Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Concerned About H2K2

Posted by michael on from the as-well-they-should-be dept.

An anonymous submitter forwards this possibly-authentic note about today's H2K2 conference. If you're in the New York area and you love computers and nice hotels, come on down. Anonymous writes "So I get into work, and what do I find in my mailbox? Why, nothing less than a warning cautioning me to be very careful talking to people from July 12 to July 14. (Not me specifically, you understand, it went out all over). Full text follows."

****************************************************************
AT&T Network Fraud Advisory
July 11, 2002
****************************************************************
Possible Hacker Social Engineering Attempts
Friday July 12 - Sunday July
14, 2002
===================================================
Caution:
------------
Be careful about giving information to anyone you don't know and those making unusual information requests by claiming to be an AT&T employee or customer. The H2K2 (Hackers on Planet Earth 2002) Hacker Conference will take place this weekend, Friday, July 12 to Sunday to July 14, 2001, [ed. note: 2001?] in New York City. This conference will be a gathering of over five thousand computer hackers, guest speakers, and computer enthusiasts. http://www.h2k2.net In 1994, 1997 and 2000 at the previous Hope (Hackers on Planet Earth) Conferences, live demonstrations of "social engineering" techniques were performed in front of thousands of hackers and other attendees. The hacker panel dialed live into AT&T offices and centers and demonstrated how to get proprietary information by pretending to be an AT&T employee and customer. These calls were recorded and videotaped by the hackers and are sold as instructional material at future hacker conferences. There is a very high likelihood that AT&T will be a target again this weekend. The social engineering contest is scheduled for Sunday July 14th, at 4 P.M. ET, (1 PM PT). During this period hackers may be dialing into AT&T to get information. AT&T Network Security would like to warn our employees to be on guard this entire weekend for any unknown person calling and claiming to be an AT&T employee to request proprietary information or claiming to be an AT&T customer with unusual requests. Remember, if anyone, who is unknown to you calls for proprietary information or make unusual requests, please follow your procedure by requesting additional information to ensure the person is who they say they are before giving out any information. If the person is claiming to be an AT&T employee, please request name, callback and HRID #. Then verify through POST or the email global address list if the information is correct and even request to call the employee back at their contact number. If the person is claiming to be an AT&T customer verify this by requesting additional info on their account like address and SS# and even request to call the person back at their contact number listed on the account. Please be on guard for any unusual requests. Verify the person is an AT&T employee or a legitimate customer and if they have a need to know the information they are asking. If you can't verify employment or number, don't give out the information. If you are still in doubt regarding the legitimacy of the caller, then speak to a supervisor regarding the situation before proceeding further and inform the caller you will call them back. If you still have questions you can call the Security Hotline 1-800-822-9009. Remember you do not want to be the lucky guest of honor on a telephone call from the hacker conference this weekend with thousands of hackers listening to you and attempting to scam AT&T out of proprietary information. Please be on guard.
- - - - - - - - - - - - - - - - - - - - - - - - -
Source: AT&T Network Security
*******************************************************************

4 of 362 comments (clear)

  1. Hah by iONiUM · · Score: 5, Insightful

    If you still have questions you can call the Security Hotline 1-800-822-9009.
    Can't the hackers who read slashdot (probably most of them) just call this number instead now?

    Furthermore, why doesn't Microsoft have a security hotline?

  2. What a great fuss about nothing by gowen · · Score: 5, Insightful

    I regularly get emails saying "A person has been seen acting suspiciously on campus, and ran away when challenged. There has been a spate of robberies by extra vigilant," and nothing is made about it. It doesn't mean we're not to be vigilant the rest of the time, just a timely and worthwhile heads up.

    What makes this different except the criminals involved are 'l33t and say stuff like "Mad propz".

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  3. Hah by acceleriter · · Score: 5, Insightful
    And they thought no one would post that warning which now contains

    - the resolution procedures in case of doubt about a callers identity

    - the "security hotline" phone number.

    Nice going, AT&T.

    --

    CEE5210S The signal SIGHUP was received.

  4. This is a Dood Thing(tm) by bigjocker · · Score: 5, Insightful

    That e-mail proves the meeting has acomplished one of its goals. Thanks to H2K2 AT&T is being more careful with the private info.

    Isn't that what we all want? At least that's the reason why I support those kind of things.

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.