Oracle employees can all-too-easily fall prey to social engineering attacks, according to white hat hackers, who tested the company during the Defcon conference in Las Vegas last month.
Engineers posed as company IT workers to test whether they could coax employees to hand over information regarding how the company backs up data or uses their wireless networks, in addition to providing the names of firms that provide on-site security. These requests were made by email or by asking the employee to click on a website embedded with phishing software. The goal of the contest was to show companies their security weaknesses and encourage them to educate their employees on malicious hacking.
"Oracle was wiped," said Chris Hadnagy, one of the conferences organizers, referencing what would have happened if the white-hat hackers had had ill intent.
Social engineering, as the practice of scamming someone face-to-face (or virtually face-to-face) is called, requires far less technical expertise than tradition hacking and phishing. Rather than breaking firewalls or encryption keys, hackers gain access via their target on the inside of the network.
Oracle could not be reached for comment in regards to the incident.
