No patch for human stupidity: hackers

Aug 08, 2011
Hackers were able to talk workers at various companies into disclosing revealing information
Skills honed by software renegades at the renowned DefCon hacker gathering that ended Sunday included the art of talking workers into revealing information that can be used to crack into computer networks.

Hackers at DefCon have long understood that there is no patch for human stupidity. Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls.

A "Schmooze Strikes Back" contest challenged hackers to test their "" skills on companies such as Apple, Oracle, Symantec, and Walmart. The contest debuted at the annual DefCon gathering in Las Vegas last year.

"The results are worse than they were last year," said Chris Hadnagy, a social engineering specialist running the contest.

"From what we found, we would own everyone on of these companies."

Hackers were able to talk workers at various companies into disclosing anything from the versions of software used in networks to who provided cafeteria food service.

Knowing specifics about software in company computers lets hackers figure out weaknesses to exploit, and sharing operational information could enable someone intent on corporate espionage to sneak into facilities.

The most effective ruses involved calling companies and posing as a potential customer out to be reassured about the safety of doing business together, according to Hadnagy.

Pretending to be calling from another department in a company, or a remote technical support team, proved to be another effective tactic for hackers.

Retail operations were consistently harder targets, possibly because they are more accustomed to interacting with customers, according to Hadnagy.

"Women seemed to be more security conscious," he said of the contest findings, which will be published in a report later this year.

"We call back and get a guy on the phone and we get everything we want," continued Hadnagy, who runs the social-engineer.org website.

Explore further: Showing 'The Interview' is part of Google's long-term YouTube plan

add to favorites email to friend print save as pdf

Related Stories

Hackers school next generation at DEFCON Kids

Jun 26, 2011

DEFCON hackers will share their skills with the next generation at a first-ever children's version of the infamous gathering of software renegades, lock pickers and social engineers.

PWN2OWN Hacker Contest Targets Smartphones

Mar 26, 2009

(PhysOrg.com) -- TippingPoint, a security response team at 3Com Inc, had offered $10,000 for each exploit of any smartphones, which included Apple Inc.'s iPhone and RIM's BlackBerry, as well as phones running ...

Internet warriors hone skills at Black Hat - DefCon

Jul 26, 2010

Internet warriors are gathering this week to explore chinks in the armors of computers, bank teller machines, mobile phones, power grids, and other "smart" devices intrinsic to modern life.

Recommended for you

N. Korea suffers another Internet shutdown

Dec 27, 2014

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

Streaming release of 'Interview' test for industry

Dec 25, 2014

Sony's "The Interview" has been a hacking target, a punchline and a political lightning rod. Now, with its release online at the same time it debuts in theaters, it has a new role: a test for a new kind of ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

_nigmatic10
not rated yet Aug 08, 2011
Dumb Hackers. The correct term is no patch for human ignorance.
gwrede
not rated yet Aug 08, 2011
Ignorance and naivete.

But personally, I dislike what's going on. At this rate, every nice old lady at any company should become as jaded and street-wise as the worst drug dealers and pimps. No room for honesty and life values. And how could regular people become like this without also becoming cynics?

Not that I'd have any other solution to this either.
seppuku
5 / 5 (1) Aug 09, 2011
So what's the damn connection between social engineering and Android? Is this article just another form of Apple's shaddy PR?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.