+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Something called 'Google Dorking' helps hackers find out stuff no one wants them to know

Apr 2, 2016, 00:05 IST

APGoogle CEO Larry Page

Earlier this week, the US blamed Iranian hackers for a series of attacks in 2012 and 2013 on several targets, including a New York City dam.

Advertisement

The attack on the dam gave the hacker info about water levels and the dam's sluice gate, which could have allowed the attacker to open the gate and flood part of the city, the US Department of Justice said.

But the hacker was foiled because the sluice gate happened to be offline for maintenance during the hack.

How did the accused person get access to this dam? He Googled it, according to the Wall Street Journal.

It's a technique called "Google Dorking" which involves using Google's advanced search techniques to dig up information on the internet that doesn't easily pop up during a normal search.

Advertisement

In 2014, the Feds even issued a warning to U.S. businesses to be on the lookout for Google Dorking activity as a sign of hackers.

Despite the funny name, "Google Dorking" isn't an April's Fool joke. It's a real thing.

For instance, Google offers a feature called "site," that lets you search a single website for a keyword or photos. (Here's a tutorial on how to use that.) Google also has special search commands called "filetype" and "datarange."

The kind of Google Dorking the feds are worried about, and that hackers use in their attacks, goes further. It's when malicious hackers use these advanced techniques looking for stuff that companies didn't mean to put online.

In the case of the New York dam, the hacker used Google from the other side of the world to find US infrastructure sites that had vulnerable hardware systems attached to the internet, reports the Wall Street Journal.

Advertisement

Of course, Google Dorking is just as often used for good as for evil. Good guy hackers, called "white hats," use these same advanced techniques to test security systems and see if and how they can be breached by the bad guys.

The Infosec Institute, an organization that trains people to be computer security pros, shows how using Google can easily turn up things like username and passwords, sensitive documents, even bank account details.

There are entire projects dedicated to that effort, too, like The Diggity Project and the Google Hacking Database. These projects keep lists of pre-made dorking queries that companies can run on their own websites to see what turns up.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article