Slashdot Mirror


AT&T Concerned About H2K2

An anonymous submitter forwards this possibly-authentic note about today's H2K2 conference. If you're in the New York area and you love computers and nice hotels, come on down. Anonymous writes "So I get into work, and what do I find in my mailbox? Why, nothing less than a warning cautioning me to be very careful talking to people from July 12 to July 14. (Not me specifically, you understand, it went out all over). Full text follows."

****************************************************************
AT&T Network Fraud Advisory
July 11, 2002
****************************************************************
Possible Hacker Social Engineering Attempts
Friday July 12 - Sunday July
14, 2002
===================================================
Caution:
------------
Be careful about giving information to anyone you don't know and those making unusual information requests by claiming to be an AT&T employee or customer. The H2K2 (Hackers on Planet Earth 2002) Hacker Conference will take place this weekend, Friday, July 12 to Sunday to July 14, 2001, [ed. note: 2001?] in New York City. This conference will be a gathering of over five thousand computer hackers, guest speakers, and computer enthusiasts. http://www.h2k2.net In 1994, 1997 and 2000 at the previous Hope (Hackers on Planet Earth) Conferences, live demonstrations of "social engineering" techniques were performed in front of thousands of hackers and other attendees. The hacker panel dialed live into AT&T offices and centers and demonstrated how to get proprietary information by pretending to be an AT&T employee and customer. These calls were recorded and videotaped by the hackers and are sold as instructional material at future hacker conferences. There is a very high likelihood that AT&T will be a target again this weekend. The social engineering contest is scheduled for Sunday July 14th, at 4 P.M. ET, (1 PM PT). During this period hackers may be dialing into AT&T to get information. AT&T Network Security would like to warn our employees to be on guard this entire weekend for any unknown person calling and claiming to be an AT&T employee to request proprietary information or claiming to be an AT&T customer with unusual requests. Remember, if anyone, who is unknown to you calls for proprietary information or make unusual requests, please follow your procedure by requesting additional information to ensure the person is who they say they are before giving out any information. If the person is claiming to be an AT&T employee, please request name, callback and HRID #. Then verify through POST or the email global address list if the information is correct and even request to call the employee back at their contact number. If the person is claiming to be an AT&T customer verify this by requesting additional info on their account like address and SS# and even request to call the person back at their contact number listed on the account. Please be on guard for any unusual requests. Verify the person is an AT&T employee or a legitimate customer and if they have a need to know the information they are asking. If you can't verify employment or number, don't give out the information. If you are still in doubt regarding the legitimacy of the caller, then speak to a supervisor regarding the situation before proceeding further and inform the caller you will call them back. If you still have questions you can call the Security Hotline 1-800-822-9009. Remember you do not want to be the lucky guest of honor on a telephone call from the hacker conference this weekend with thousands of hackers listening to you and attempting to scam AT&T out of proprietary information. Please be on guard.
- - - - - - - - - - - - - - - - - - - - - - - - -
Source: AT&T Network Security
*******************************************************************

8 of 362 comments (clear)

  1. Re:Hah by JWSmythe · · Score: 5, Funny

    I get the feeling the operators at (800) 822-9009 are about to be slashdotted themselves.. Can AT&T take 1/2 mil simultanious calls to their security hotline? hehe

    --
    Serious? Seriousness is well above my pay grade.
  2. HA! Social Engineering! by Havokmon · · Score: 5, Funny
    Kudos to the guy who got AT&T to give us their proprietary info on what security precautions they take before giving out confidential information. ;)

    --
    "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
  3. Addendum: by cybermace5 · · Score: 5, Funny

    Dear Employees:

    The previous memo failed to mention another warning sign of hacker social engineering attempts. If you hear the song "Halcyon-On and On" by the music group Orbital, hang up the telephone immediately. We will be holding information sessions at all regional offices for telephone support personnel, where you will be trained to recognize this music within several seconds. DO NOT confuse this warning sign with the last five minutes of Mortal Kombat! It is better to be safe than sorry. Thank you for your cooperation, and stay Hacker-Free(tm) during this period of "l337n355".

    --
    ...
  4. Re:Hah by Pig+Hogger · · Score: 5, Funny
    Furthermore, why doesn't Microsoft have a security hotline?
    They had one, but it melted down.
  5. perfect security by constantnormal · · Score: 5, Funny

    At my employer's firm, we have perfected the art of repelling those out to gain information by a 2-pronged approach. We run the callers through a maze of automated phone forwarding recordings to (eventually) a person who has no clue about anything.

    1. Re:perfect security by zerOnIne · · Score: 5, Funny

      you work for verizon, don't you?

      --
      09
  6. Ignore the memo! by L.+VeGas · · Score: 5, Funny

    If we're forced to follow basic security procedures, it means the hackers have already won.

  7. Re:What a great fuss about nothing by edbarrett · · Score: 5, Funny
    So what does "mad props" mean anyway?

    The Set Decoration Is Not Amused.