Become a Patron!
True Information is the most valuable resource and we ask you to give back.
A bulletin issued by the Department of Homeland Security, the FBI and the National Counterterrorism Center earlier this month warns law enforcement and private security personnel that malicious cyber actors can use “advanced search techniques” to discover sensitive information and other vulnerabilities in websites. The bulletin, titled “Malicious Cyber Actors Use Advanced Search Techniques,” describes a set of techniques collectively referred to as “Google dorking” or “Google hacking” that use “advanced operators” to refine search queries to provide more specific results. Lists of these operators are provided by Google and include the following examples:
|allintext: / intext:||Restricts results to those containing all the query terms you specify in the text of the page|
|allintitle: / intitle:||Restricts results to those containing all the query terms you specify in the title|
|allinurl: / inurl:||Restricts results to those containing all the query terms you specify in the URL|
|filetype:suffix||Limits results to pages whose names end in suffix|
|site:||Using the site: operator restricts your search results to the site or domain you specify|
|Minus sign ( – ) to exclude||Placing a minus sign immediately before a word indicates that you do not want pages that contain this word to appear in your results|
|Phrase search (using double quotes, “…” )||By putting double quotes around a set of words, you are telling Google to consider the exact words in that exact order without any change|
Here is an example of a query constructed from these operators:
The bulletin warns that malicious cyber actors can use these techniques to “locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks.” Hackers searching for “specific file types and keywords . . . can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities.” Moreover, “freely available online tools can run automated scans using multiple dork queries” to discover vulnerabilities. In fact, the bulletin recommends that security professionals use these tools “such as the Google Hacking Database, found at http://www.exploit-db.com/google-dorks, to run pre-made dork queries to find discoverable proprietary information and website vulnerabilities.”
Several security breaches related to the use of “advanced search techniques” are also referenced in the bulletin. One incident in August 2011 resulted in the compromise of the personally identifiable information of approximately 43,000 faculty, staff, students and alumni of Yale University. The information was located in a spreadsheet placed on a publicly accessible File Transfer Protocol (FTP) server and was listed in Google search results for more than ten months prior to being discovered. Another incident in October 2013 involved attackers using Google dorking to discover websites running vulnerable versions of vBulletin message board software prior to running automated tools that created administrator accounts on the compromised sites. As many as 35,000 websites were believed to have been compromised in the incident.