Radio

Hackers' Low-Tech Tool: A Phone Call

The conference for the best hackers in the free world is held every year in Las Vegas. It's called DefCon. The entrance fee is $150, cash only. (And it's a bad idea to use the ATM at a hacker conference.)

There are lots of hacking competitions at DefCon, most of which are complicated and technical. But one contest is very simple.

Hackers call up a corporation and try to persuade the person who answers the phone to give them sensitive information. The technique is called social engineering, and it's been a key element of some recent high-profile hacks.

At the competition, contestants sit in a glass phone booth and call unsuspecting corporations. Their conversations are played on a P.A. system for dozens of spectators.

A guy named Mark is up next. He calls Wal-Mart and says he's in the company's I.T. department.

Each contestant has 25 minutes in the glass booth. There's a checklist of information they're supposed to get: What time the company's packages are delivered, what kind of anti-virus software they use, whether the company uses the most up-to-date operating system.

Mark is only 18 years old. It's his first time competing here. But he actually gets a few key pieces of information. (Wal-Mart declined to comment for this story.)

The audience at the contest — as at many DefCon competitions — isn't just hackers. Also in attendance: Security companies that corporations hire to defend themselves.

And a couple seconds after Mark leaves the booth, he gets a job offer from a security company.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.