Hacking is a beyond the pale activity that has harmed the usability of search engines in many impolitic ways. But cybersecurity researchers and ethical hacking experts have been providing the ill-willed hackers the taste of their own medicine with smart strategies; take Google Dorking, for example. Security researchers and hackers equally utilize this technique to uncover sensitive information using certain commands on Google, but for different reasons. The technological advancements have been used maliciously since their inception, and Google dorks queries are no exception. The history of Dorking dates back to 2002 when Johnny Long began collecting Google search queries that reveal ‘vulnerable systems and/or sensitive information disclosures.’ He labeled these search queries as ‘googleDorks.’ This article discusses the evolution of Dorking, its legalities, potential threats, dork queries, and protective measures that one must be aware of to be safe online. What Is Google Dorking? Also known as Google Hacking, Google Dorking is a technique widely used to collect sensitive and secret information from computer systems, software, and hardware that are vulnerable and prone to security flaws with certain commands on Google. This method becomes a go-to option for stealing someone’s private information including: Social Security Numbers (SSNs) National Identification Number Webcams Passwords Email addresses Usernames Shell scripts User accounts Credit/Debit card credentials and other financial details, etc. that are hard to access normally. This technique is not limited to Google but can also be exercised on other search engines, including Bing, DuckDuckGo, and Yahoo. However, search results might vary for different search engines. How Google Dorking Evolved? A cybersecurity expert, Johnny Long, is famous for devising Google Dorking. He was a part of Computer Sciences Corporation’s vulnerability assessment team- Strike Force and discovered Google search queries that unveiled vulnerable servers. In addition, these queries also unleashed the servers that circulate personal and sensitive information in the public eye. This resulted in creating the Google Hacking Database(GHDB) in 2004. The database contains hundreds of search queries used for hacking/dorking. Over time, cybercrime has massively increased using these search queries called Google Dorks. Not only the world’s most used search engine, Google, but other search engines, including Bing, Yahoo, and DuckDuckGo, are also utilized for this purpose. Is Google Dorking Illegal? Google Dorking is technically legal and massively used by security experts. However, it is potentially used by hackers to gain unauthorized access to personal information. A Brooklyn Law School student and a published legal scholar, Star Kashman, often elaborately highlights this issue. She has studied and shared the ethical and criminal usage of search engine hacking and how it violates the Computer Fraud and Abuse Act (CFAA). In her paper published in the Washington Journal of Law, Technology & Arts dated 2 June 2023, she explains the legalities related to this technique. She mentioned that CFAA doesn’t regard Google Dorking as an illegal activity, stating that any information that is out in the public domain doesn’t require ‘unauthorized access.’ However, the FBI and many other legitimate organizations use ‘dorking’ and ‘hacking’ synonymously. She highlights that the existing definition of hacking as per CFAA and existing laws fails to highlight and address the problem of computer crime and don’t well limit the use of Google Dorking. What Is Google Dorks Query? Google Dorks Query are special terms or symbols called ‘operators’ which are used with keywords/strings to discover normally crawled yet undisclosed information. The two most prominent cases in the history of dorking are: (i) the compromise of the CIA’s worldwide secret communications network leading to failure of 70% of its operations and the cyber attack on 46 financial institutions in the US during 2011-2013, and (ii) Bowman Avenue Dam in Rye Brook, New York. Both the cases and many others took place using the dork’s query. How Google Dorking Works? Google Dorks queries are used with specific keywords to form search operators (advanced search operators, in some cases) to be on the make, stealing financial, personal, or other information that is hard to obtain otherwise. These search queries are employed to access web pages, file types, urls, etc. that are crawled by Google but usually not visible in search results with normal search queries. However, it has a potentially negative aspect wherein cybercriminals locate search operators with strings to find normally inaccessible information for illicit intents. On the other hand, security professionals and web technicians often put it to use to gain insights into their site’s security loopholes. Google Dorks Query List With Examples Security researchers use this technique to acquire knowledge of loopholes and report them for improvement, among many other legitimate purposes. For instance, the Google Mobile Vulnerability Reward Program and Apna Vulnerability Disclosure Policy are two examples where cybersecurity researchers use Dorking commands. Search Operators The table below shows the Google Dorks list that security researchers and hackers use to discover site vulnerabilities for contrasting purposes. These search terms are intertwined with a strategic approach to discover information that is inaccessible through normal search means. We already know that hackers use Google Dorking commands to fetch personal and private details with illicit intent, making it crucial to learn protective measures against it (more on that in later section). S. NO. DORKS/OPERATORS PURPOSE EXAMPLE/SYNTAX 1 filetype: Retrieve the specific file type you need filetype:keyword pdf The search results will fetch the pdf (or other format) format of the file. 2 site: Allows search for domains in a specific website site:example.com The search results will show the pages related to the site you entered (in this case- ‘example.com’ ). 3 inurl: Helps search for web pages containing the specified keywords in the domain URL inurl:keyword Putting the particular site url in place of ‘url’ in the aforementioned place will fetch the web domains containing specific keywords in the URL. 4 intext: Shows web pages containing the specified keywords in the content intext:keyword This command will return the online published content in search results with the specified search terms. 5 allintitle: Retrieve results with specific keywords in the web