Hackers' Low-Tech Tool: A Phone Call
The conference for the best hackers in the free world is held every year in Las Vegas. It's called DefCon. The entrance fee is $150, cash only. (And it's a bad idea to use the ATM at a hacker conference.)
There are lots of hacking competitions at DefCon, most of which are complicated and technical. But one contest is very simple.
Hackers call up a corporation and try to persuade the person who answers the phone to give them sensitive information. The technique is called social engineering, and it's been a key element of some recent high-profile hacks.
At the competition, contestants sit in a glass phone booth and call unsuspecting corporations. Their conversations are played on a P.A. system for dozens of spectators.
A guy named Mark is up next. He calls Wal-Mart and says he's in the company's I.T. department.
Each contestant has 25 minutes in the glass booth. There's a checklist of information they're supposed to get: What time the company's packages are delivered, what kind of anti-virus software they use, whether the company uses the most up-to-date operating system.
Mark is only 18 years old. It's his first time competing here. But he actually gets a few key pieces of information. (Wal-Mart declined to comment for this story.)
The audience at the contest — as at many DefCon competitions — isn't just hackers. Also in attendance: Security companies that corporations hire to defend themselves.
And a couple seconds after Mark leaves the booth, he gets a job offer from a security company.