Smooth talking hackers were able to talk their way into ten leading companies while on stage at a hacker conference.
A “social engineering”, or blagging contest, at the conference challenges hackers to call workers at 10 companies including Google, Apple, Cisco, Pepsi, Coca Cola, Shell, BP, Ford, Proctor & Gamble and Microsoft and get them to reveal too much information.
Offensive security operations manager Christopher Hadnagy, part of the social-engineer.org team behind the competition said that out of all the companies called, not one company shut the hackers out.
The idea of the competition was to coax information out of the outfits to show that workers would have unintentionally made it easier to attack networks.
Caught out were a chief technical officer to IT support personnel and sales people.
One employee opened programs on a company computer to read off specifications regarding types of software being used.
The hackers were aiming to win an Apple iPad tablet with second prize being two Apple iPad tablets.
Aharoni said the big idea was to show that social engineering was a legitimate attack vector.
“Companies don’t think their people will fall for something as simple as someone calling and just asking a few questions,” Hadnagy told AP .
One hacker was nearly foiled by insisting he send his questions in an email that would be reviewed and answered if appropriate. But the hacker managed to convince the worker to change his mind by claiming to be under pressure to finish a report for a boss by that evening.