Photo by David Libeert on Unsplash
A short tale of trash worth $900K in cash
Diving deep into dumpster diving - hackers favourite way of gathering intelligence
No it was not clickbait, and no, someone didn't just find treasure in the trash, it's a story of Jerry Schneider who in 1970s admitted to have made over $900K by gathering intelligence and information diving dumpsters. But before we dive into that (pun intended) let's first learn what exactly dumpster diving is, and if it's still a threat in today's digital age.
Dumpster Diving
At its core, dumpster diving in cybersecurity is what it sounds like—people literally diving into dumpsters. But these aren’t your average trash treasure hunters; they are sophisticated attackers sifting through your waste to find valuable data you thought was safely thrown away.
Although dumpster diving might seem outdated in today's digital age, where personal details are often readily available online due to our own oversharing on social media, it remains a significant threat. For those of us who prioritise security, it's a method of attack that demands vigilance and preventative measures.
I'd even go so far to argue that it's even more affective in today's age as we are not just dumping documents and folders but also our old USB's, memory cards, old iPads and what not, imagine what an attacker could do with just a data recovery software.
Making a company, $900K and a living off dumpster diving
Let's go back to the story of Jerry Schneider the hero (or villain?) of our story. He was a normal high school going kid with an exceptional entrepreneurial spirit. Jerry was a prodigy, to put that in perspective, he setup all the telecommunications systems at his home by the age of 10, this 10 year old kid, later went on to start his own company while he was in high school to sell/repair his own inventions and telephone systems, but here's the catch, instead of following the traditional trade methods of first buying from a manufacturer/supplier and then selling for a small cut, he aimed for the stars.
Jerry started dumpster diving into Pacific Telephone Company to acquire the parts of telephones he was selling / repairing, and while scavenging through the dumpster he found something else, something much more valuable than, well, parts of telephones, Jerry found some old invoices and training manuals using which he was able to social engineer the Pacific Telephone Company to order electronic parts if and when he wanted them, without paying he made Pacific Telephone Company think the request was coming internally.
Jerry did this for over 5 years, and initially he claimed to have made $250K which he later corrected to $900K, finally he was arrested, and no, he was not arrested because someone caught him in the deed, funnily an employee of Jerry's wasn't happy with what they were getting paid, which was reported and later all the ill deeds of Jerry were caught.
Lessons from the Trash
Fast forward from Jerry’s shenanigans, and we see a chilling reminder of just how careless disposal can wreak havoc. The ease with which Jerry turned trash into cash underscores a broader issue: what you discard carelessly can easily become a treasure trove for those lurking in the shadows, waiting to turn your oversight into their payday.
Guarding Your Garbage
In the wake of tales like Jerry's, it's essential that every individual and organisation adopts robust disposal practices. This isn't just about shredding documents or wiping drives; it's about instilling a culture of security that treats every piece of discarded data as a potential liability. Secure disposal should be as habitual as locking the doors at night — it’s basic hygiene in the digital age.
Remember, in the world of cybersecurity, one man’s trash is a hacker's treasure.