FBI issues warning about creative Google searches

Electron1

Electron1

Expert Member
Joined
Jan 29, 2009
Messages
4,229
Reaction score
199
Location
Joburg
http://www.csoonline.com/article/2597556/social-engineering/fbi-issues-warning-about-creative-google-searches.html
Google Hacking flagged as potential risk

CSO |Aug 25, 2014 12:06 PM
FOCA FBI Google hacking
A memo dated July 7, issued by the FBI and the National Counterterrorism Center, warns law enforcement and private security agencies about the practice of Google Dorking (or Google Hacking if you prefer) and what can be done about it.

The memo is rather plain, but the content comes off as something that makes one wonder why such a warning is needed in the first place. That is, until you start searching for documents in the government domain space. Then, it all makes perfect sense.

The FBI's warning tells agencies that actors will use Google Hacking to "locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks."

It goes on to reference various flags that can be used on Google to find information, including the file type, site, URL, and in text operators. Google makes a complete list of valid operators available online.

As an example, the memo highlights an incident in 2011, where attackers used Google Hacking to discover Social Security Numbers on a Yale University FTP server. Another incident singled out in the memo focused on the 35,000 websites that were compromised after attackers used Google to locate vulnerable vBulletin installations.

A quick search on Google shows that the memo makes a valid point, as many of the websites indexed in the government space offer a variety of documents available for public consumption.


However, from an attacker's perspective, the internal forms and documents - as well as the contact details on some of them - offer a way to fake legitimacy during a targeted attack. Many of the documents have an internal context, something that can be leveraged by attackers in order to get someone to open an attachment, follow a link, or share information.

Moreover, the documents themselves contain metadata.

Putting those documents into a tool like FOCA (Fingerprinting Organizations with Collected Archives), reveals additional details such as author names, email addresses, network naming conventions (including network shares), system paths (useful for mapping a network or system), software titles and version numbers, IP addresses, and operating system data.

The search below offers an example of what the memo is talking about, but it will need to be tuned in order to discover some of the sensitive documents. In addition, readily available lists of search terms for website vulnerabilities can be found all over the Web, such as the list found here.

filetype:"xls | xlsx | doc | docx | ppt | pptx | pdf" site:gov "FOUO" | "NOFORN" | "Confidential"

The memo recommends that website operators use robots.txt to prevent directories with sensitive information from being indexed, and encouraged the use of Google Hacking to discover files already in the public domain. From there, they can be removed from Google by following the search giant's guidelines.

A full copy of the memo is available from Public Intelligence.
Click to expand...
 
"Google Hacking"?!?!?1

Are they being serious... this has sweet FA to do with hacking, and everything to do with useless security processes by the government departments and other companies.
 
ToxicBunny said:
"Google Hacking"?!?!?1

Are they being serious... this has sweet FA to do with hacking, and everything to do with useless security processes by the government departments and other companies.
Click to expand...

Sounds like the City of Joburg defense
 
I have been playing around with the search strings since google started this is nothing new.
 
ToxicBunny said:
"Google Hacking"?!?!?1

Are they being serious... this has sweet FA to do with hacking, and everything to do with useless security processes by the government departments and other companies.
Click to expand...

about the practice of Google Dorking (or Google Hacking if you prefer)
Click to expand...

I prefer Google Dorking, thanks :D

It fails to amaze me how stupid some people can be. Leave their data exposed to the internet then cry "hacking" when it is found...
 
The FBI's warning tells agencies that actors will use Google Hacking to "locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks."
Click to expand...

Does the FBI know that RDJ is not actually Tony Stark? :D
 
Seriously? That's not "hacking", geniuses, it's called "searching". And if someone does a search with advanced parameters and happens to find a document that should not be publicly available, it is entirely the fault of whatever incompetent idiot left it unprotected online. I mean, just what kind of moron would leave sensitive documents on an unprotected publicly available ftp server? Heck, we don't even use password protected ftp servers any more - they're like flames to a moth.
 
garp said:
Seriously? That's not "hacking", geniuses, it's called "searching". And if someone does a search with advanced parameters and happens to find a document that should not be publicly available, it is entirely the fault of whatever incompetent idiot left it unprotected online. I mean, just what kind of moron would leave sensitive documents on an unprotected publicly available ftp server? Heck, we don't even use password protected ftp servers any more - they're like flames to a moth.
Click to expand...
this.
 
ToxicBunny said:
"Google Hacking"?!?!?1

Are they being serious... this has sweet FA to do with hacking, and everything to do with useless security processes by the government departments and other companies.
Click to expand...

That's what I was thinking - If google can index and find it, the document must be in public domain - so just bad security and control over the documents than anything else.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X