Something called 'Google Dorking' helps hackers find out stuff no one wants them to know
AP
The attack on the dam gave the hacker info about water levels and the dam's sluice gate, which could have allowed the attacker to open the gate and flood part of the city, the US Department of Justice said.
But the hacker was foiled because the sluice gate happened to be offline for maintenance during the hack.
How did the accused person get access to this dam? He Googled it, according to the Wall Street Journal.
It's a technique called "Google Dorking" which involves using Google's advanced search techniques to dig up information on the internet that doesn't easily pop up during a normal search.
In 2014, the Feds even issued a warning to U.S. businesses to be on the lookout for Google Dorking activity as a sign of hackers.
Despite the funny name, "Google Dorking" isn't an April's Fool joke. It's a real thing.
For instance, Google offers a feature called "site," that lets you search a single website for a keyword or photos. (Here's a tutorial on how to use that.) Google also has special search commands called "filetype" and "datarange."
The kind of Google Dorking the feds are worried about, and that hackers use in their attacks, goes further. It's when malicious hackers use these advanced techniques looking for stuff that companies didn't mean to put online.
In the case of the New York dam, the hacker used Google from the other side of the world to find US infrastructure sites that had vulnerable hardware systems attached to the internet, reports the Wall Street Journal.
Of course, Google Dorking is just as often used for good as for evil. Good guy hackers, called "white hats," use these same advanced techniques to test security systems and see if and how they can be breached by the bad guys.
The Infosec Institute, an organization that trains people to be computer security pros, shows how using Google can easily turn up things like username and passwords, sensitive documents, even bank account details.
There are entire projects dedicated to that effort, too, like The Diggity Project and the Google Hacking Database. These projects keep lists of pre-made dorking queries that companies can run on their own websites to see what turns up.
- Global stocks rally even as Sensex, Nifty fall sharply on Friday
- In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
- SBI Life Q4 profit rises 4% to ₹811 crore
- IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
- COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market