 |
Book cover of “Google Hacking” by author Jonny Long. |
The authors of attack software are increasingly creating new tools to exploit the massive search engine for target identification. This is the latest trend in the hacker world known as “Google hacking.”
“Google hacking” does not mean breaking into the servers of this service provider; instead, online criminals use the search system to gather information from the web. This technique has even been compiled into a book.
According to George Kutz, Vice President of Risk Management at McAfee, the virus named Santy emerged in late 2004, exploiting a vulnerability that had been disclosed in several versions of phpBB, allowing hackers to deface websites. This virus identified targets through an automated search command on Google. The search engine subsequently managed to stop the spread of Santy by blocking all search commands that appeared on the servers running the aforementioned application. However, Google’s system could only detect the exploitation if the query commands were significantly different from other search commands.
Hackers have been utilizing search engines to assist in website breaches ever since search services became available on the Internet. George Kutz from McAfee stated that with just a few simple query commands, one could obtain usernames and sensitive personal information. Some Internet users even place log files for error scanning on their websites, and reports of these activities serve as invitations for online criminals to exploit the documented vulnerabilities.
