Trendsurfing: Google hacking (The Times)
By David Rowan
Psst ... want to see some secret stuff? There's this cool underground website where you can pick up private passwords, spy on internal company accounts, even peek into other people's webcams. Don't tell anyone, but the site's called Google - you may even have heard of it. But what you may not be aware of is the fast-growing online sport it has spurred among geeks Googling to find things they're not meant to see. The sport is known as "Google hacking", and even if you're a tech novice, it's something you can have some fun with.
The genius of Google is its ability to scour billions of web pages and make them easily searchable using a few simple database commands. You probably know that putting quote marks around a phrase makes Google search for the whole phrase rather than the individual words. You may even know that you can restrict a search to a specific website by typing in site: before that website's address along with the word you are searching for. The art of Google hacking relies on using these and other more complex search commands to find web pages that were never intended to be made public. Once you discover such forbidden gems, your satisfaction comes from sharing them with the thousands of other Google hackers who post their exploits online.
This is not "hacking" in the murky criminal sense - although undoubtedly a few professional troublemakers do use Google to target sites vulnerable to attack. No, this game is more about the thrill of taking control of a banal office photocopier or car-park webcam simply because they are networked in a way that lets Google locate them.
Just ask Johnny Long, custodian of the official Google Hacking Database. Long, who makes a living telling companies how to secure their websites, has so far collected around 1,140 different "hacks" that use Google to expose online vulnerabilities. You can peruse them at his website, johnny.ihackstuff.com, where thousands of regulars swap tips on Googling everything from networked digital cameras to shopping websites which inadvertently expose credit-card numbers. The website does not seek to encourage wrongdoing. It merely aims to educate the inept "googledorks" who fail to secure their sites.
How easy is it to find them? First, let's take a peek through some poorly secured webcams. Do a Google search for the phrase inurl:"axis-cgi/mjpg" - exactly as punctuated - and you'll find thousands of live video images, showing petrol-station forecourts, shopping-mall CCTV pictures, even traffic flow in Acapulco. That's because Google has spotted some computer code used by the webcam. Next, fancy printing a few test pages on someone's office photocopier? A search for the phrase intitle:"Home" "Xerox Corporation" "Refresh Status" brings up dozens of networked copiers which offer the mischievous option of a "Print" button.
In half an hour, with no programming knowledge, I Googled my way into budgetary spreadsheets, corporate passwords, and a particular printer at Stanford University which warned that it was out of ink. You can even find saved Hotmail messages, including a very private note to a man who had recently become a woman. Yes, it's that easy to uncover the googledorks' secrets. Don't these people care about protecting their privacy?
(The Times Magazine, October 15 2005)
. . . AND READ MORE TRENDSURFING COLUMNS HERE . . .
Psst ... want to see some secret stuff? There's this cool underground website where you can pick up private passwords, spy on internal company accounts, even peek into other people's webcams. Don't tell anyone, but the site's called Google - you may even have heard of it. But what you may not be aware of is the fast-growing online sport it has spurred among geeks Googling to find things they're not meant to see. The sport is known as "Google hacking", and even if you're a tech novice, it's something you can have some fun with.
The genius of Google is its ability to scour billions of web pages and make them easily searchable using a few simple database commands. You probably know that putting quote marks around a phrase makes Google search for the whole phrase rather than the individual words. You may even know that you can restrict a search to a specific website by typing in site: before that website's address along with the word you are searching for. The art of Google hacking relies on using these and other more complex search commands to find web pages that were never intended to be made public. Once you discover such forbidden gems, your satisfaction comes from sharing them with the thousands of other Google hackers who post their exploits online.
This is not "hacking" in the murky criminal sense - although undoubtedly a few professional troublemakers do use Google to target sites vulnerable to attack. No, this game is more about the thrill of taking control of a banal office photocopier or car-park webcam simply because they are networked in a way that lets Google locate them.
Just ask Johnny Long, custodian of the official Google Hacking Database. Long, who makes a living telling companies how to secure their websites, has so far collected around 1,140 different "hacks" that use Google to expose online vulnerabilities. You can peruse them at his website, johnny.ihackstuff.com, where thousands of regulars swap tips on Googling everything from networked digital cameras to shopping websites which inadvertently expose credit-card numbers. The website does not seek to encourage wrongdoing. It merely aims to educate the inept "googledorks" who fail to secure their sites.
How easy is it to find them? First, let's take a peek through some poorly secured webcams. Do a Google search for the phrase inurl:"axis-cgi/mjpg" - exactly as punctuated - and you'll find thousands of live video images, showing petrol-station forecourts, shopping-mall CCTV pictures, even traffic flow in Acapulco. That's because Google has spotted some computer code used by the webcam. Next, fancy printing a few test pages on someone's office photocopier? A search for the phrase intitle:"Home" "Xerox Corporation" "Refresh Status" brings up dozens of networked copiers which offer the mischievous option of a "Print" button.
In half an hour, with no programming knowledge, I Googled my way into budgetary spreadsheets, corporate passwords, and a particular printer at Stanford University which warned that it was out of ink. You can even find saved Hotmail messages, including a very private note to a man who had recently become a woman. Yes, it's that easy to uncover the googledorks' secrets. Don't these people care about protecting their privacy?
(The Times Magazine, October 15 2005)
. . . AND READ MORE TRENDSURFING COLUMNS HERE . . .
<< Home