Hackers' Low-Tech Tool: A Phone Call

Aug 16, 2011

The conference for the best hackers in the free world is held every year in Las Vegas. It's called DefCon. The entrance fee is $150, cash only. (And it's a bad idea to use the ATM at a hacker conference.)

There are lots of hacking competitions at DefCon, most of which are complicated and technical. But one contest is very simple.

Hackers call up a corporation and try to persuade the person who answers the phone to give them sensitive information. The technique is called social engineering, and it's been a key element of some recent high-profile hacks.

At the competition, contestants sit in a glass phone booth and call unsuspecting corporations. Their conversations are played on a P.A. system for dozens of spectators.

A guy named Mark is up next. He calls Wal-Mart and says he's in the company's I.T. department.

Each contestant has 25 minutes in the glass booth. There's a checklist of information they're supposed to get: What time the company's packages are delivered, what kind of anti-virus software they use, whether the company uses the most up-to-date operating system.

Mark is only 18 years old. It's his first time competing here. But he actually gets a few key pieces of information. (Wal-Mart declined to comment for this story.)

The audience at the contest — as at many DefCon competitions — isn't just hackers. Also in attendance: Security companies that corporations hire to defend themselves.

And a couple seconds after Mark leaves the booth, he gets a job offer from a security company.

Copyright 2011 National Public Radio. To see more, visit http://www.npr.org/.