The FBI warns the recipients of the memo on the possible use of Google Dorking to “locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks.”
The Bureau is concerned about the possibility that information gathered with Google Dorking could be used to gather sensitive information to use in cyber attacks, a common practice in the hacking and the intelligence community.
“Malicious cyber actors are using advanced search techniques, referred to as ‘Google dorking,’ to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks,” “By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities.” states the memo.
The FBI isn’t the unique agency interested to Google Dorking, in May 2013 it was revealed the existence of the book written by Robyn Winder and Charlie Speight for the NSA, titled Untangling the Web: A Guide to Internet Research, which also includes a specific session on the Google Hacking. NSA reserved an entire chapter to instruct its agents on how to conduct complex research thanks to queries composed with advanced operators.
The memo highlights an incident occurred in 2011 when a group of hackers discovered Social Security numbers of 43,000 people affiliated with Yale University using to Google Dorking.
Another similar incident mentioned in the memo occurred in October 2013, when nearly 35,000 websites compromised by hackers that used Google Dorking to locate vulnerable vBulletin installations.
The memo explains how it is possible to retrieve content and documents indexed in the government space, data that an attacker could use for various kinds of attacks like spear phishing.
Using the following query is possible to discover Government documents containing confidential data
filetype:"xls | xlsx | doc | docx | ppt | pptx | pdf" site:gov "FOUO" | "NOFORN" | "Confidential"
there FOUO states for “For Official Use Only” and NOFORN states means “Not for release to foreign nationals“.
The memo also provides the following suggestions to prevent Google Dorking used to search sensitive information:
» (U//FOUO) Minimize putting sensitive information on the web. If you must put sensitive information on the web, ensure it is
password protected and encrypted.
» (U//FOUO) Use tools such as the Google Hacking Database, found at http://www.exploit-db.com/google-dorks, to run pre-made
dork queries to find discoverable proprietary information and website vulnerabilities.
» (U//FOUO) Ensure sensitive websites are not indexed in search engines. GoogleUSPER provides webmaster tools to remove entire
sites, individual URLs, cached copies, and directories from Google’s index. These can be found at:
» (U//FOUO) Use the robots.txt file to prevent search engines from indexing individual sites, and place it in the top-level directory of
the web server.
» (U//FOUO) Test your website using a web vulnerability scanner.
(Security Affairs – Google Dorking, FBI)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.