Social Engineering - Christopher Hadnagy [26]
Sometimes companies shred documents they deem as too important to just throw out, but they use an inefficient shredder that leaves paper too easy to put back together, as shown in Figure 2-5.
Figure 2-5: Large one-way shreds leave some words still readable.
This image shows a few documents after shredding, but some whole words are still discernable. This type of shredding can be thwarted with a little time and patience and some tape, as seen in Figure 2-6. Documents that can be even partially taped back together can reveal some very devastating information.
Figure 2-6: Putting documents back together only takes time and patience.
However, using a shredder that shreds both directions into a fine minced mess makes taping documents back together nearly impossible, as shown in Figure 2-7.
Figure 2-7: You can hardly tell this was once money.
Many companies use commercial services that take their shredded documents away for incineration. Some companies even leave the shredding to a third party, which, as you probably guessed, leaves them open to another attack vector. A social engineer who finds out the name of their vendor for this can easily mimic the pickup person and be handed all their documents. Nevertheless, dumpster diving can offer a quick way to find all the information you want. Remember some key pointers when performing a dumpster dive:
Wear good shoes or boots: Nothing will ruin your day faster than jumping in a dumpster and having a nail go through your foot. Make sure your shoes tie on nice and tight as well as offer protection from sharp objects.
Wear dark clothing: This doesn’t need much explanation. You probably want to wear clothes you don’t mind having to get rid of, and dark clothes to avoid being detected.
Bring a flashlight
Grab and run: Unless you are in such a secluded area that you have no chance of being caught, grabbing some bags and going elsewhere to rummage through them might be best.
Dumpster diving almost always leads to some very useful information. Sometimes a social engineer doesn’t even have to dive into a dumpster to find the goods. Already mentioned in Chapter 1 is the article found at www.social-engineer.org/resources/book/TopSecretStolen.htm, but it solidifies this thought. The Canadian CTU (Counter-Terrorism Unit) had plans for a new building that outlined its security cameras, fences, and other top-secret items. These blueprints were just thrown away—yes, just tossed in the trash, not even shredded, and fortunately found by a friendly person.
This story is just one of many that show “the height of stupidity,” as the article stated, but from a social engineer’s point of view, trash diving is one of the best information gathering tools out there.
Using Profiling Software
Chapter 7 discusses the tools that make up some of the professional toolsets of social engineers, but this section offers a quick overview.
Password profilers such as Common User Passwords Profiler (CUPP) and Who’s Your Daddy (WYD) can help a social engineer profile the potential passwords a company or person may use.
How to use these tools is discussed in Chapter 7, but a tool like WYD will scrape a person or company’s website and create a password list from the words mentioned on that site. It is not uncommon for people to use words, names, or dates as passwords. These types of software make it easy to create lists to try.
Amazing tools such as Maltego (see Chapter 7 for more details), made by Paterva, are an information gatherer’s dream. Maltego allows a social engineer to perform many web-based and passive information gathering searches without having to use any utilities but Maltego itself.
Then it will store and graph this data on the screen to be used in reporting, exporting or other purposes. This can really help in developing a profile on a company.
Remember, your goal as you collect data is to learn about the target company and the people