Join the Community

22,086
Expert opinions
44,061
Total members
421
New members (last 30 days)
193
New opinions (last 30 days)
28,702
Total comments

Women Proved Securest in the Defcon Social Engineering Game

In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have.

Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women who gave up zero data to the social engineers.

Computerworld reports, “Contestants targeted 17 major corporations over the course of the two-day event, including Google, Wal-Mart, Symantec, Cisco Systems, Microsoft, Pepsi, Ford and Coca-Cola. Sitting in a plexiglass booth, with an audience watching, they called up company employees, trying to get them to give up information.”

Contestants had twenty minutes to call unsuspecting employees at the target companies and obtain specific bits of (non-sensitive) information about the business for additional points. Participants were not allowed to make the target company feel at risk by pretending to represent a law enforcement agency.

The players extracted data that could be used to compile an effective “attack,” including “information such as what operating system, antivirus software, and browser their victims used. They also tried to talk marks into visiting unauthorized Web pages.”

Social engineering is the most effective way to bypass any hardware or software systems in place. Organizations can spend millions on security, only to have it all bypassed with a simple phone call.

The players in this game were all men. Maybe the women didn’t give up any data because they were simply untrusting. It could be that the women were properly trained in how to deter social engineers and protect company data over the phone. Or maybe the women simply paid attention to their sixth sense, and felt they were being conned.

Any time the phone rings, a new email comes in, someone knocks on your door, or visits your office, question those who present themselves in positions of authority.

Don’t automatically trust or give the benefit of the doubt.

Within your home or business, communicate what can and can’t be said or done, or what information can or cannot be provided.

Keep in mind that when you lock a door, it’s locked, but it can be opened with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face to face, with a cynical eye for a potential agenda.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,086
Expert opinions
44,061
Total members
421
New members (last 30 days)
193
New opinions (last 30 days)
28,702
Total comments

Trending

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

How to avoid potential risks when working with correspondent accounts

Kathiravan Rajendran

Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global

Is a Seamless Cross-Border Payment Future Possible?

Now Hiring