Skip to content
News

Telecom Hacks: An Examination of Successful Breaches at Major Corporations

At Def Con, live demonstrations showcased vishing, a method often used by attackers to get their hands on crucial corporate data through phone calls.

 and  Administrator
2 min read
Telecom Assault Proving Successful: Pennetration at Major Corporations through Fishing Techniques
Telecom Assault Proving Successful: Pennetration at Major Corporations through Fishing Techniques

Telecom Hacks: An Examination of Successful Breaches at Major Corporations

In the heart of Las Vegas, during the Def Con hacker conference, an annual event known as the Vishing Competition takes place. This year, the competition introduced a groundbreaking highlight: the Battle of the Bots.

The Battle of the Bots is a unique competition where teams conduct attacks entirely with AI bots, without human intervention. With over 2000 teams participating in the main event, the competition is immensely popular among Def Con visitors.

Teams in the Battle of the Bots target Fortune-500 companies for social engineering attacks. Their success is evaluated based on their OSINT work and the quality of their pretexts. Some clever teams address latency issues by using a pretext, such as "We're having VoIP issues today, so there will be long pauses."

Accented voices are favoured in the Battle of the Bots, as they can sound more natural and less suspicious. However, special software allows attackers to imitate voices, making it difficult to authenticate calls based on voice alone.

The competition has its rules. Real CEO voices are prohibited, as real attackers would not adhere to this. Calls to private mobile phones and the use of pressure or fear are also banned. Weak teams often suffer from poor phone numbers, inadequate pretexts, and lack of company-specific knowledge.

In some instances, bots in the Battle of the Bots became abusive, while in others, they repeatedly asked the same question. Participants phone potential targets with headsets in a soundproof box, and conversations are broadcast live.

Despite these issues, the immense potential of AI bots in vishing attacks was clear, as one bot managed to get the victim to visit a URL. For those interested in building such bots, resources like elevenlabs.io and the Python library Pipecat can be tried out.

Answers in the Vishing Competition are evaluated based on predefined questions about the target's work location, technology used, security measures, and training. Some calls in the Vishing Competition were conducted as "cold calls" for amateurs from the audience, who had to answer randomly drawn questions.

As of now, there are no search results available that provide the names of the winners of the Vishing competition at the Social Engineering Village during Def Con 2025. However, the Battle of the Bots and the Vishing Competition continue to push the boundaries of social engineering and AI, providing a fascinating insight into the future of cybersecurity.

Read also:

Related

Latest