What is dumpster diving?

Dumpster diving is trying to find treasure in someone else"s trash. In the civilization of indevelopment innovation (IT), dumpster diving is a method provided to retrieve information that might be provided to carry out an strike or gain accessibility to a computer network-related from disposed items.

You are watching: What is the name of the policy outlining procedures to combat dumpster diving?

Dumpster diving isn"t restricted to browsing via the trash for apparent prizes, such as access codes or passwords written dvery own on sticky notes. Seemingly innocent information, such as a phone list, calendar or business chart, have the right to be provided to help an attacker using social engineering methods to get accessibility to the netjob-related.

To proccasion dumpster divers from learning anything useful from trash, professionals recommend that businesses develop a disposal plan wbelow all paper -- including printouts -- is shredded in a cross-reduced shredder prior to being recycled, all storage media is erased and all staff is educated about the risk of untracked trash.

Disposed computer hardware deserve to be a gold mine for attackers. Indevelopment have the right to be respanned from storage media, consisting of drives that have actually been imcorrectly formatted or erased. This contains stored passwords and also trusted certificates. Even without the storage media, the devices might encompass Trusted Platcreate Module (TPM) data or various other hardware IDs that are trusted by an organization. An attacker may likewise have the ability to use the hardware to recognize the devices manufacturer to craft potential exploits.

Medical and also personnel records may have legal consequences if not properly disposed of. Documents that contain personally identifiable information (PII) need to be damaged, or the organization might be exposed to breaches and potential fines. For instance, in 2010, a medical billing office in Massachusetts was fined $140,000, and in 2014, a medical provider in Kansas City, M.O., was fined $400,000.


Dumpster diving and also social design attacks

Social engineering is making use of human interactivity to trick an additional person right into offering access or perdeveloping an activity for the attacker. A major goal of social design is to establish trust between the attacker and also the target. Dumpster diving is a way for attackers to obtain information that they use to develop trust. While attackers will certainly additionally take any type of computer tools they uncover, frequently, the primary emphasis of a dumpster diving strike is to obtain information about an organization. Even innocuous documents can be provided by an attacker.

A list of names -- such as a brochure or phone list -- deserve to be provided in many type of means by an attacker. Employees" names deserve to be supplied to guess their computer username, to assault their personal web accounts or for identity theft. A name list deserve to also be provided as component of a general phishing project versus an organization or a spear phishing attack against an executive.

Telephone numbers have the right to be provided with caller ID spoofing to coerce an employee to reveal other indevelopment in a voice phishing (vishing) strike. An attacker can use this to speak to an employee via a story prefer, "Hi, this is John in audit. The head of finance, Bill, requirements some numbers by tonight. I asked Debbie, and also she sassist to talk to you. Can you aid me?"

Social design attacks usage indevelopment gathered from dumpster diving. If attackers uncover a receipt for a vfinishing machine restocking business, they might pretfinish to be employees of the business via a name badge on the very same day and time as an supposed delivery to obtain access to locations that are not open to the public. Attackers can use this access to perform a shoulder surfing attack or install a keylogger to gain accessibility to the network-related.

How to proccasion a dumpster diving attack

Although it might seem favor most work-related to appropriately care for trash, procedures have the right to be put in location to assist prevent a dumpster diving assault. These need to be documented and clearly explained to employees.

Have a recorded tools decommissioning process. Encertain all identifiable indevelopment is rerelocated from computer system equipment prior to it is disposed of or sold. This contains secucount erasing information from tough drives and also clearing TPM data. Remove any type of trust determinants in organizational databases, such as doprimary trust relationships, media access manage (MAC) address authentication or expiring trust certificates. Use the proper secure storage media deletion process. This might encompass secucount erasing disk drives, shredding compact discs (CDs) and also degaussing magnetic storage. Make shredding convenient. Provide easy accessibility to shredders beside recycling bins, or usage secure shred bins next to every trash deserve to. For employees who work from residence, administer residence paper shredders. Educate employees.

See more: Como Borrar Un Dui De Mi Record ? Supresión De Antecedentes ¿Cómo Puedo Borrar Un Dui De Mi Record

Provide information on appropriate disposal and typical social design methods. Do not permit employees to take printouts residence, and do not provide old computer devices to employees. Secure trash. Use locked trash and also recycling bins, or store refuse in a secure location until it is ready to be picked up. Use trusted devices recyclers.
Related TermscyberstalkingCyberstalking is a crime in which someone harasses or stalks a victim making use of electronic or digital indicates, such as social media, ... SeecompletedefinitioncyberterrorismAccording to the UNITED STATE Federal Bureau of Investigation, cyberterrorism is any type of "premeditated, politically urged attack against ... Seecompletedefinitionransomware as a service (RaaS)Ransomware as a organization (RaaS) is the providing of pay-for-use malware. It is created for extortion over stolen or encrypted information,... Seecompletedefinition