Skip to navigation
Latest News

Defcon hackers steal most data from Oracle

hacking

By Reuters

Posted on 8 Aug 2011 at 09:11

Defcon contestants managed to steal the most data from Oracle as part of a security competition over the weekend.

Despite a series of high-profile attacks putting security at the forefront for many companies, hackers taking part in the competition found it ridiculously easy in some cases to trick employees at large US companies to reveal key information.

The contestants also managed to get employees to use their corporate computers to browse websites the hackers suggested. Had these been criminal hackers, the websites could have loaded malicious software onto the PCs.

For me it was a scary call because she was so willing to comply

In one case, a contestant pretended to work for a company's IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack.

"For me it was a scary call because she was so willing to comply," said Chris Hadnagy, one of the organisers of the contest at Defcon, a white-hat security conference held in Las Vegas.

"A lot of this could facilitate serious attacks if used by the right people," Hadnagy said.

The company whose employees handed over the most data was Oracle, according to Hadnagy. One of the world's largest software makers, Oracle got its start more than 30 years ago by selling secure databases to the CIA.Oracle spokeswoman Deborah Hellinger declined comment.

Other targets included Apple, AT&T, Delta Air Lines, Symantec, United Airlines and Verizon.

Spear phishing

It was the second year that Defcon held a contest in social engineering, frequently used in spear phishing email attacks, which are targeted at specific individuals.

Security experts say spear phishing has led to many hacks over the past year, including ones on US defense contractors, the IMF, EMC's RSA Security division and government agencies around the world.

"It's better whenever you can [to] get data non-confrontationally," said Johnny Long, a consultant who companies hire to hack into their data networks, using tools such as social engineering, to identify weaknesses.

The contestants were charged with obtaining specific information from their targets, including information about how the company backs up and secures its data, wireless network use, and the names of companies that provide on-site security, toner and copier paper.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

No system will ever be safe.

One can't help but think what security experts would do without the existence of hackers.

Or disgruntled ex-employees of security firms :)

By nicomo on 8 Aug 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.