March 22nd, 2011The Schmooze Strikes Back
Social-Engineer.Org’s mission has been to raise awareness for social engineering and the role it plays in targeted attacks against companies today.
As security technology advances attackers are increasingly leveraging social engineering techniques in order to gain unauthorized access to global organizations and fortune 500 companies.
In our continued efforts to raise awareness – Social-Engineer.org is proud to announce the Defcon 19 Social Engineering Capture the Flag (SECTF) 2: “The Schmooze Strikes Back”. Using the lessons we learned from Defcon 18, we expect to once again set new standards for raising awareness of social engineering issues.
Last year, our first SECTF we demonstrated the ease in which non-experienced social engineers can extract out potentially sensitive information from Fortune 500 corporations in America. The CTF clearly demonstrated how easy it was for social engineers to extract information from targets on the phone. Our final report was downloaded over 300,000 times and helped organizations make dramatic improvements of their security programs.
This year we are refreshing the format of the SECTF. Changes have been put in place to improve the quality of the contest and better demonstrate the threat of malicious social engineering.
• PREMIER TARGETS. A small selection of companies have agreed to work with Social-Engineer.Org and allow us to use their organizations as full on social engineering targets. These companies have aggressive security awareness programs and have agreed to put these programs to the test, publicly.
• Contestant research and reporting will be improved. A sample report will be provided to all contestants demonstrating what is expected in terms of content, structure, and composition in this report. A professionally done audit report will be required of each contestant.
• A new “target ranking system” will be introduced. While we will not list what data was extracted from the targeted companies for privacy reasons, we will be listing the companies we target and how they fared in the contest. We will rank targeted companies in comparison against other companies called in the same industry, and in total against all companies called. The intent of this is to not only point out companies that have improvements to make, but also to give credit to companies that have effective and strong information security programs.
Just like last year, we will not target any directly sensitive information such as passwords, IP addresses, social security numbers, credit card numbers, and so on. There are entire industries we will not target without the company being a premier target, such as government, health care, financial and education. Like last year, great care will be taken to protect the privacy of targeted companies and keep contest morally clean and legal.
We expect this years SECTF to be even more exciting especially due to our highlight event during the contest, which for now will remain undisclosed….
If you think “the Schmooze” is strong with you and want to show case your social engineering skills then….
We have opened a limited number of sponsor slots for this year’s SECTF. So far our sponsors for Defcon 19 SECTF are: