For the past five years, Chris Hadnagy, Chief Human Hacker at Social-Engineer, Inc, has run an unusual competition at Def Con. Called Social Engineering Capture The Flag, it challenges contestants to gather information on various companies (flags, if you will). This is social engineering: the art of collecting information from targets without having to break into a building or hack a network.
In the first phase, 20 contestants work to get information on target companies from publicly-available sources. The last phase is a 25-minute marathon of phone calls where contestants pump victims for information.
This ranges from the mundane (“Do you have a cafeteria?”) to the critical (“Do you use disk encryption?”) to the potentially disastrous: tricking victims into visiting fake URLs. This year’s competition included ten companies, including Apple, Boeing, and General Dynamics among others.