CAPEC-406: Dumpster Diving
An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for information items which may be useful to the dumpster diver. The devastating nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more, including hardware devices. By collecting this information an adversary may be able to learn important facts about the person or organization that play a role in helping the adversary in their attack.
Last updated
Overview
CAPEC-406 (Dumpster Diving) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- An adversary must have physical access to the dumpster or downstream processing facility.
Consequences
What a successful CAPEC-406 attack can achieve.
Other
Affects: Confidentiality
Documents and materials improperly disposed of can lead to information disclosure if an adversary comes across it.