“Trashing” is the first stage of hacking
Date: June 30, 2003
By Vladimir Golubev
The Internet has become an integral part of human activity…
Today, the Internet allows learning the bank account condition, looking through a clinical history, finding out a route, buying something and even communicating with foreign partners by IP-telephony. Many companies would crash without organizing their business through the World Wide Web. Unfortunately, this “network of networks” is also accessible to deliberate criminals who can get privileged information from any other computer in an illegal way. Most of cyberattacks come through “social engineering” (SE), the manipulation of people to give out critical data about a computer/network system.
There are some SE methods of attack based on fooling both individual users and company employees. According to Crime-research.org, the most effective is “dumpster diving” when discarded floppies, hard disks, tape recordings or waste paper are searched to find valuable information.
“Trashing” is especially beneficial at the corporate espionage. In mid 2000, Oracle Corporation was reported to take some private experts into its service that had to look for important data in Microsoft trashes. It should be noted that Oracle great expenses were generously repaid.
Are there any ways of opposing SE? The most efficient protection is to warn the whole personnel ranged from system administrators to office-cleaners about the danger of giving out valuable data by phone to a strange person with a friendly voice. The employees should be informed about “social engineering” and trained to avoid any manipulations. For example, many organizations need not a system administrator, secretary or manager asking a common official to tell his/her password by phone. Therefore, nobody should divulge it.
Moreover, if somebody calls up to check the computer configuration or get other valuable data, a user should give out no information without identifying a person phoned. Since situations can be more difficult, employees should be trained not to disclose secrets to eloquent strangers.
If you set a high value on your information, you have to remember that a paper-cutting machine is the best protection against the trashing.
Computer Crime Research Center
^macro[showdigestcomments;^uri[];“Trashing” is the first stage of hacking]