Beware: Google Dorking has a Darkside

Google Dorking is back in the news again with a recent warning coming from the Department of Homeland Security which includes the following:

“Malicious cyber actors are using advanced search techniques, referred to as “Google Dorking” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in cyber attacks…By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, email lists, sensitive documents, bank account details, and website vulnerabilities.”

You are not a dork if you don’t know what Google Dorking is. It boils down to specific advanced search queries that are used for finding specific information on websites and servers that you likely don’t want found.

The good guys, or ethical hackers use these search queries to help you identify vulnerabilities and holes in your security. The bad guys, or malicious hackers use it for profit and to steel your information.

Unfortunately, not all admins are as thorough as they should be when it comes to the security settings and have been known to leave these settings as their default. This is a big opening for hackers and is something you should fix yesterday.

They are using Google to find these dorks as well. There are websites with lists and YouTube videos showing you how.  Be aware of the threats that are out there. Consult with your SEO expert and security team right away. Stay up-to-date on what is happening in the industry so you are not caught in an unwanted situation.