Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

The Latest Hacker Mayhem Tool: Google Dorking

Hackers are constantly looking for vulnerabilities they can exploit to gain access to corporate networks, industrial control systems, financial data, and more. One of the best kept secrets in the hacker’s toolkit has become Google Dorking. It can be used to identify vulnerable systems and trace them to a specific place on the Internet.

Hackers are constantly looking for vulnerabilities they can exploit to gain access to corporate networks, industrial control systems, financial data, and more. One of the best kept secrets in the hacker’s toolkit has become Google Dorking. It can be used to identify vulnerable systems and trace them to a specific place on the Internet. This begs the questions: how does Google Dorking work, what risks are associated with it, and how can organizations minimize their exposure.

At last week’s Gartner Security and Risk Management Summit in National Harbor, MD, analysts Sid Deshpande and Ruggero Contu revealed that the global IT security spend will reach $92 billion in 2016 and is expected to grow to $116 billion by 2019. Despite these huge investments in perimeter defense, the industry is still struggling to get a leg up on cyber-attackers. The steady stream of data breaches at Hyatt, DNC, Twitter, SWIFT, and others continues to raise doubts about the effectiveness of these investments.

Obviously, most cyber-attackers don’t have the monetary resources to match the investments of enterprises and governments – nonetheless, they’re making very efficient use of the tools they have at hand. While commercial and public organizations often use the most advanced technologies available, hackers wreak havoc with an often minimalistic, but intelligence-driven approach.

In a cyber-attack that made headlines earlier this year, a suspected Iranian hacker used a simple technique called Google Dorking to access the computer system that controlled a water dam in New York. The technique is readily available and routinely used by hackers to identify vulnerabilities and sensitive information accessible on the Internet. Google Dorking, isn’t as simple as performing a traditional online search. It uses advanced operators in the Google search engine to locate specific information (e.g., version, file name) within search results. The basic syntax for using an advanced operator in Google is as follows:

Operator_name:keyword

Since its inception, the capabilities available in Google Dorking have been added to other search engines, such as Bing and Shodan. Meanwhile, anyone with a computer and Internet access can easily learn about advanced operators on Wikipedia or via other public sources. Even Federal authorities are paying attention to threats posed by Google Dorking. The Department of Homeland Security and the Federal Bureau of Investigation in 2014 issued a special security bulletin warning the commercial sector about the risks of Google Dorking.

So what can organizations do to minimize the risk of being hacked via Google Dorking? Here are three best practices:

Advertisement. Scroll to continue reading.

1. Avoid Putting Sensitive Information on the Internet – The underlying threat associated with Google Dorking is that search engines are constantly scanning the Internet, monitoring, and indexing every device, port, and unique IP address connected to the Web. While most of this indexed data is meant for public consumption, some is not and is unintentionally made “reachable” by search engine bots. As a result, a misconfigured Intranet, or other confidential information resource, can easily lead to unintended information leakage.

2. Exclude Sensitive Websites / Pages from Search Index – Make sure that websites / pages that contain sensitive information cannot be indexed by search engines. For example, GoogleUSPER provides tools to remove entire sites, individual URLs, cached copies, and directories from Google’s index. Another option is to use the robots.txt file to prevent search engines from indexing individual sites, and place it in the top-level directory of the web server.

3. Use Google Dorking for Web Vulnerability Testing –  Implement routine Web vulnerability testing as part of your standard security practices and turn Google Dorking into your own pro-active security tool using online repositories like the Google Hacking Database (GHDB), which documents the expanding number of search terms for files containing usernames, vulnerable servers, and even files containing passwords.

Google Dorking illustrates that it’s time to rethink day-to-day vulnerability assessment and risk management practices. Ultimately, what determines our ability to minimize cyber risk is not the tools we’re using, but rather how we use them. In other words, we need to find ways to automate time-consuming security operations tasks and use an intelligence-driven approach that allows to more easily assess whether vulnerabilities are actually exploitable and what risks they represent.

Related: Dam Hackers! The Rising Risks to ICS and SCADA Environments

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.