Pierluigi Paganini
May 10, 2013
Few days ago I published an interested article inspired by security expert Dancho Danchev and focused on the use of Google Dorks based tool for information gathering during a cyber attack.
Google is a mine of information that could be used for various purposes, hacking is one of them such as OSINT, a proper use of search engines could allow the collecting of surprising data and help the constructions of a study that is able to cross various sources to conduct complex researches.
It’s obvious that also governments, and in particular cyber spies have to update their arsenal to access to the ocean of information available on the internet, intelligence agents are at the forefront and must beware of potentiality of search engines such as Google.
To support its agents the National Security Agency realized a book to help its spies uncover intelligence hiding on the web. The Center for Digital Content of the National Security Agency published a book containing instructions on the use of search engines, on line tools and Internet Archive.
The book written by Robyn Winder and Charlie Speight is titled Untangling the Web: A Guide to Internet Research, it is available in a pdf format and contains 643 pages, it has been issued by the agency following a Freedom of Information Requests (FOIA) filed in April by MuckRock, a site that charges fees to process public records for activists and others.
The most interesting session explored by the book is related to the “Google Hacking”, NSA reserved an entire chapter to instruct its agents, thanks to proper queries as show in my previous article it is possible to search directly for document published on line, such as Excel spreadsheets or World Documents.
The Books proposed a huge collection of tips to search for specifically information bypassing languages limitations, the pdf explains how to search for file contains specific information and stored on website related to specific domains.
Google hacking is not a new concept, the book is dated 2007 but security expert Johnny Long has been talking about this use of the popular search engine for hacking purposes. He published the book Google Hacking that is considered a bible by hackers that use Google for their attacks, the book published by NSA has a totally different scope, it’s intelligence oriented and it’s not focused on breaking into websites and servers.
It is opportune to clarify that web search using these “tips” aren’t illegal despite the data retrieved was not intended for public distribution as stated by the authors of the book:
“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,”
Improper configuration of web servers could expose sensitive documents of private companies and governments on-line, it’s a joke find them “dorking” with Google.
If the spies search for files containing passwords in Russia they could use something like
“filetype:xls site:ru login.”
It could work even if the document uses a different char set, words such as login and password are internationally used.
The level of analysis could be different depending on the type of search, cyber spies could be interested in the discovery of the entire content of an archive or gain the access to the password file, but email lists and sensitive documents represent privileged targets. Composing specifically crafted queries in Google it is possible to reveal sensitive information essential for the success of an attack, thanks to the use of the advanced operator, the Dorking, is possible to retrieve a huge quantity of information on a target such as:
Interesting also the warning provided in the book to the cyber spies, every document collected in this way could hide a pitfall, someone could have intentionally exposed them to compromise the information collector. The recent event has demonstrated that opening a Microsoft document or a pdf file it is possible to infect a PC, this means that the document published could have this intent for publishing of sensitive data.
Search engines, Google first, but also other platforms such as social networks are considered powerful technologies to acquire sensitive information, from a defensive point of view we must be aware every time we expose a resource or a service on the Internet, someone could benefit from our errors.
Pierluigi Paganini
