Subliminal Hacking
The Art and Science of Social Engineering



Categories

June 30, 2010

A Rubbish Post.. Dumpster Diving

So I am sat here thinking what to write about this week, and I kept going over things, but for one reason or another my mind is elsewhere. I kept thinking, no, that will be a rubbish post. Then it hit me…. dumpster diving 🙂

DumpsterDiving

If your not sure what dumpster diving is, then its just what it says really. Your digging around in the rubbish / trash looking for that nugget of information that can help you in your information gathering stage.

So what are you going to find in the rubbish, not alot surely? Wrong. Individuals and Companies put alot of seemingly unimportant information in the bin. This rubbish can help us in many ways. We can find thrown out junk mail, that would be targeted around what an individual does, this can help build a profile. We may also find pre-approved credit card applications and alike, these of course can be used for identity theft. This is nothing new, and criminals have been doing it for years, and even though people shred alot of their bank statements and alike, this supposed junk is often overlooked.

Organisation you may think do a better job. They have confidential waste bins, that get sent of site to be shredded, to stop someone getting access to what the company considers juicy information. This is often the case, but in a few instances I have found this confidential waste bins sat unlocked near loading bays awaiting collection, perhaps a case of out of sight out of mind.

Then we have the general waste. Now this has become some what easier in recent years as companies have become more environmentally aware, because we now often see multiple bins for paper, waste, and recycling etc.This is obviously helpful to us, so we can hopefully ignore the bag of apple cores, moldy sandwiches and other untold horrors, but dont forget that humans make mistakes, so there is still sometimes gold to be found among the banana skins.

So what are we looking for when we are doing our stig of the dump impression. All sorts of valuable pretties can be found. We can find internal memos that will give us contact names, phone numbers and internal gossip. We can find business cards, and correspondence from the companies 3rd parties, this helps us to identify viable 3rd parties to impersonate. You can often come across various sensitive reports, network diagrams, IP lists, customer details, alarm codes, passwords. All the things you think would be shredded, can turn up when dumpster diving. In addition, organisation charts, company phone directories, policy and governance information, print offs of peoples calendars, letter headed documents, CDs, DVDs and even old hardware. It really can be an Aladdin’s cave.

Things to remember when you go dumpster diving, dress appropriately, wear gloves, and take a bin bag to dump stuff in. Be aware that you may be trespassing as part of this exercise, so you may come across a disgruntled security guard, or his pooch.

Dumpster diving is often a dirty, filthy, smelly job, but the rewards can often be significant. Another approach is to simply take refuse bags and go through them at a more remote location.

One mans rubbish, is another mans treasure 🙂

Be Sociable, Share!



    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.




    0 Comments


    Be the first to comment!


    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.