Kevin spoke for around an hour about standard social engineering and then had some "live" interactive events. He shared information on how he stole the Microtek source code from Motorola and how he himself had been socially engineered prior to the release of his latest book The Art of Intrusion. During these events, he would call up audience members to participate in different activities.
The most interesting portion of his speech was about a phishing / IVR dupe. We all know about phishing and what it entails, however, now there are hackers who are recreating IVR systems and then phishing for marks to call in. This new attack recreates an IVR (intelligent voice response) system for purposes of data collection, such as banking logins and passwords. Kevin had used a service called IPKall to bind a POTS number to an IP. The IP was bound to a *nix based IVR software. The interesting thing is Kevin also took the steps to copy the real IVR responses (and tree logic) from a real bank. With the system recreated, one could then "spear phish" customers in the area of bank X. All password entries would give an error message, noting an incorrect password. Kevin displayed this real time as his IVR scooped up his own self-generated traffic.
Also, his business cards are metal and break up into a lock pick set.
For those that may complain, I understand he is a criminal, however, it behooves us all to understand how these guys think. They truly have no limits to their thinking and as a result are very creative. At times, in the professional world, we allow ourselves to become too systematic in our thinking.