No patch for human stupidity: hackers

Aug 08, 2011
Hackers were able to talk workers at various companies into disclosing revealing information
Skills honed by software renegades at the renowned DefCon hacker gathering that ended Sunday included the art of talking workers into revealing information that can be used to crack into computer networks.

Hackers at DefCon have long understood that there is no patch for human stupidity. Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls.

A "Schmooze Strikes Back" contest challenged hackers to test their "" skills on companies such as Apple, Oracle, Symantec, and Walmart. The contest debuted at the annual DefCon gathering in Las Vegas last year.

"The results are worse than they were last year," said Chris Hadnagy, a social engineering specialist running the contest.

"From what we found, we would own everyone on of these companies."

Hackers were able to talk workers at various companies into disclosing anything from the versions of software used in networks to who provided cafeteria food service.

Knowing specifics about software in company computers lets hackers figure out weaknesses to exploit, and sharing operational information could enable someone intent on corporate espionage to sneak into facilities.

The most effective ruses involved calling companies and posing as a potential customer out to be reassured about the safety of doing business together, according to Hadnagy.

Pretending to be calling from another department in a company, or a remote technical support team, proved to be another effective tactic for hackers.

Retail operations were consistently harder targets, possibly because they are more accustomed to interacting with customers, according to Hadnagy.

"Women seemed to be more security conscious," he said of the contest findings, which will be published in a report later this year.

"We call back and get a guy on the phone and we get everything we want," continued Hadnagy, who runs the social-engineer.org website.

Explore further: Startups offer banking for smartphone users

add to favorites email to friend print save as pdf

Related Stories

Hackers school next generation at DEFCON Kids

Jun 26, 2011

DEFCON hackers will share their skills with the next generation at a first-ever children's version of the infamous gathering of software renegades, lock pickers and social engineers.

PWN2OWN Hacker Contest Targets Smartphones

Mar 26, 2009

(PhysOrg.com) -- TippingPoint, a security response team at 3Com Inc, had offered $10,000 for each exploit of any smartphones, which included Apple Inc.'s iPhone and RIM's BlackBerry, as well as phones running ...

Internet warriors hone skills at Black Hat - DefCon

Jul 26, 2010

Internet warriors are gathering this week to explore chinks in the armors of computers, bank teller machines, mobile phones, power grids, and other "smart" devices intrinsic to modern life.

Recommended for you

Startups offer banking for smartphone users

Aug 30, 2014

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

_nigmatic10
not rated yet Aug 08, 2011
Dumb Hackers. The correct term is no patch for human ignorance.
gwrede
not rated yet Aug 08, 2011
Ignorance and naivete.

But personally, I dislike what's going on. At this rate, every nice old lady at any company should become as jaded and street-wise as the worst drug dealers and pimps. No room for honesty and life values. And how could regular people become like this without also becoming cynics?

Not that I'd have any other solution to this either.
seppuku
5 / 5 (1) Aug 09, 2011
So what's the damn connection between social engineering and Android? Is this article just another form of Apple's shaddy PR?