Social Engineering Grows Up

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/author.asp?section_id=314&doc_id=1204252

By Kelly Jackson Higgins
Dark Reading
4/7/2014

Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off 
today with new "tag team" rules to reflect realities of the threat.

The wildy popular DEF CON Social Engineering contest this year in Las 
Vegas will feature a new twist: Each contestant will be assigned a 
teammate to whom they must hand-off during the live event where they 
cold-call targeted corporations.

"We needed to create an event like the real world," says Christopher 
Hadnagy, chief human hacker at Social-Engineer.org , and organizer of the 
contest, now in its fifth year. "In the 30 minutes [of the live call], you 
have to tap out at least twice" so that each teammate will have a role in 
the live call. The contest aims to wring as much potentially revealing 
information about the company from the unsuspecting call recipient. 
Contestants squeeze as many predetermined "flags" out of employees at 
major US corporations, everything from the type of browser they are using 
to the name of their cleaning/janitorial service.

The pretense could be that the caller needs to hand the call to his 
manager or another colleague, for example, to provide more legitimacy for 
the call -- something Hadnagy and his team at Social-Engineer.org say is 
becoming more and more common in social engineering exploits. "These are 
realistic vectors," he says of the two-person call approach. Phony 
Microsoft tech support scams do this often, says Hadnagy.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/