CAPEC-406: Dumpster Diving
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for information items which may be useful to the dumpster diver. The devastating nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more, including hardware devices. By collecting this information an adversary may be able to learn important facts about the person or organization that play a role in helping the adversary in their attack.
前提条件
- An adversary must have physical access to the dumpster or downstream processing facility.
后果影响
影响范围: Confidentiality
技术影响: Other
说明: Documents and materials improperly disposed of can lead to information disclosure if an adversary comes across it.