Some Reasons Many US Companies So Easy to Hack

Monday, August 8th 2011. | Software News

Why big companies fall prey to cyber attacks very easily? According to hackers taking part in Defcon conference, the world’s largest hacking convention in Las Vegas, workers at big corporations are poorly trained in security, which makes it “ridiculously easy” for hackers to trick them and reveal key information to plan cyber attacks against them. At a time when large organizations like Sony Corp and International Monetary Fund (IMF) have been targeted for massive security breach, companies are expected to pay special attention to security. But unfortunately, employees at some of the largest U.S. companies lack the required knowledge of security, said hackers in a weekend contest at the hacking convention on Friday and Saturday.

Employees in the big companies were even managed to use their corporate computers to browse websites suggested by hackers (contestants). If they had been criminal hackers, malicious software would have likely been loaded onto the computers, a Reuters report said.  Pretending to be an employee of an IT company, one of the contestants successfully persuaded another employee to pass on information on the configuration of her PC. With the help of that information, a hacker can easily decide what would be the suitable malware to carry out the attack.

“For me it was a scary call because she was so willing to comply,” Reuters quoted Chris Hadnagy, one of the organizers of the contest at the Defcon conference in Las Vegas.   “A lot of this could facilitate serious attacks if used by the right people.” A group of benevolent hackers organized Defcon in order to endorse research on security vulnerabilities, as well as to make companies aware of security issues to fix them. The weekend hacking contest was sponsored by white-hat hackers with a purpose to expose the security loopholes in companies and to encourage them to create awareness about risks of hacking among employees.

A wake up call for Oracle
“Oracle was wiped,” said Hadnagy, who o-author of the book “Social Engineering: The Art of Human Hacking.” Employees at Oracle, one of the world’s largest software makers, gave away most number of data, he said.

Apart from Oracle, other companies that were also targeted, included Apple, AT&T, ConAgra Foods, Delta Air Lines, Symantec, Sysco, United Continental Holdings, United Airlines and Verizon Communications.

According to security experts, hackers frequently use “social engineering” to make people hand over information or to download malicious software. In social engineering, hackers send a “spear phishing” e-mail to people pretending to be a friend. The e-mail asks the recipient to open a tainted file or visit a malicious website.

Over the past year, numerous hacking activities by hakcer groups like LulzSec and Anonymous have been reported. Many organizations such as U.S. defense contractors, the IMF, EMC Corp’s RSA Security division, Sony, NASA, Arizona Police and government agencies across the world had been targeted.

Information that the contestants managed to obtain from their targets includes information related to data security and backup systems, wireless network use, the names of on-site security providers etc.

Related For Some Reasons Many US Companies So Easy to Hack