Revealed – Feds Issue Bulletin on Google Dorking

Revealed – Feds Issue Bulletin on Google Dorking



An examples

A bulletin issued by the Department of Homeland Security, the FBI and the National Counterterrorism Center earlier this month warns law enforcement and private security personnel that malicious cyber actors can use “advanced search techniques” to discover sensitive information and other vulnerabilities in websites.  The bulletin, titled “Malicious Cyber Actors Use Advanced Search Techniques,” describes a set of techniques collectively referred to as “Google dorking” or “Google hacking” that use “advanced operators” to refine search queries to provide more specific results.  Lists of these operators are provided by Google and include the following examples:

allintext: / intext: Restricts results to those containing all the query terms you specify in the text of the page
allintitle: / intitle: Restricts results to those containing all the query terms you specify in the title
allinurl: / inurl: Restricts results to those containing all the query terms you specify in the URL
filetype:suffix Limits results to pages whose names end in suffix
site: Using the site: operator restricts your search results to the site or domain you specify
Minus sign  ( – ) to exclude Placing  a minus sign immediately before a word indicates that you do not want pages that contain this word to appear in your results
Phrase search (using double quotes, “…” ) By putting double quotes around a set of words, you are telling Google to consider the exact words in that exact order without any change

Here is an example of a query constructed from these operators:

“sensitive but unclassified” filetype:pdf

The bulletin warns that malicious cyber actors can use these techniques to “locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks.”  Hackers searching for “specific file types and keywords . . . can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities.”  Moreover, “freely available online tools can run automated scans using multiple dork queries” to discover vulnerabilities.  In fact, the bulletin recommends that security professionals use these tools “such as the Google Hacking Database, found at, to run pre-made dork queries to find discoverable proprietary information and website vulnerabilities.”

Several security breaches related to the use of “advanced search techniques” are also referenced in the bulletin.  One incident in August 2011 resulted in the compromise of the personally identifiable information of approximately 43,000 faculty, staff, students and alumni of Yale University.  The information was located in a spreadsheet placed on a publicly accessible File Transfer Protocol (FTP) server and was listed in Google search results for more than ten months prior to being discovered.  Another incident in October 2013 involved attackers using Google dorking to discover websites running vulnerable versions of vBulletin message board software prior to running automated tools that created administrator accounts on the compromised sites.  As many as 35,000 websites were believed to have been compromised in the incident.

Video – Russia’s ‘Stealth Invasion’ Of Ukraine The Opposite Of Stealthy – War

Video – Russia’s ‘Stealth Invasion’ Of Ukraine The Opposite Of Stealthy – War

“Tanks, artillery and infantry have crossed from Russia into an unbreached part of eastern Ukraine in recent days, attacking Ukrainian forces and causing panic and wholesale retreat not only in this small border town but also a wide section of territory, in what Ukrainian and Western military officials described on Wednesday as a stealth invasion.

The attacks outside this city and in an area to the north essentially have opened a new, third front in the war in eastern Ukraine between government forces and pro-Russian separatists, along with the fighting outside the cities of Donetsk and Luhansk.

Exhausted, filthy and dismayed, Ukrainian soldiers staggering out of Novoazovsk for safer territory said Tuesday they were cannon fodder for the forces coming from Russia. As they spoke, tank shells whistled in from the east and exploded nearby.”* The Young Turks hosts Ana Kasparian, Ben Mankiewicz (Turner Classic Movies), and Jasmyne Cannick (Political Commentator) break it down.

*Read more here from Andrew E. Kramer and Michael R. Gordon / NY Times:…