The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Information Gathering

Select a topic from the index below

Dumpster Diving

Dumpster diving is looking for treasure in someone else’s trash. The nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more. Of course all of this information can be used to leverage an attack against a victim.  

Dumpster Divers

Dumpster divers are a diverse set of people, from those unfortunate people who are homeless and have to search for food or clothing in a dumpster, to people looking to steal information or other items, to those who practice this as part of their security services. Either way it does not always have to have a negative connotation. Not all dumpster divers are looking for personally identifiable information. With that in mind, though, people will often discard many valuable things. This article we found on about.com regarding identity theft, explains some of the dangers of people sifting through company trash.

Legality

One thing to keep in mind, for the USA at least, things that are discarded in the trash are not considered illegal to take. Yet there is a large caveat to this, if a dumpster is on private property and not on the street corner then it may be considered trespassing to go on their property and enter their dumpster. Here is a small collection of legal cases that where won by companies who caught people sifting and taking their trash.

Why does dumpster diving work?

The main reason for dumpster diving is for the acquisition of information. As with most forms of social engineering, “Working smarter, not harder”is a good slogan. Doing hours of work brute-forcing a password or account number that was discarded on an un-shredded sticky post-in note seems silly when you can just obtain it from a trash bag.

Information Diving

The more common form of dumpster diving, as it pertains to crackers/hackers is Information Diving. This practice is commonly associated with hackers and identity thieves. Benjamin Pell is a famous British dumpster diver who has made a living of selling off his “prizes”.

Crime and Clues

Dumpsters: Beware of the Treasures. The website Crime and Clues has a nice article we archived here. This article helps us to see how commonly very valuable information is simply discarded because many people do not think someone would dig through their trash to locate the information.

“No Tech Hacking”

One of the best resources we could find on dumpster diving for the field of security is Johnny Long’s book “No Tech Hacking”. This books is literally chocked full of amazing information regarding Social Engineering. On page 2 starts an Introduction to Dumpster Diving. There are pictures of information that can be obtained from the trash without ever having to even crawl inside a dumpster.

Tiger Team

To see how valuable this information is, there was a TV Series called Tiger Team. A team of social engineers in one episode showed how they used a bag of trash to find valuable details about their target. Once they located the name of the tech support team they where able to send in a team member to act as a support employee and was given full access to their servers.
Original source: YouTube.