In the domain of information technology, dumpster diving is a method used to reclaim information that could be used to perform an attack on a computer network.
Dumpster diving isn’t limited to looking through the trash for clear treasures like access codes or passwords written down on tacky notes.
What is Dumpster Diving Attack?
In other words, Dumpster diving is a fascinating attack that produces a vast amount of information on an association, firm, persons, or entity. You can learn more about an individual or company from the trash they throw away.
It’s also very surprising how much personal and private information is thrown out for those to find.
Usually, most dumpsters & trash receptacles do not come with locks, this would make it almost unbearable for regular trash collection services to dispose of it correctly; however, and other solutions are available to lock your trash.
For one, you must never throw whatever that information has contained on or within it without considering how it can be used alongside you.
If you throw out bill statements & other paperwork that have private information, you must consider burning it, shredding it, or some other way of destroying the information it has.
Dumpster diving is one instance of no-tech hacking. People throw out a good amount of highly sensitive information & the authorities are extremely suspicious and will investigate when somebody reports seeing an individual lurking around a business dumpster.
What Data Can Dumpster Drivers Get?
You would be shocked at the amount of information about you, your life, or your company in your trash. Think about the last time you threw your credit card report. Did you shred it? How about the medical test result from your earlier visit to the doctor?
The data that dumpster drivers can get from looking through your trash are given below:
- Contact information of family members, friends, clients, & business associates
- Access codes & passwords written on an acquitted notepad
- Credit card & bank account details
- Secret Blueprints copy of designs
- Drafts of business plans
- Calendars & to-do lists for earlier days
- CDs, DVDs, & other convenient storage devices
More can be included in the list, but you now get the point. Some of the above information can be used to get access to your home or work network. Notepads that have passwords & access codes are the most valuable.
But, most of us have learned to discard these items without a thought for safety.
A list of customers would be beneficial for a competitor. But, some of the data, such as calendars and phone numbers, might seem harmless.
Remember that they could be used in social engineering or masquerade attacks where threat actors imitate you or some of your contacts.
Dumpster Diving Attack Examples
It is not fair to talk about dumpster diving without talking about “Jerry Schneider”. In 1968, when Jerry was in high school, Jerry was behind a wholesale telephone equipment business.
A dumpster gave rise to the idea, especially, the “trash of the Pacific telephone” which contained many documents, manuals, and invoices related to the ordering & delivery system.
Larry Ellison’s most noteworthy case was found in the year 2000 when he hired private detectives to search through the Microsoft dumpsters for some beneficial information.
In this regard, an attempt was made to get a superior understanding of upcoming developments in order to retain its claims.
In 2001, Industrial Espionage was recognized as associated with the shampoo market between the competitors Proctor & Gamble & Unilever.
The agents of Proctor and Gamble went through recycle bins outside the Unilever Corporations.
They prospered in gathering very important information about market analysis, its predictions & its upcoming products. But, the two corporations made the out-of-the-court settlement.
What Does a Hacker Look For?
Security in the technological globe cannot be restricted to internal controls, outputs, inputs, personnel, and top management policies.
It is vital to make sure the proper destruction of the information which is of no significance to the corporation.
You must always note that information that is of no relevance to the business can be used unlawfully by unauthorized bodies. It can generate trouble for the organization & increase its authorized complications.
Here are the things hackers look for:-
- Personal Email and Residential address
- Mobile Numbers and other information
- Passwords, Pin & other social security numbers that our staffs write on sticky notes
- Bank statements/financial statements
- Some Medical records that can be helpful
- Any sensitive data
- Some login information
- Business secrets
- Advertising secrets
- Information on the worker base
- Information about the software/tools/technologies that are being used at the corporation
How To Protect Yourself Against Dumpster Diving?
To guard yourself or your corporation from dumpster diving ensure all printed paper is at the very least shredded. Companies with very sensitive printed material might even desire to black out the information or even burn all IDs.
With adequate time & resources, it can be potential to piece together shredded paper using scanned images & software.
All computers, storage devices, & workplace equipment should also be destroyed. If you desire to donate, resell, or give away equipment, purge all data from the devices.
Ensure that some hard drives are erased so data cannot be recovered. Any device, disk, or storing information should be correctly destroyed or erased to stop sensitive information from being stolen.
Best Practices To Stop Dumpster Diving in Cybersecurity?
Apply a Trash Management Plan
Implement a plan to efficiently manage your garbage & recycle bins as part of your Data Loss Prevention strategy. Garbage can be in two forms: Digital and physical.
Determine how to discard old or useless documents, notes, books, & hardware. The plan must also detail what information to keep & discard.
For example, if a client or employee is no longer with your business, it’s significant to correctly delete their data. In the case of physical trash, you can scrap or burn paperwork.
Practice Storage Media Deletion
Practice regular and steady storage media deletion. Get rid of DVDs & CDs or some other drives containing private identifiable information such as videos, photos, or some other sensitive information.
If you have PCs, laptops, or other hardware to abandon, dispose of them correctly & wipe all files and programs to stop future damages.
Enforce a Data Retention Policy
Enforce a data holding policy that governs & monitors how long information should be kept and disposed of when it’s no longer relevant. Moreover, make sure the policy encompasses the purpose of treating information.
Employees must always know how to handle, store, & discard business data in all its forms. . Furthermore, a certificate of destruction for sensitive data is also important.
Use a Shredder
Place protected shredder bins next to all trash cans within your work location. Don’t just tear & dump your paperwork in bins as attackers can effortlessly join them together and save information to plan a cyber-attack.
The shredder totally destroys documents with important information.
Carry out regular educational programs to teach employees about real information disposal and other attack stoppage strategies. Describe what your data retention policy entails & how they should abide by it.
Employees must never take printouts, photocopies, old computers, or some other company information house for disposal.
Keep Trash in a Safe Location before Disposal
It might sound simple, but it’s extremely significant to keep your trash in a secure location before disposal. You can utilize locked recycling bins or trash cans.
You can also build a fence around the dumpster to evade any intrusion. While this can’t promise 100% security, it does make a barrier to stopping perpetrators from accessing and retrieving information.
Use Trusted Recycling Companies
If you desire to employ a recycling company to help manage your waste disposal, make sure it’s a trusted company. Perpetrators can disguise themselves as recycling companies to get access to your information.
Conduct suitable research on the corporation before entrusting them with your waste.
Strict processes & their implementation will evade the leakage of sensitive information. Companies must try to use cross-cut shredders or bins to clean the hard drives & floppy disks attractively.
Ultimately, it is essential to create awareness by educating the staff to eliminate dumpster diving.
Audit trails of trash must be adopted, and private investigators can be hired to experience their proficiency in getting the information from the trash.