Google Dorking: It’s All Fun & Games Until The Hackers Show Up

For anyone not in the know, Google Dorking is the practice of using advanced search techniques – more specifically, specialized search parameters – to locate hard-to-find web pages and information. As innocent as it sounds, Google Dorking has a dark side – so dark, federal authorities are warning website owners of its dangerous nature. According […]

Chat with SearchBot

warning-alert-caution-ss-1920

For anyone not in the know, Google Dorking is the practice of using advanced search techniques – more specifically, specialized search parameters – to locate hard-to-find web pages and information.

As innocent as it sounds, Google Dorking has a dark side – so dark, federal authorities are warning website owners of its dangerous nature. According to a report on Ars Technica, the Department of Homeland Security issued an alert to law enforcement and public safety agencies that Google Dorking could jeopardize their business.

From the warning:

[blockquote]Malicious cyber actors are using advanced search techniques, referred to as “Google dorking” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in cyber attacks…By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, email lists, sensitive documents, bank account details, and website vulnerabilities.[/blockquote]

The warning offered two examples – one from 2013 and one dating back to 2011 – of hackers using Google Dorking to locate vulnerable website files and proprietary information. It also recommended website owners take advantage of The Diggity Project, a free online tool that lets users automate Google Dork queries to identify online vulnerabilities.

While it may have a new name, Google Dorking has been around as long as the Internet. Search Engine Land’s founding editor Chris Sherman wrote about such practices in his 2001 book The Invisible Web: Uncovering Information Sources Search Engines Can’t See.

As long as businesses store information online, there will be hackers ready and waiting to steal it; when it comes to Google Dorking, the trick is making sure you outsmart the Dork.


Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.


About the author

Amy Gesenhues
Contributor
Amy Gesenhues was a senior editor for Third Door Media, covering the latest news and updates for Search Engine Land, MarTech and MarTech Today. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs, SoftwareCEO, and Sales and Marketing Management Magazine. Read more of Amy's articles.

Get the must-read newsletter for search marketers.