Social Engineering Report Shows Corporate America At Risk
Final report from Defcon contest details information employees gave up over the phone
By Kelly Jackson Higgins
DarkReading
Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at Defcon: Security companies were just as susceptible to social engineering as nontechnology firms, Internet Explorer 6 was still in use at 65 percent of the Fortune 500 companies targeted in the contest, and nearly 90 percent of the targets willingly opened a URL that the contestants gave them.
The contest, in which the art of social engineering was demonstrated on a rare public stage using real-world targets, was aimed at gauging the vulnerability of major corporations to social engineering. And the 17 contestants, who had to compile a dossier of as much information as they could gather passively on their assigned target company beforehand (no phone calls, email, or direct contact), had little trouble scoring information in the 25 minutes they had to social-engineer someone on the other end of the telephone line during the contest. The event was open to Defcon attendees to watch as the contestants made their calls from a soundproof booth.
Read more: Click to access the related article.
