‘Dumpster Diving’ is looking through someone else’s trash to retrieve valuable information. In information technology, dumpster diving refers to collecting data that seems innocuous to its original owner, but if leveraged by a hacker, it could be used to infiltrate computer systems and networks. Hackers can glean a lot of information by simply going through an individual’s or organization’s trash. The information that cybercriminals are after is not limited to login credentials and sensitive data but could include contact lists, schedules or operational graphs that can be employed to gain unauthorized access to a network through social engineering techniques.
Breaking into security systems using dumpster diving continues to be used by hackers as it is simple and successful. A lot of information can be collected using this method – discarded documents, login details, printouts with IP addresses, hardware like CDs, DVDs, old drives and other media with information that normally requires network access. A great deal can be learned through seemingly innocent trash. For example, a printout of an email could include contact information like addresses, phone numbers and other personal data that could be used to lure users to compromised websites through well-crafted social engineering strategies.
There are several countermeasures against this attack. To prevent individuals from rummaging through trash, dumpsters should be locked and placed in secure locations before they are disposed of. Dumpster diving can be stopped by destroying all data before disposal and restricting access to garbage containers. Educating employees about potential threats that trash can pose is imperative to their data security. AttackSolutions has designed training materials to help users understand how hackers leverage data that is ostensibly redundant or useless to compromise system security. We provide online as well as on-site training programs tailored to a customer’s requirement.
If you have questions or comments, please use this form to reach us, and you will receive a response within one business day. Your can also call us directly at any of our global offices.