Social engineering attacks on agenda at DeepSec conference

This is the third year running that DeepSec is taking place in Vienna and, Rene Pfeiffer, the event organiser said, social engineering is an important topic.

"Current data thefts in social networks but also from financial service providers and telecommunications companies can have far-reaching effects taking the form of social engineering attacks that are unpredictable", he said.

"Any information - whether it's names, information about the school or place of work, age, sex, interests and looks - serves as a starting point to harm the person in question or his corporate environment", he added.

According to Pfeiffer, social engineering comprises any type of manipulation on an interpersonal level with the aim of accessing data, objects or services without being authorised to do so.

In order to achieve this, he explained, social engineers scan the personal environment of their victim in order to find starting points.

Even scraps of information like telephone numbers are used by social engineers to feign fake identities and to make bogus calls in the private as well as the business environments.

The social engineers will then pretend to be an official, a member of the family or a technician who requires confidential access data to carry out important work.

"The use of jargon and flaunting self-confidence combined with a tendency to slavishly follow authority, which exists in many of the victims, often leads to their disclosing secret and valuable information", he said.

According to Pfeiffer, preventing social engineering isn't easy, as gullible or helpful people don't really stand a chance while initial sceptics tend to be threatened with consequences to overcome their resistance.

"All users of social networks, from school children and students through to employees, are well advised to handle information with care and not to reveal too much about themselves. Every piece of additional detailed information increases the credibility of a social engineering attacker and thereby his chance to succeed", he said.

In a two-day workshop at the conference, security experts Sharon Conheady and Martin Law from First Defence Information Security will analyse which social engineering strategies exist, how they work and how they are carried out.

The DeepSec conference is sponsored by the Microsoft Security Team, Sourcefire.com, The British Bookshop, Global Knowledge and the Austrian Chamber of Commerce.

Topics up for discussion at the event include DDoS attacks on GSM networks, data theft via Twitter, e-voting, Stoned Bootkit, cloud computing, data base attacks, cancelling smart cards, attacking USB drivers, danger from manipulated printer firmware and security aspects in software development.

What’s Hot on Infosecurity Magazine?