Why Dumpster Diving poses a Threat of Identity Theft
written by: Mark Muller•edited by: Bill Bunter•updated: 8/8/2011
Dumpster Diving - Imagine what an attacker knows about you if he searches your waste systematically over a period of time. Now combine that information with what can be found out about you on the Internet … Here’s what you should know about Dumpster Diving.
slide 1 of 1
The amount of information we put about ourselves on MySpace etc really makes me worry, and as I don’t think that the social sites trend will stop any time soon I am going to remind Bright Hub’s readers to be at the least careful with their paper waste.
Have you ever heard of Kevin Mitnick or perhaps read his famous (e)book The Art of Deception? Kevin Mitnick used to be a hacker and social engineering artist before he was caught and sent to jail. A couple of years ago he then published his famous book which is a must-read for any IT Security Pro because Kevin Mitnick clearly demonstrates how social engineering and dumpster diving occur in the preparation phase of an attack involving computers (More about Kevin Mitnick can be found here).
Searching dust bins for leads for an attack is coined dumpster diving. Dumpster diving usually precedes the social engineering phase of an attack when people are being tricked into divulging confidential information. Imagine an attacker searched your waste for account statements, credit card invoices or other sensitive information. If such information is combined with all the information you have put on social networking sites the odds of a successful identity theft attack or similar crime increase significantly.
Dumpster diving can be used in conjunction with any attack. Yet as identity theft has a largely vanished from the radar the timing would be ideal now for attackers which are after your identity, your money, or both, including your reputation. If you think nobody would ever want to search your waste bin for sensitive documents you could be dead wrong. According to Kevin Mitnick dumpster diving is a bounty and provides scam artists very good chances of stealing large sums of money and/ or the identity of a victim if used in conjunction with other attack techniques such as social engineering for example.
As a best practice I recommend using a shredder before disposing your sensitive papers and documents. Alternatively, you may burn them in your chimney or garden. Some people think IT security specialists are paranoid. Of course, it’s their job!