DeepSec Conference Warns: Social Engineering Attacks Impending After Social Network Data Theft

November 1, 2009

Stealing data is only the first step of a successful attack. It is part of the preparation and very useful for social engineering.

VIENNA, AUSTRIA, November 01, 2009 /24-7PressRelease/ -- The International Security Conference DeepSec (https://deepsec.net/), which will be held from 17 to 20 November in Vienna for the third time, bringing together the world elite from the areas of network security and hacking, is dedicated to espionage and how to avert it. Social engineering is an important topic: "Current data thefts in social networks but also from financial service providers and telecommunications companies can have far-reaching effects taking the form of social engineering attacks that are unpredictable," warns Rene Pfeiffer, organiser of DeepSec. Every targeted social engineering attack requires a period of intensive information gathering. "Any information - whether it's names, information about the school or place of work, age, sex, interests and looks - serves as a starting point to harm the person in question or his corporate environment," says security expert Pfeiffer.

Social engineering comprises any type of manipulation on an interpersonal level with the aim of accessing data, objects or services without being authorised to do so. In order to achieve this, social engineers scan the personal environment of their victim in order to find starting points. Even scraps of information like telephone numbers are used to feign fake identities and to make bogus calls in the private as well as the business environments. The social engineer may pretend to be an official, a member of the family or a technician who requires confidential access data to carry out important work. The use of jargon and flaunting self-confidence combined with a tendency to slavishly follow authority, which exists in many of the victims, often leads to their disclosing secret and valuable
information. Averting social engineering isn't easy: gullible or helpful people don't really stand a chance while initial sceptics tend to be threatened with consequences to overcome their resistance.

"All users of social networks, from school children and students through to employees, are well advised to handle information with care and not to reveal too much about themselves. Every piece of additional detailed information increases the credibility of a social engineering attacker and thereby his chance to succeed," according to Pfeiffer.

In a two-day workshop experts Sharon Conheady and Martin Law from First Defence Information Security analyse which social engineering strategies exist, how they work and how they are carried out. Moreover, defence strategies for IT professionals against social engineering are also part of the workshop.

The conference is sponsored, among others, by the Microsoft Security Team, Sourcefire.com, The British Bookshop, Global Knowledge and the Austrian Chamber of Commerce. In the course of the conference specialists offer insights into today's security risks and ways to avert them. Further topics include DoS attacks on GSM networks, data theft via Twitter, e-voting, Stoned Bootkit, cloud computing, data base attacks, cancelling smart cards, attacking USB drivers, danger from manipulated printer firmware and security aspects in software development.

Being a neutral platform, DeepSec brings together the hacker community, IT/security companies, officials and researchers to exchange thoughts and experiences in lectures and workshops. But the conference also wants to counteract the widespread prejudice that hackers are automatically criminals. "For many of them it's really about identifying safety holes and making them public. Only then can they be closed," according to Pfeiffer.

The complete programme with a summary of the contributions: https://deepsec.net/schedule

DeepSec 2009 the In Depth Security Conference, November 17-20 in The Imperial Riding School Vienna, Austria.

---
Press release service and press release distribution provided by http://www.24-7pressrelease.com