 |
Cover of the book “Google Hacking” by author Jonny Long. |
The creators of attack software are increasingly developing new tools to exploit the massive search system for targeting purposes. This is the latest trend in the hacker world, known as the technique of Google hacking.
Google hacking does not mean penetrating the servers of this service provider; instead, online criminals use the search system to gather information on the internet. This technique has even been documented in book form.
According to George Kutz, Vice President of Risk Management at McAfee, the virus named Santy, which emerged in late 2004, exploited a vulnerability that had been disclosed in several versions of phpBB, allowing hackers to deface websites. This virus identified targets through an automated search command on Google. The search company later managed to stop the spread of Santy by blocking all search commands appearing on servers running the aforementioned application. However, Google’s system could only detect the exploitation if the query commands were significantly different from other search commands.
Hackers have been using search engines to assist in website intrusions since the inception of search services on the Internet. George Kutz from McAfee stated that with just a few simple query commands, one could obtain usernames and sensitive personal information. Some internet users even upload log files for error scanning to their websites, and the reports from this activity serve as an invitation for online criminals to exploit the recorded vulnerabilities.
