DefCon Contest Rattles FBI's Nerves 136
snydeq writes "A DefCon contest that invites contestants to trick employees at 30 US corporations into revealing not-so-sensitive data has rattled nerves at the FBI. Chris Hadnagy, who is organizing the contest, also noted concerns from the financial industry, which fears hackers will target personal information. The contest will run for three days, with participants attempting to unearth data from an undisclosed list of about 30 US companies. The contest will take place in a room in the Riviera hotel in Las Vegas furnished with a soundproof booth and a speaker, so an audience can hear the contestants call companies and try to weasel out what data they can get from unwitting employees."
The group organizing the contest has established a strict set of rules to ensure participants don't violate any laws. Update: 07/31 04:45 GMT by S : PCWorld has coverage of one of the day's more successful attacks.
Re:Dumbasses @ FBI (Score:5, Funny)
"Do you have Prince Albert in a can?"
Okay, be honest. (Score:5, Funny)
Who here clicked the link to www.social-engineer.org before thinking about the potential consequences?
Have you just been had? :-)
Re:This is refreshing (Score:3, Funny)
Not-so-sensitive?! (Score:4, Funny)
"If you don't tell me, I'll look at the dumpster behind your building and read the name on it!"
Re:This is refreshing (Score:5, Funny)
I prefer to beat the password out of the mark after 5 minutes of brute force.
The information they want is almost too innocuous. (Score:3, Funny)
1.) Get a list of past DefCon attendees from the company.
2.) Find prior attendees NOT attending the current DefCon.
3.) Call those prior attendees up and say "DefCon this year is doing a social engineering CTF, can you help me out by providing some silly and innocuous data about your company/building?"
This could work surprisingly well, so long as you got somebody willing to play along and help you "cheat."
In fact, this approach (or something similar) would probably be so common and so effective that there might be a rule added against it.
What would be particularly funny is if you didn't actually check if they were attending this year, and the "victim" was sitting in the audience!