Last updated on August 18, 2023
Trash can be of two forms: physical trash and digital trash. ‘Dumpster diving’ in its simplest meaning is the act of looking through others’ trash to find information that might be useful.
The ultimate objective of this is to carry out an attack or gain access to a computer system / network. Dumpster diving goes beyond normal physical attacks. It’s a technology which gather information to attack networks or generate cyber-attacks. At times where hackers have the latest devices and methodologies for cyber-attacks, someone might think that Dumpster diving is kind of silly. However, this is a very notorious method used to gather information.
What data can Dumpster divers obtain?
- Email addresses or home addresses
- Passwords, PIN numbers
- Bank statements
- Digital signatures
- Driver’s license, copies of other identity cards
- Policy manuals, employees’ phone numbers, medical records, former employees’ biometric information
- Mobile phone numbers
- Financial statement information such as ledger accounts, balance sheets, audit reports
How to prevent Dumpster diving in Cybersecurity?
- Make sure to delete all sensitive data after use even from your system’s recycle bin.
- Make sure your computer system and any external storage unit like a hard drive, disk, pendrive are password protected.
- Use a strong password that’s hard to guess. Do not use the same password for all accounts.
- Enable a screen locker that goes off automatically when you are not using the system.
- Don’t keep your laptop in unsecured places where anyone can see it or steal it.
- Don’t open / click suspicious or unknown attachments / links.
- Draft an information security policy for disposing of old equipment and data in a safe manner, so that it cannot be accessed in the future by any third party.
- Guarantee employees understand what they’re supposed to do with sensitive data (like passwords) when they leave the company or move on to another role within the company.
- Make sure that your credentials are not stored in plain text in any place other than a trusted password manager.
- It’s better to disable all unnecessary services and protocols on your servers, especially if you don’t use them anymore or don’t need them anymore.
In summary, any information old or new belonging to you / your organization should be destroyed in such a way that no one can see / recover them. If not, hackers can install keyloggers or other malicious software (malware) using the relevant information to plan cyber-attacks against you / your organization.
Finally, it can be said that even though Dumpster diving stinks, it can still return useful results for information seekers like private investigators, burglars, and the police.
Sources:
https://easydmarc.com/blog/what-is-dumpster-diving-in-cybersecurity/
https://www.techtarget.com/searchsecurity/definition/dumpster-diving