By the time it's over, we've stolen stuff, and gotten access to log-ins and passwords because we've been recording that information with the key logging devices, whether it be online sites or local accounts on their system. Weve been on their wireless network and have been able to hack into that as well.
When we've done everything we need to do, the last thing we will do is a dumpster dive. Its miserable, but it's crazy how lucrative it is. We show up with rubber gloves and start ripping bags open. It's amazing how much confidential information ends up in the trash. [Also see A real dumpster dive: Bank tosses personal data, checks, laptops.]
When we show up after the engagement to present what we found, there is often a total look of shock on the employees' faces. But it's a learning experience we hope they will all learn from. It's stuff they never thought would happen. If you talked to them a week earlier, they never thought they'd fall for some of the stuff we pulled. But now they see it can happen, and it can happen to them.
Sign up for CIO Asia eNewsletters.