A weekend contest from 4th August to 7th August , at the world's largest hacking convention in Las Vegas showed one reason why big corporations seem to be such easy prey for cyber criminals : their workers are poorly trained in security.
Reuters post the news about Hacking of Oracle and some more big Companies just by using Social Engineering in DefCon 19. Hackers taking part in the competition on Friday and Saturday found it ridiculously easy in some cases to trick employees at some of the largest U.S. companies to reveal information that can be used in planning cyber attacks against them.
A contestant pretended to work for a company's IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack. "For me it was a scary call because she was so willing to comply," said Chris Hadnagy, one of the organizers of the contest at the Defcon conference in Las Vegas. "A lot of this could facilitate serious attacks if used by the right people," Hadnagy said.
The company whose employees handed over the most data was Oracle Corp, according to Hadnagy. One of the world's largest software makers, Oracle got its start more than 30 years ago by selling secure databases to the Central Intelligence Agency. Oracle spokeswoman Deborah Hellinger declined comment.
Other targets included Apple Inc, AT&T Inc, ConAgra Foods Inc, Delta Air Lines Inc, Symantec Corp, Sysco Corp, United Continental Holdings Inc's United Airlines and Verizon Communications Inc. It was the second year that Defcon held a contest in "Social engineering," or the practice where hackers con people into handing over information or taking actions such as downloading malicious software.
"It's better whenever you can get data non-confrontationally," said Johnny Long, a consultant who companies hire to hack into their data networks, using tools such as social engineering, to identify weaknesses.