(Reuters) - A weekend contest at the world's largest hacking convention in Las Vegas showed one reason why big corporations seem to be such easy prey for cyber criminals: their workers are poorly trained in security.
In one case, a contestant pretended to work for a company's IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack. "For me it was a scary call because she was so willing to comply," said Chris Hadnagy, one of the organizers of the contest at the Defcon conference in Las Vegas.
The company whose employees handed over the most data was Oracle Corp, according to Hadnagy. One of the world's largest software makers, Oracle got its start more than 30 years ago by selling secure databases to the Central Intelligence Agency.
The contestants were charged with obtaining specific information from their targets, including information about how the company backs up and secures its data, wireless network use, and the names of companies that provide on-site security, toner and copier paper.