This Blog is dedicated to Anything High Tech : Military gear, Supercomputing, Robotics, Gaming (PC & Console), Home Theater, Apple gear, MacIntosh, PCs, Movies, Networks, Car audio, Self-defense Weapons, and Automobiles.
A memo dated July 7, issued by the FBI and the National
Counterterrorism Center, warns law enforcement and private security
agencies about the practice of Google Dorking (or Google Hacking if you
prefer) and what can be done about it.
Data integration is often underestimated and poorly implemented, taking time and resources. Yet it Learn More
The memo is rather plain, but the content comes off as
something that makes one wonder why such a warning is needed in the
first place. That is, until you start searching for documents in the
government domain space. Then, it all makes perfect sense.
The
FBI's warning tells agencies that actors will use Google Hacking to
"locate information that organizations may not have intended to be
discoverable by the public or to find website vulnerabilities for use in
subsequent cyber attacks."
It goes on to reference various flags
that can be used on Google to find information, including the file type,
site, URL, and in text operators. Google makes a complete list of valid
operators available online.
As an example, the memo highlights an incident in 2011, where attackers used Google Hacking to discover Social Security Numbers on a Yale University FTP server. Another incident singled out in the memo focused on the 35,000 websites that were compromised after attackers used Google to locate vulnerable vBulletin installations.
A
quick search on Google shows that the memo makes a valid point, as many
of the websites indexed in the government space offer a variety of
documents available for public consumption.
However, from an
attacker's perspective, the internal forms and documents - as well as
the contact details on some of them - offer a way to fake legitimacy
during a targeted attack. Many of the documents have an internal
context, something that can be leveraged by attackers in order to get
someone to open an attachment, follow a link, or share information.
Moreover, the documents themselves contain metadata.
Putting those documents into a tool like FOCA (Fingerprinting Organizations with Collected Archives),
reveals additional details such as author names, email addresses,
network naming conventions (including network shares), system paths
(useful for mapping a network or system), software titles and version
numbers, IP addresses, and operating system data.
The search below
offers an example of what the memo is talking about, but it will need
to be tuned in order to discover some of the sensitive documents. In
addition, readily available lists of search terms for website
vulnerabilities can be found all over the Web, such as the list found here.
The memo recommends that website operators use
robots.txt to prevent directories with sensitive information from being
indexed, and encouraged the use of Google Hacking to discover files
already in the public domain. From there, they can be removed from
Google by following the search giant's guidelines.
A full copy of the memo is available from Public Intelligence.
Posts
