Cybersecurity

A hacker's best friend is a nice employee

When it comes to hacking, the most dangerous thing at most companies may not be their computer network but the lowly desk telephone.

“You can get everything you need — information about their security, their operating system, what kind of computers they use. Just with a call,” said Chris Silvers, who runs CG Silvers, an independent security consulting firm in Atlanta.

He proved it recently when he won first prize in what's called a social engineering contest held at DefCon, a hacker conference held in Las Vegas.

Social engineering involves tricking people into giving up information that lets hackers bypass physical and computer security systems. It’s most commonly done with a simple phone call, talking a tech support agent into resetting a password or getting information about a company’s network by asking an unwary staffer some leading questions.