a remote technical support team, proved to be another effective tactic for hackers.

Retail operations were consistently harder targets, possibly because they are more accustomed to interacting with customers, according to Hadnagy.

"Women seemed to be more security conscious," he said of the contest findings, which will be published in a report later this year.

"We call back and get a guy on the phone and we get everything we want," continued Hadnagy, who runs the social-engineer.org website.

Explore further: PWN2OWN Hacker Contest Targets Smartphones

Related Stories

PWN2OWN Hacker Contest Targets Smartphones

March 26, 2009

(PhysOrg.com) -- TippingPoint, a security response team at 3Com Inc, had offered $10,000 for each exploit of any smartphones, which included Apple Inc.'s iPhone and RIM's BlackBerry, as well as phones running the Windows ...

Hackers school next generation at DEFCON Kids

June 26, 2011

DEFCON hackers will share their skills with the next generation at a first-ever children's version of the infamous gathering of software renegades, lock pickers and social engineers.

Recommended for you

Magnetic fields provide a new way to communicate wirelessly

September 1, 2015

Electrical engineers at the University of California, San Diego demonstrated a new wireless communication technique that works by sending magnetic signals through the human body. The new technology could offer a lower power ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

_nigmatic10
not rated yet Aug 08, 2011
Dumb Hackers. The correct term is no patch for human ignorance.
gwrede
not rated yet Aug 08, 2011
Ignorance and naivete.

But personally, I dislike what's going on. At this rate, every nice old lady at any company should become as jaded and street-wise as the worst drug dealers and pimps. No room for honesty and life values. And how could regular people become like this without also becoming cynics?

Not that I'd have any other solution to this either.
seppuku
5 / 5 (1) Aug 09, 2011
So what's the damn connection between social engineering and Android? Is this article just another form of Apple's shaddy PR?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.