‘Dumpster diving’ is no longer just for homeless people looking for food or those looking for furniture to repurpose. Cyber-criminals are gaining valuable information to manipulate people and organizations through the social engineering technique of ‘Dumpster Diving’.
Cyber-criminals are interested in discarded files, accounting information, emails, software packaging and other documentation that will help them exploit an organization and/or its personnel. It is important for police and security officers to recognize the difference between “trash-pickers” and cyber-criminals.
Newly installed software systems can offer the cyber-criminal easy access into the corporate data system simply by obtaining software packaging that has been improperly discarded in the dumpster. Many software programs contain “backdoors.” Backdoors are written into the code by programmers who do not want to go through the security checks on the front side of the program every time they need to edit or append the program. Once the program is finished, the programmers and quality assurance personnel fail to delete the backdoor code prior to releasing the program for sale.
Cyber-criminals obtain almost every new program and search through the code to find and document these backdoors. Once they are found, code to gain remote access via the backdoor is written and the solution is posted on the dark web. The cyber-criminals now race to exploit the software program to gain access into the corporate network before the software company can write and distribute updates which close the backdoor. (All of this can be minimized if the corporate personnel simply shredded the packaging.)
The next blog in the series will introduce another aspect of ‘Dumpster Diving’ – where police and/or security officers use their position to extort from the very people they are paid to protect!
Receive all of our blogs when you join us on Facebook and Twitter!