Google Dorking: It’s All Fun & Games Until The Hackers Show Up

For anyone not in the know, Google Dorking is the practice of using advanced search techniques – more specifically, specialized search parameters – to locate hard-to-find web pages and information.

As innocent as it sounds, Google Dorking has a dark side – so dark, federal authorities are warning website owners of its dangerous nature. According to a report on Ars Technica, the Department of Homeland Security issued an alert to law enforcement and public safety agencies that Google Dorking could jeopardize their business.

From the warning:

[blockquote]Malicious cyber actors are using advanced search techniques, referred to as “Google dorking” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in cyber attacks…By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, email lists, sensitive documents, bank account details, and website vulnerabilities.[/blockquote]

The warning offered two examples – one from 2013 and one dating back to 2011 – of hackers using Google Dorking to locate vulnerable website files and proprietary information. It also recommended website owners take advantage of The Diggity Project, a free online tool that lets users automate Google Dork queries to identify online vulnerabilities.

While it may have a new name, Google Dorking has been around as long as the Internet. Search Engine Land’s founding editor Chris Sherman wrote about such practices in his 2001 book The Invisible Web: Uncovering Information Sources Search Engines Can’t See.

As long as businesses store information online, there will be hackers ready and waiting to steal it; when it comes to Google Dorking, the trick is making sure you outsmart the Dork.