08 Aug 2011

Workers give hackers exploitable information

As part of a contest at the recent DefCon computer security conference in Las Vegas, hackers collected sensitive information about the networks of major corporations, including tech and telecommunications companies, retailers and airlines.

The contest called on hackers to convince workers at target companies to share exploitable information, testing the hackers' social engineering skills. Contacted workers provided technical computer specs and operational information useful for corporate espionage, like the identity of cafeteria food service providers, according to Agence France Presse.

Chris Hadnagy, the social engineering specialist who facilitated the contest, told AFP that participants pretending to be potential customers looking for reassurance about computer security protocols, or posing as someone from the target’s IT department had great success.

Among targets that included Apple, ConAgra Foods, Delta Airlines and Verizon Communications, software developer Oracle provided the most information to contestants, Reuters reports.

Retailers were the most difficult companies to crack, Hadnagy told AFP. He surmised this might be because workers at those companies deal with customers on a regular basis.

In a cyber operations strategy document released earlier this summer, the U.S. Department of Defense said its first priority will be educating its workforce about best practices to maintain computer security.