Sogeti Netherlands Aims Social Engineering and CTF Challenge at Top 100 Dutch Companies
Amsterdam, The Netherlands, 14 May 2012 – Sogeti Nederland B.V. has just announced the first ever Social Engineering and CTF Challenge (#SSEC2012) in Europe. Hosted at the third annual HITB Security Conference on 24th - 25th May at Okura Hotel in Amsterdam, the challenge will see participants putting their social engineering skills to the test in a series of fact-finding phone approaches aimed at Dutch companies.
Created and run by Sogeti Nederland B.V., the challenge aims to gather empirical data on and to raise awareness against infosecurity attacks targeting employees. The two-day game is spread across three separate challenges where participants will have to hack their way into a wireless router, social engineer one of the top 100 Dutch companies and solve a hacking challenge in Sogeti Nederland’s CTF web application. The inaugural winner walks away with a brand new iPad, a free conference ticket for HITBSecConf2013 - Amsterdam and bragging rights for winning the first #SSEC2012 challenge ever!
“With #SSEC2012, Sogeti Nederland is very excited to bring a social engineering element into this year’s HITBSecConf. The human factor is often referred to as the weak link in infosecurity defenses,” said Martin Visser, Senior Security Specialist . “This challenge is aimed to not only highlight the human risk factor, but to also demonstrate the ease with which it can be compromised. Knowing what are the common pretext strategies used to fraud employees is key in protecting organisations from social engineering attacks.” he continued.
Challenge registrants will receive a randomly selected target company to research before the challenge days. Participants then work their angle and social engineer the target company within 30 minutes by phone call to published call lines live from a supervised studio at the conference venue. Point flags can include obtaining the name of the company’s caterer for example, or successfully persuading the call recipient to visit a third party site. To adhere to legal guidelines, the challenge will also be supervised to preempt use of illegal fronts, threat approaches or attempts to extract sensitive or illegal information from the call recipients.
All conference attendees and members of the public can watch the challenge in progress via a webcam feed and also listen in on a delayed audio stream directly from the studio.
“The human element remains a major potential security vulnerability in any organisation. Verizon’s 2011 Data Breach Investigations report showed that 11% of breaches are from social engineering attacks and of these, 44% are from pretexting”, said Dhillon Andrew Kannabhiran, Founder and CEO of HITB.
Interested participants can obtain more information and register for the challenge via the EventBrite page at http://ssec2012.eventbrite.com/ For details on #HITB2012AMS, please see: http://conference.hitb.org/hitbsecconf2012ams/