What is a Dumpster Diving Attack? Definition & Examples

Last updated on April 18, 2022

Dumpster diving – it’s not hard to guess what it is. It is a type of activity that involves diving into the trash of a business or individual with the aim of discovering any kind of valuable information or discarded data that can be used against it.

Human weakness is at the root of dumpster diving, an inability to secure one’s property. A dumpster diver can yield many valuable items, including hard drives, diskettes, business directories, and so forth.

People have their own ways of explaining this term, with some saying that it refers to uncovering treasure hidden among others’ trash.

What is dumpster diving in social engineering?

Within the realm of information technology, among many social engineering attacks – dumpster diving refers to retrieving information from discarded items in order to perpetrate a cyber-attack by gaining control of the computer network with the help of discarded items.

You may wonder how something like this is possible or what to do with the discarded items. Don’t worry – we are here to help you out with that.

Below you will find some dumpster diving examples as well as a few techniques to prevent dumpster diving attacks.

Dumpster diving goes beyond finding treasures in the trash, such as sticky notes written with access codes and passwords plus other paper documents.

An attacker using these techniques can use seemingly harmless data from such information, for instance, a list of phone numbers, bank statements, a calendar, or an easily understood organizational chart could provide assistance to the attacker attempting to hack the system.

Dumpster diving attack examples

It is impossible to talk about dumpster diving without mentioning “Jerry Schneider”. In 1968, while still in high school, Jerry was the one behind a wholesale telephone equipment company. A Dumpster gave rise to the idea, in particular, “Pacific Telephone’s Trash” which included documents, manuals, and invoices related to the ordering and delivery systems.

Larry Ellison’s most notable case was found in 2000 when he hired private investigators to search through the Microsoft dumpsters for any useful information. In this regard, an attempt was made to get a better understanding of future developments in order to sustain its claims.

How to prevent dumpster diving attacks?

Despite the hassle of properly disposing of trash, firms can implement measures to help prevent dumpster diving incidents. Employees should be informed of these measures and they should be documented.

Employee education is crucial – explain proper disposal procedures as well as common social engineering techniques. Printouts must not be taken home by employees, nor should old computers be given to them.
Before selling or disposing of any equipment belonging to your company, make sure all identifiable information is removed.
Ensure that the trash is securely disposed of. Put trash and recycling bins in locked containers, and secure the refuse until the day of pickup.
The cross-cut shredders should be placed near recycling bins, or there should be secure shred containers by the trash bin. You can also provide home shredders to staff members who work remotely.
Data retention policies must be in place, and sensitive data should be destroyed with certificates of destruction.

Dumpster Diving: Experts’ Advice

As a precaution against dumpster divers finding valuables among the trash, experts suggest that businesses set up a disposal policy that ensures paper waste, such as printed materials, are properly shredded prior to disposal, all storage devices are wiped.

It is vital for all employees of an organization to have minimum security knowledge about the fact that untracked trash is hazardous.

Think Twice Prior To Disposing Items

Attackers can profit handsomely from the discarded computer hardware. It is possible to recover data from storage devices after they have been misformatted or wiped.

In case you are wondering what else can be recovered, then you should know that passwords and certificates can also be retrieved.

On the other hand, improper disposal of medical records or personnel information can result in legal liabilities.

It is imperative to destroy all files containing personal or sensitive information; otherwise, businesses may face breaches and fines.

Tom August 8, 2024

If been dumpster diving for years and have no interest or use for private information. I must say there are not many divers whose goal in life is to steal your identity or make a living from bits of paper in a dumpster. Most are simply looking for recyclable items that can be easily carried and dismantled and later sold as scrap. Others look for food because they are hungry.
Personally I do it after work and on my days off to some how earn extra money to try and get ahead.
For example: I was lucky enough to find a 40 foot dumpster stacked from top to bottom with brand new cases of trash bags. There were red and blue ones and has a bio hazard symbol printed on them. I filled my truck as full as i could get it. I have had to purchase a trash can liner for 2 years. Do you realize how much money I saved? Trash bags are expensive.

Right now its 2024 and many company’s have gone out of business. Seemingly with out a care in the world some will throw away everything. I found a hose company that tossed out an entire inventory of brand new brass fittings, brooms, gloves, fire hoses, office chairs, a shredder, about a mile of network wire et.

All these things can either be resold on ebay or sent to the recycling yard. Either way I came out ahead. It wasn’t easy throwing all that stuff out loading it onto the truck and finding a place to put it at home. Then the real work began.

I can tell many story’s like this one. An small electric supply company went under. They guy threw out hundred of new light switches, Rolls-of copper wire, breaker boxes, etc.

The point I am trying to make is its unnecessary to to live a life of a criminal when so many company’s throw away perfectly good items. A resourceful person can turn that into money.

I do agree that people are can be careless and lazy. If seen stacks of tax returns, new credit cards, ATM machine manuals and all sorts of things that should have been destroyed.
That is carelessness and they only one to blame is the one who threw it out.

Society needs people like us who are not afraid to make money from crap other people don’t want. When I see the shear volume of waste I begin to see how these company’s were on the brink of destruction to begin with.

Don’t let paranoia rule your life. Use your head and simply don’t throw away what you don’t want others to see. Don’t get offended when some one else can figure out a way to make money from stuff you think is trash.

2 Comments

Tom August 8, 2024
If been dumpster diving for years and have no interest or use for private information. I must say there are not many divers whose goal in life is to steal your identity or make a living from bits of paper in a dumpster. Most are simply looking for recyclable items that can be easily carried and dismantled and later sold as scrap. Others look for food because they are hungry.
Personally I do it after work and on my days off to some how earn extra money to try and get ahead.
For example: I was lucky enough to find a 40 foot dumpster stacked from top to bottom with brand new cases of trash bags. There were red and blue ones and has a bio hazard symbol printed on them. I filled my truck as full as i could get it. I have had to purchase a trash can liner for 2 years. Do you realize how much money I saved? Trash bags are expensive.
Right now its 2024 and many company’s have gone out of business. Seemingly with out a care in the world some will throw away everything. I found a hose company that tossed out an entire inventory of brand new brass fittings, brooms, gloves, fire hoses, office chairs, a shredder, about a mile of network wire et.
All these things can either be resold on ebay or sent to the recycling yard. Either way I came out ahead. It wasn’t easy throwing all that stuff out loading it onto the truck and finding a place to put it at home. Then the real work began.
I can tell many story’s like this one. An small electric supply company went under. They guy threw out hundred of new light switches, Rolls-of copper wire, breaker boxes, etc.
The point I am trying to make is its unnecessary to to live a life of a criminal when so many company’s throw away perfectly good items. A resourceful person can turn that into money.
I do agree that people are can be careless and lazy. If seen stacks of tax returns, new credit cards, ATM machine manuals and all sorts of things that should have been destroyed.
That is carelessness and they only one to blame is the one who threw it out.
Society needs people like us who are not afraid to make money from crap other people don’t want. When I see the shear volume of waste I begin to see how these company’s were on the brink of destruction to begin with.
Don’t let paranoia rule your life. Use your head and simply don’t throw away what you don’t want others to see. Don’t get offended when some one else can figure out a way to make money from stuff you think is trash.
Derek Hobbs January 23, 2023
Just wondering if this is still relevant today with companies moving to secure paper shredding services and electronic equipment disposal programs. Is this still an ongoing issue heading into 2023?

Dumpster Diving Attack