From TheBestLinks.com
Dumpster diving is the practice of rummaging through trash to find items of use that have been discarded. It comes from the image of climbing into large trash bins (called "dumpsters" or "skips") usually kept outside in (more or less publicly accessible) parking lots so as to be available to periodic emptying by large dump trucks (ie, garbage trucks). 'Diving' is often done in order to acquire no cost items; an alternative term for this is trash picking. Many people hate to see useful things being discarded, and British television shows have even featured home renovations and decoration using dived materials. Changing Rooms is one such show, broadcast on BBC 1. Recovery of still useful items from discards is probably universal; James Fallows noted it in his book written about his time living in Japan.
As well, the academic specialty of garbology has used dumpster diving to examine the sociology and archeology of trash in modern life. There is a major outpost of academic garbology in Arizona, directed for some decades by William Rathje.
Security and computing
In the security business (including computer security), dumpster diving the term is used for searches through discarded material looking for otherwise unavailable information. Businesses and individuals frequently discard information including printouts with passwords, credit card numbers, business planning and so on; some of this can be recovered by determined divers.
Infamous example
A legendary (though true) incident of instruction manual recovery exploitation occurred in Southern Califonia in the 60s. Jerry Schneider, then a student, happened upon a trash bin containing a discarded manual for an internal (and extraordinarily poorly designed) Pacific Telephone automated equipment ordering/delivery system. With the information in the manual, he was able to set up a substantial (hundreds of thousands of US dollars in the 1970s) telephone equipment business. He 'ordered' delivery of Pac Tel equipment (eg, at midnight to a manhole near the La Brea Tar Pits), and was sufficiently successful that he ended up with a warehouse full of equipment, some of which was sold back to Pac Tel. He was turned in by a disgruntled employee. He was tried and convicted, but ended up starting a business as a security advisor after a $500 fine and 40 days of jail time.
Supposedly, dumpster diving was common in the 1980s due to lax security then; when businesses became aware of the need for increased security (in the early 1990s), sensitive documents were shredded before being placed in dumpsters. This may be insufficient security as a million dollar secret may be worth spending a few hundred thousand dollars of jigsaw puzzle time on putting together shredfetti retrieved from a dumpster. In any case, there is still considerable Internet activity on the subject of dumpster diving, so it is unlikely to have stopped with the widespread introduction of document shredding. Security mythology has it that curious (ie, hackers) or malicious (ie, crackers) commonly use this technique, but this may be an urban legend as social engineering is often easier.
Precautions
Organizations with high security concerns (eg, the NSA) do not use dumpsters for their discards; there are special procedures adapted for the individual characteristics of paper, computer hardware (especially disk drives and other storage media), other sensitive or top secret equipment, etc. For example, it is said that the procedure for disposal of hard disk drives consist of physical shredding (think tree chipper or rock crusher here), preceded or followed by chemical treatment (eg, solvent or acid processing, or even thermite-based destruction).
Those with concerns, but fewer resouces, can make do with sledge hammers, and crosscut paper shredders. Other kinds of specialty shredders exist for optical (CDs and DVDs) or harder (like plastic cards, etc) media. Removing even shredded discards to a distant location may even be sensible -- unless you are followed there. As a middle ground, there is a rapidly growing industry providing secure confidential material destruction to those who can afford it, but don't have the time to do it themselves.
Virtual use
In analytic discussions of security risks, the term is often used as a somewhat humorous metasyntactic variable standing in for any scheme used (or usable) by an attacker to turn information embedded in some physical item into a security vulnerabilty or actual leak. Thus, "If we allow printouts of that report, we're leaving ourselves open to a dumpster diving attack. Better disable printing from that screen to block it." In this instance, it is not only scruffy types climbing into trash bins at night that are meant, but any loss of the information from the envisioned printed version of that report.
Legal status
Dumpster diving is illegal in some parts of the United States, though in many places the relevant laws do not seem to be very vigorously enforced. Court cases in the US have held that there is no common law expectation of privacy for discarded materials. Police (and possible other) searches of dumpsters and like discards are not violations; evidence seized in this way has been permitted in many criminal trials. The doctrine is less well established in regard to civil litigation. Similarly in the UK; though diving is, in theory, theft, there is very little enforcement in practice. Private investigators have written books on 'PI technique' in which dumpster diving, or its moral equivalent 'wastebasket recovery', figure prominently.
Books
- Art and Science of Dumpster Diving by John Hoffman; ISBN 1559500883
- Travels with Lizbeth by Lars Eighner (contains a chapter on the topic); ISBN 0449909433
- Dumpster Diving: The Advanced Course by John Hoffman (brings dumpster diving into the computer era) Paladin Press 2002; ISBN 158160369X
- The Simple Life, Berkeley Press (contains a chapter by Hoffman on dumpster diving)
External links
Related links
Top visited
0 of
0 links
[no links posted yet]
>> place link >>
Discussion
Last posted
0 of
0 messages
[no messages posted yet]
>> post message >>
Watch
You can
add this article to your own "watchlist" and receive e-mail notification about all changes in this page.
