AT&T Network Security Bulletin About DEF CON ============================================ [Edited from it's original format because it looked fucking ugly when it hit my mailbox -boog] **************************************************************************** AT&T Security July 30, 1998 AT&T Network Security Bulletin **************************************************************************** This bulletin is being sent to both the AT&T Security shared folders - !security:information and !security:advisory - to reach as many employees as possible. Thank you. ============================================================================ Possible Hacker Social Engineering Attempts July 31- August 2, 1998 Caution: ------------ Be careful about giving information to anyone you don't know and making unusual information requests by claiming to be an AT&T employee or customers. The Defcon 6 Hacker's Conference will take place this weekend, Friday, July 31st to August 2nd, 1998 in Las Vegas, Nevada. This conference will be a gathering of several thousand computer hackers, guest speakers and computer enthusiasts. In 1994, at the Hope (Hackers on Planet Earth) Conference, a live demonstration of Social Engineering was performed in front of hundreds of hackers and other attendees. The hacker panel dialed live into our AFSC (Advanced Feature Service Center) and successfully demonstrated his social engineering skills by getting the information he wanted by pretending to be an AT&T employee. The demonstration was recorded and was aired on BAI Radio in New York. In last year's Beyond Hope Conference, there were several attempts to call AT&T's Customer Care Center 800-222-0300 to social engineer information, however due to the vigilance of our employees, the attempts did not succeed in getting any information. On this Friday Evening, July 31st, there will be another presentation (and possible demonstration) about Social Engineering. AT&T Security would like to warn our employees to be on guard for any unknown person calling to request proprietary information and claiming to be an AT&T employee, or calling in as a customer with unusual requests. Remember, if anyone who is unknown to you calls for proprietary information, request a call-back number, check the call-back number before calling back. Verify the person is an AT&T employee or a legitimate customer and if he has a need to know. If you can't verify employment or number, don't give out the information. - - - - - - - - - - - - - - - - - - - - - - - - - AT&T Network Security ---------------------------------------------------------------------------- Notify AT&T Corporate Security immediately of any incident or apparent attempt to compromise the security of Company network and/or computer systems at 1-800-822-9009. Employees outside the U.S. should call 908-580-8282. ---------------------------------------------------------------------------- **************************************************************************** AT&T Security 1-800-822-9009 (U.S.) 908-580-8282 (Outside the U.S.) E-mail security@attmail.com ****************************************************************************