OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] dumpster diving

From: Henry Brown (hbrownknology.net)
Date: Thu Mar 19 2009 - 16:51:00 CDT


Surely NOT much detail but ...

From: http://tinyurl.com/dafg4w
or

http://www.csoonline.com/article/484847/A_Real_Dumpster_Dive_Bank_Tosses_Personal_Data_Checks_Laptops

A Real Dumpster Dive: Bank Tosses Personal Data, Checks, Laptops
By Joan Goodchild, Senior Editor

March 18, 2009 --- CSO ---

Data protection is not just an IT security issue. But security industry
analyst Steve Hunt, who heads up Hunt Business Intelligence, believes
too many people in IT security still have that false perception.

"There are so many physical security aspects to data protection it ought
to never be considered merely an IT security issue," Hunt said.

Instead, noted Hunt, sensitive data is sitting on USB drives, in the
garbage, in the discarded fax pile and plenty of other places, waiting
to be found by criminals. (For lots of additional examples of how
sensitive information is lost or taken, see 9 Dirty Tricks: Social
Engineers' Favorite Pickup Lines.

Good old-fashioned dumpster diving. It might sound like a 90s tactic,
but Hunt thought it would still work as a way to garner sensitive
information.With that in mind, Hunt headed to the trash bin at what he
describes as "a big bank in a big city." He was in and out of the
dumpster in three minutes, according to his estimate. In that short
amount of time he came up with the following items

...

Wire transfer information
Hunt obtained the wire transfer information of many transactions. The
documents he found included transfer information for transactions
between US banks and banks in Jordan, Saudi Arabia, Dubai and Portugal.
The documents included the account numbers and social security numbers
of both the sender and the receiver, and their names.

 Bank account transaction history
The dive also turned up the bank account numbers, balances and banking
activity for the fundraising account of "a certain prominent politician
in the area," according to Hunt.

Personal financial statement
Hunt found the personal financial statement of an individual he
described as "very wealthy." The documents list the person's name, home
address, real estate owned and values of the properties, several of the
individual's bank account numbers, social security number and date of
birth.

An entire, intact PC
Hunt's experiment even yielded a whole laptop with a tag on the back
that says "Property of [another financial institution]"

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss