Cybersecurity and dumpster diving are two of the hottest topics these days. Many people won’t know that these are interconnected as well. However, these are not connected well, as dumpster diving and social engineering refer to cybersecurity threats.
Thus, it involves all bad activities, including stealing sensitive data and confidential information from the trash. Through this private data, hackers can steal personal information, which can even result in a data breach on an individual or bigger level.
What is dumpster diving?
Dumpster diving means searching into the dumpsters to find stuff that might be valuable to you. You can look for all sorts of stuff for personal usage and selling to others. People usually get into dumpster diving because it can help them make a little more money or find useful things for personal consumption.
However, everyone does not have the same goals for dumpster diving. Some focus more on dumpster diving social engineering, where they only look for important details of others in their trash.
Social engineering means communicating with humans and tricking them into providing certain information or action that will help the attacker access their personal information and account details. It starts with the goal of building trust between the two entities.
For instance, in a digital social engineering attack known as a phishing attack, a link is sent to the target audience with the same interface, and the link looks the same. It builds trust in the receiver that he is providing his credentials to the legit website.
However, as soon as they enter their details, the attacker gets access due to that trust. Dumpster diving’s relation with social engineering can be defined as a physical pathway that attackers use to get information from the trash.
Hackers are always looking for information that they can use against the system. That can be any part of the data, for example:
- Contact records
- Employee name list
- Phone numbers
- Caller identity, etc.
Today, every office prints thousands of documents, most of which are waste. Only a few use proper disposal methods like hiding the information or using a paper shredder to make it impossible to retrieve any information from that paper.
However, most documents are thrown in the trash in perfect condition. So, whenever a hacker is looking for confidential information, he may only need to go through the organization’s dumpster to find those papers from which he may gain access. Gaining access to that data is only a little part of the process.
It is because once hackers get the data they need, they start messing up with the computer systems at that organization using that data. With several password-cracking techniques, a hacker may gain access to an employee’s account at that organization. Once they access the digital system, they can reveal confidential information about that organization.
The side effects of getting your data leaked
As soon as your organization’s data is leaked, the hacker may start blackmailing you with those details for money. Even worse, they may set up those confidential details on the dark web for selling. It is something that your competitors may be deeply interested in. Thus, leaving important details in the trash can create a disaster for your organization.
Dumpster diving attack examples
Whenever we discuss dumpster diving in the context of social engineering, there are some huge examples of attacks that cannot be ignored. Here are the top 3 attack examples that cannot be left unnoted:
- Jerry Schneider, in 1968 gained access to the trash of Pacific Telephone company, from which he found several important documents, including manuals and invoices. All of this happened while he was in high school.
- Matt Malone was once hired for breaking into a company’s digital system, and his first move was going through their trash to find sensitive information.
- Larry Ellison hired private investigators to go through Microsoft’s dumpsters in 2000. This attack helped him understand future moves at Microsoft.
How to prevent a dumpster diving attack
Whether on an individual or organizational level, you must know the right steps to follow to prevent dumpster diving attacks. Not a lot is needed to be done, as you only need to follow some preventive measures to improve your security. Here are the most important steps that must be followed:
1. Educate everyone about disposal procedures
The most basic thing to do is teach everyone about the importance of personal details’ importance. Organizations must teach their employees, while individuals must educate their family members to use the right garbage disposal methods. Anything with confidential information must not be taken out of place unnecessarily and thrown away after destroying it.
2. Use gadgets to your benefit
There are gadgets you can use to dispose of paper waste with confidential information. There is information destroying markers as well. You can take it to the next step with the help of a paper shredder. With thousands of tiny pieces of paper mixed, it will become impossible to steal any information.
3. Organizations must safeguard their digital platforms
All digital platforms must be safeguarded with modern security techniques. One of the best things to do is enable multifactor or two-factor authentication. So, even if a hacker gets half of the key to the system, the other half stays inaccessible.
4. Lock trash cans present outdoors
Lastly, you may throw out your trash in outdoor bins, but keeping them locked before the garbage pickup truck arrives means that no diver can access any of your trash, so there will be nothing you need to worry about.
Dumpster Diving: Expert’s Advice
Experts suggest that everyone must take responsibility for their safety regarding dumpster diving social engineering. It is because, by law, whenever trash is moved to a public place, it becomes public property, and anyone can access it without any issues.
So, individuals or organizations must not put their confidential information in the trash. Turning a document into a paper ball does not destroy any information. The least experts suggest is to take shredders to destroy any physical waste.
At the same time, the digital storage medium must be wiped off by professionals before disposing of it or selling it.
How you feel about dumpster diving with this shirt?
While dumpster diving has this bad aspect of its relationship with social engineering attacks, if confidential information is kept away from trash, this problem can be solved. Thus, we can look more into the positive aspects of dumpster diving.
Dumpster diving is good for the planet as it reduces waste, and if you feel good about it, you must wear this “I FEEL ALIVE WHEN I DUMPSTER DIVE” shirt. This shirt keeps you in style while spreading a positive message during your dumpster diving trips.
How can you stay safe as a dumpster diver?
Some individuals and companies are becoming super active about their privacy. So, they treat their trash better than before. There is nothing wrong with dumpster diving as long as the law allows it. However, you must stay current with the local rules and regulations.
It is because some states allow dumpster diving as a whole, but local rules prohibit it. Apart from abiding by the law, you must be careful about the following:
- Dumpsters present in private properties
- Trespasser prohibiting signs
To take your safety to the next level, you must ask for permission before visiting any private property for dumpster diving. Additionally, taking a friend along will help keep you safe from other dumpster divers.
How can IT professionals benefit from dumpster diving
Dumpster diving social engineering is mainly known because of its bad aspects. However, finding such confidential information in the trash helps IT professionals improve their cybersecurity techniques.
For instance, professionals can find out personal information and derive what type of data people don’t care about when throwing away in their trash.
It usually includes their ID, name, or contact details. With what they derive, they can make the digital platforms more secure so that any unauthorized individual (hacker) cannot access the platform and their account.
Hackers simply get partial information, and using their social engineering and password-cracking techniques; they gain access to several accounts and their details.
As IT professionals keep their cybersecurity practices up to date, the chances of such cybercrimes due to dumpster diving will decrease.
While many see dumpster divers as only collecting usable things from trash, some have evil aims.
Hackers are the most common ones who go through dumpsters to get specific information from papers, documents, package shipping details, and any other sources, so they succeed with their dumpster diving social engineering attempts.
So, to protect yourself, you must not throw anything in the trash without destroying your personal information.