Looking for treasure in someone else’s garbage is known as Dumpster diving. Dumpster diving is a common practice in the world of information technology (IT). A hacker could use that to carry out an attack or get access to a computer network through discarded materials. This isn’t only about finding obvious treasures in the rubbish.
Such as access codes or passwords scribbled down on sticky notes. Might use innocuous data like a phone list, calendar, or organizational structure to spy on you. Using social engineering tactics to acquire access to the network can be assisted by this tool. Having a strategy in place to prevent dumpster divers from uncovering anything of value in a company’s trash is recommended by experts.
All papers , including printouts, before being recycled in a cross-cut shredder. It is well cleaned, and all personnel are made aware of the dangers of discarding garbage that has not been adequately recorded. Computer gear that is no longer needed might be a goldmine for hackers. Storage media, including discs that have been incorrectly formatted or wiped, can be recovered.
Included in this are passwords and trusted certificates that have been previously used. TPM (Trusted Platform Module) data or other hardware IDs that an organization trusts may still be present on the equipment even if the storage media is not present. An attacker can identify the manufacturer of the equipment by using the hardware.
Social engineering and Dumpster diving:
When someone says “social engineering,” they are referring to the practice of using human interaction to persuade someone else to do something for the advantage of the attacker or the attacker’s cause. In social engineering, establishing trust between the attacker and victim is a fundamental objective.
When an attacker needs to develop trust, they can go Dumpster diving. Hackers may also be able to take any computer equipment from you. A Dumpster diving attack’s principal goal is to gather information about a target organization. The ability to exploit even the most innocuous files and pieces of paper to promote their objectives gives attackers a distinct advantage over their adversaries.
A directory or phone book is an example of a name list. It can be used in numerous ways by an attacker. Identity theft and computer username guessing are both possible with the usage of an employee’s name. A general phishing campaign against an organization or a spear-phishing attack against a senior executive might both make use of a name list.
An employee can be tracked down and tricked into divulging extra information through caller ID spoofing in a voice phishing (vishing) attack. Information obtained through Dumpster diving is used in social engineering attacks . Attackers can use restocking service receipts to get access to a vending machine.
On the same day, they may wear a name tag and appear to be service employees. Getting into areas where the general public is not permitted will take some extra time. Attackers could use this access to execute a shoulder surfing attack or install a keylogger to access the network.
To avoid a trash diving attack, here are some tips:
A Dumpster diving attack may seem like a lot of labor, but processes may be put in place to prevent it.Should communicate policies and procedures to employees in writing so that they are fully understood.