The world-famous Defcon hacker conference is currently ongoing in Las Vegas, and we already have our first bit of controversy. (I fully expect plenty of “evil hackers do bad things” stories to pop up in the coming hours.) A social engineering contest that encouraged participants to try to social engineer their way into major corporations has drawn the ire of THE MAN, specifically the FBI. Always trying to ruin the fun, those guys.
The contest wasn’t all that complicated: contestants were put in soundproof booths (but with a microphone so that audience members could hear what was going on) and they were to try to social engineer their way up the food chain at various corporations. The point was to see who was able to social engineer their way to the “best” piece of information.
Social engineering, of course, is the art of persuading people to tell you something, or give you information, that they’re otherwise disinclined to tell or give.
Because of the nature of the contest, and after consulting with the Electronic Frontier Foundation, contestants were bound to certain rules: no asking for sensitive information such as passwords. Says the rules, “If something seems unethical—don’t do it. If you have questions, ask a judge.”
So what type of information were the contestants looking for? Mostly harmless nonsense, nearest I can tell. Listed examples include asking who handles your paper shredding or who takes out your trash.
Again, harmless nonsense.
The banking industry was particularly concerned about the contest, going so far as to warn their employees, including legal departments, about it. I guess they didn’t feel comfortable with someone asking questions about their practices. Real fine society we have here. The FBI was called in, and grilled contest organizers about the nature of the contest.
Thankfully, after checking in, the FBI was satisfied, finally realizing that there was absolutely no cause for concern.