Last year two high profile worms used Google and other search engines to find potential targets. In August, a MyDoom variant used Google to find e-mail addresses and a few months later the Santy worm found vulnerable bulletin board applications using various search engines. Security experts expect to see a lot more this year and advise enterprises to minimise their exposure to such attacks.
Andrew Collins, security manager in Asia/Pacific for CyberTrust, said that enterprises can avoid many of the potential dangers by ensuring that network resources -- such as Web cams -- are not indexed by search engines.
"We expect to see further automated attacks using Google searches to select potential targets as well as a continuing increase in the discovery of search strings that return unintended information such as error codes, web based cameras and restricted/private documents and Web pages. Network enabled physical security systems , such as web cams and digital video capture systems, should be moved onto private networks that are not addressable from the Internet," said Collins.
Web cams were also highlighted as a potential danger in a recent advisory by Gartner analyst Jay Heiser. According to Heiser, the Web interfaces of network cameras have a default address structure that can easily be found using Google hacking techniques.
"Some of the cameras reached through the search engine are meant to be viewed by the public, but many are not. Keep them up-to-date with patches and use strong passwords. Unpatched cameras have had their configuration or behaviour changed by hackers," said Heiser.
Heiser explained that most search engines look for a file called 'robots.txt', which specifies which areas of a site, if any, can be indexed.
"Using robots.txt and other techniques to prevent indexing is a best practice for non-public systems and the various components supporting public systems. Treat all Internet-facing devices -- even apparently obscure ones such as network cameras -- as relevant to security," said Heiser.
CyberTrust's Collins said that if enterprises think about their security as an entire system rather than the strengths and weaknesses of each individual application and appliance, they will be less vulnerable to attack.
"If an enterprise has invested in a strong security architecture than the threat posed by current Google hacks is minimal," said Collins.
I enjoyed reading this article, as its' focus happens to be one of my online 'hobbies'. Just a couple of comments to add;
"Security experts are predicting a m****ive increase this year in so-called "Google hacking", whereby malicious Internet users or worms use the search engine to discover resources that are not intended for public consumption."
My gripe with this is the use of 'malicious', of course some people with questionable motives will try to use these techniques. However, my experience of the 'Google-hacking' community at large is one of cooperation and transparency. Information is freely shared and contacting vulnerable parties is encouraged. We're simply in it for the intellectual challenge and straight-forward curiosity.
Only when Google hackers find a query, such as the ones to find webcams, do the vulnerable people become aware and have the opportunity to do something about it. There's a feeling of satisfaction in finding a 'good' search, but there's also one in seeing the number of results to that search diminish over time.
As was said, Google hacking will definitely become more popular for 'black' and 'white' hacking usage. Potentially vulnerable parties will become more savvy with the subject and potential Google hackers will become even more creative in their searching.