Google Dorking: Feds Warn Against Malicious Cyber Actors

The Department of Homeland Security, the FBI, and the National Counterterrorism Center have issued a warning against the perils of "Google dorking," or the practice of utilizing a detailed set of search parameters to locate sensitive information or other website vulnerabilities. So reports Computerworld.

As a result, Public Intelligence, the research project that says it "[aggregates] the collective work of independent researchers around the globe who wish to defend the public's right to access information," has posted the release on its website.

Examples in the release include:

  • Site: Searches and lists all the results for that particular site.
  • Intext: Searches for the occurrences of keywords all at once or one at a time.
  • Inurl: Searches for a URL matching one of the keywords.

Public Intelligence provides this query example: "sensitive but unclassified" filetype:pdf site:publicintelligence.net.

Webmasters or consumers simply searching for specific information are not doing anything wrong. For example, readers who want to search for an exact topic on ClickZ.com can enter a query similar to the one below:

google-clickz-search

According to Public Information, the bulletin clearly outlines what types of information cyber hackers are looking for and how they are able to locate it:

By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple "operator:keyword" syntax, such as "filetype:xls intext:username," in the standard search box would retrieve Excel spreadsheets containing usernames.

A Short History of Google Dorking

In August 2011, cyber hackers were able to locate a sensitive File Transfer Protocol server at a university and obtain personal information for more than 40,000 faculty members, staff, students, and alumni.

And, in October 2013, hackers were able to compromise 35,000 websites by searching for vulnerable software identities and creating new administrator accounts for the websites.

The Diggity Project

There is both good and bad that can come from a tool like Search Diggity, which performs automated Google dork queries. It can be used by webmasters to protect sites, but can also be used by hackers to find ways to expose vulnerabilities.

According to Computerworld, Search Diggity is the "primary attack tool of the Google Hacking Diggity Project."

Tips for Protecting Sensitive Information

As frightening as this may sound, the Department of Homeland Security provides the following tips for protecting a website from cyber attacks:

  • Try to avoid publishing sensitive information online. If you must publish the information, make sure that it is password protected and encrypted.
  • Utilize tools to run pre-populated dork queries to see if you have freely available sensitive information on your website.
  • Do not index sensitive websites on Google.
  • Use robots.txt to prevent search engines from indexing your site.
  • Frequently test your website using a Web vulnerability scanner.