Google's Secrets – and Yours


David Shamah, The Jerusalem Post May 9, 2006


Warren Buffet can feel confident about sinking his $4 billion into Israel, at least from an electronic security point of view. I can say with utmost certainty that the country's most sensitive secrets are safely stowed away on secure servers, inaccessible to the public. Try as I might, I couldn't find any Word documents marked “top secret” regarding Israel's plans regarding Iran on the Ministry of Foreign Affairs Web site (http://www.mfa.gov.il/), no Powerpoint presentations on Israel's alleged nuclear weapons program on the Ministry of Defense site (http://www.mod.gov.il), no PDFs on future political plans on the main government site (http://www.info.gov.il) – nothing, nada, not a thing! Even using the special advanced “Google hacking” techniques I learned from Johnny (http://johnny.ihackstuff.com), I couldn't get an untoward, scandalous or headline-making fact on any of the burning issues of the day. One less thing for Warren Buffet (and the rest of us, I guess) to worry about.


Google hacking sounds bad, but it's not “real” hacking – and it isn't illegal, either. A true hacker tries to extract sensitive information off a private, secure server that s/he must attain access to illicitly. Of course stealing information off such a server is prosecutable in most places – and often punished harshly. Google hacking, on the other hand, “attacks” publicly available Web sites that don't require anything more to enter than typing an address into a Web browser. Using Googles' advanced search techniques and operators in creative ways, you can discover a world of information you never imagined existed on the publicly available WWW.


Did you know, for example, that you can search a specific site for nearly any file type, including PDFs, MS Word files, Powerpoint presentations, Excel spreadsheets, and many others. Or, that using Google's “site” operator (for example, typing into the Google search box “site:Microsoft.com”), you can map an entire site and list all the Web pages on your Google results list, without having to visit that site at all – thereby allowing you access to information about your target without letting the site's server record your IP address on a site hit? That you can use the “intitle” operator to determine what Web server your target site is using and thereby determine the best way to hack into it using the server's built-in proven weaknesses?


It may come as a shock to many, but little ol' Google can be, and is, being used to get at information that site administrators never intended to make public – and never imagined would be publicly visible. And Johnny (whose surname is Long), a former “bad boy” hacker who has climbed onto the straight and narrow, is just the guy to teach these techniques, which he developed during an apparently colorful hacking career breaking into secure sites as a cyber-hoodlum, but now does the exact same thing working on the side of good, getting paid by large corporations to break into their servers in order to ensure that they are secure check for weaknesses.


The basic document on the subject is The Google Hacker's Guide, a PDF file available at Johnny's site (he's also written a more extensive book the subject, at http://tinyurl.com/o5sls). The Google Hacker's Guide contains not only details on the secrets behind Google's advanced operators (which you can read all about at http://www.google.com/help/operators.html) – it also gives concrete examples of how these techniques can be used to find “interesting” stuff, just this side of the legal barriers against illicit electronic snooping (Johnny says he knows all the bad boy tricks, but he won't teach them to anybody).


Google, of course, gets its information through the not so judicious use of web search bots, which traverse the cybersphere recording information about sites and associating them with keywords in the Google database. Any site you can click on and enter using a Google search is technically fair game for super snooping (if it weren't, it would be password protected) – and sometimes (quite often, apparently), administrators leave publicly accessible information that was supposed to be hidden, making them “Googledorks” as far as Johnny and his fans are concerned. And among the features of the site is a very active forum dedicated to coming up with exploits that can be used to ferret out the messy work of Googledorks. And don't think that sensitive information goes away after a Googledork realizes his or her errors and secures the server – Google lets you search its cache of documents, meaning that you can hack into Google's back pages and ferret out sensitive information, even if it's no longer publicly accessible!


And again, all this is legal – at least technically. However, these techniques can definitely – and often easily – be used to undertake “shady” operations, like obtaining passwords to hack into individuals' accounts at Web sites that demand IDs – even sites that charge money for access! Using some of the very basic searches at http://tinyurl.com/lcpzum, for example, I could have accessed, if I so wanted, a bunch of private sites after having Googled for password files which were in areas of Unix servers that were supposed to be off-limits, including some “off color” sites (no, I won't tell you which ones, so don't ask). If any electronic law enforcement folk are reading this, by the way, note that I said “could have” as opposed to “did” (my lawyer told me to write that!). Close examination of the forums will reveal even more advanced techniques and searches that can, if aimed at the right server, yield you a whole lot of sensitive information, and if you know what you're looking for on a particular Web site, chances are good you're going to find it using these techniques if the system administrator is anything less than 100% competent.


Of course, once a site gets on Johnny's list, it gets fixed up right awa(at least you'd hope so). But the real power of Google hacking is that anybody can be a victim – and in the wrong hands, it can be as dangerous, if not more so, than “real” hacking, because you won't be able to easily touch the hacker legally. Luckily, Johnny gives you ideas on how to protect yourself at his site – and if you're a site administrator, you're going to want to check out Johnny's site very carefully.


Ds@newzgeek.com