Dumpster Diving Tactics and Examples

How do you recognise the potential for a dumpster diving attack? If potential attackers have ready access to discarded information, whether it be in the form of paper records, electronic information, or hardware or storage media that would contain valuable information, you’re at risk. There are several uses attackers could make of information obtained through dumpster diving. They could use any network or security information directly in a hacking attack. For example, if someone wrote down their new password in their organiser and then discarded it at the end of the year, attackers could use that to directly hack the network.

They could also use any personal information obtained to conduct many of the types of attacks we’ve already discussed, phishing, spear-phishing, whaling, smishing, or vishing. To avoid a dumpster diving attack, it’s critical to never underestimate the importance of physical security, even for your trash. Make sure to destroy any CDs or DVDs containing anyone’s personal data. When you decommission a computer, be sure to delete all the data. You should make sure you have a firewall in place so attackers can’t access any of your data, including discarded data. You should permanently destroy or use a cross-cut shredder to shred all paper documents.

I just cleaned out our personal files, and since we have a wood stove for heat, we threw all the documents containing personal information into the fire. Nobody’s going to get access to that. Make sure you have a policy for safe disposal and your waste bins are secured in some way. In conclusion, you’ve learned what dumpster diving is, what objectives attackers are aiming for in dumpster diving, and who is at risk for attacks. We discussed clues indicating a dumpster diving attack, as well as what you can do to protect yourself from an attack. In the next video, we will discuss tailgating, a social engineering attack that gives bad actors physical access to your facility. I’ll see you there.