Here's a fascinating account of a live social engineering capture-the-flag game in front of an audience at the Defcon hacker conference.

Finally, Darnell directed the manager to an external website to fill out a survey to prep for the upcoming visit. The manager dutifully plugged the address into his browser. His computer blocked the connection, but Darnell wasn't fazed. He said he'd call the IT department and have it unlocked.

The manager didn't think that was a concern. "Sounds good," he answered. "I'll try again in a few hours."

After thanking the manager for his help, Darnell made plans to follow up the next day. The manager promised to send Darnell over a list of good hotels in the area.

Then "Gary Darnell" hung up and stepped out of the soundproof booth he had been in for the last 20 minutes.

"All flags! All flags!" he announced, throwing his arms up in a V-for-Victory symbol.

His audience of some 100 spectators at the Defcon conference in Las Vegas burst into applause. They had been listening to both sides of the call through a loudspeaker broadcast.

I would have loved to see it live. Be on your guard.

0 TrackBacks

Listed below are links to blogs that reference this entry: Social Engineering With a Live Studio Audience.

TrackBack URL for this entry: http://www.mwilliams.info/mt5/tb-confess.cgi/8099

Comments

Supporters

Email blogmasterofnoneATgmailDOTcom for text link and key word rates.

Site Info

Support