A lot of people think that Hacking or Cracking is the only way to get digital data that is sensitive, but in reality there are many other methods. Social engineering, Dumpster diving, etc. are many other ways to get information the public was never meant to see.
Social engineering is simply making a phone call, knowing the right points of contacts and making sure you know what information you want. Kevin Mitnick was the famous hacker who used this method to gain usernames and passwords from people. http://en.wikipedia.org/wiki/Kevin_Mitnick
An example is as follows, a local IT member gets a call for a password reset from a person who is posing to work with the corporation. Now, because the company is so large, this IT person does not know everyone and cannot recognize their voice. Let's say this hacker starts a casual conversation with the IT person and starts talking about politics or the game that happened the night before. They could, also, say they need access to their account, immediately, for an important meeting. Once the IT person resets their password and lets them know it, then you have successfully gained access to an account you weren't supposed to have access to. Let's say they just reset it and never gave you the password, but you know through research that when they reset passwords it usually consists of some facets of their email address and something else you already know, which makes it easy to gain access to their password and account.
Many companies simply throw out information such as Health information or Military information in the trash. They don't shred this information or do anything to destroy this sensitive information. Some may even just dump it out back after they empty the office's trash cans. This leaves the data open and vulnerable to prying eyes walking around on the street. One can simply, jump in the dumpster and start searching for this data and presto, you have sensitive information in hand.
So there you have it, some simple ideas and alternatives that you can use to find out sensitive information.
Please remember that performing ANY of these tasks could force you to face legal action from the company you are attempting to gain physical access to the dumpster or calling to find out information. So please do not perform these actions, unless you have permission. I am not responsible for any legal repercussions you may face for your actions.
No comments:
Post a Comment