Mindmingles

Document

SEO By Industry

Plumbers SEO

Your Page Title

Hacking is a beyond the pale activity that has harmed the usability of search engines in many impolitic ways. But cybersecurity researchers and ethical hacking experts have been providing the ill-willed hackers the taste of their own medicine with smart strategies; take Google Dorking, for example. Security researchers and hackers equally utilize this technique to uncover sensitive information using certain commands on Google, but for different reasons.

The technological advancements have been used maliciously since their inception, and Google Dorking is no exception. The history of Dorking dates back to 2002 when Johnny Long began collecting Google search queries that reveal ‘vulnerable systems and/or sensitive information disclosures.’ He labeled these search queries as ‘googleDorks.’

This article discusses the evolution of Dorking, its legalities, potential threats, dork queries, and protective measures that one must be aware of to be safe online.

What Is Google Dorking?

Also known as Google Hacking, Google Dorking is a technique widely used to collect sensitive and secret information from computer systems, software, and hardware that are vulnerable and prone to security flaws with certain commands on Google.

This method comes handy to steal private information including:

  • Social Security Numbers
  • National Identification Number
  • Webcams
  • Passwords
  • Email addresses
  • Usernames
  • Shell scripts
  • User accounts
  • Credit/Debit card credentials and other financial details, etc. that are hard to access normally.

This technique is not limited to Google but can also be exercised on other search engines, including Bing, DuckDuckGo, and Yahoo. However, search results might vary for different search engines.

How Google Dorking Evolved?

A cybersecurity expert, Johnny Long, is famous for devising Google Dorking. He was a part of Computer Sciences Corporation’s vulnerability assessment team- Strike Force and discovered Google search queries that unveiled vulnerable servers. In addition, these queries also unleashed the servers that circulate personal and sensitive information in the public eye.

This resulted in creating the Google Hacking Database(GHDB) in 2004. The database contains hundreds of search queries used for hacking/Dorking. Over time, cybercrime has massively increased using these search queries called Google Dorks. Not only the world’s most used search engine, Google, but other search engines, including Bing, Yahoo, and DuckDuckGo, are also utilized for this purpose.

Is Google Dorking Illegal?

Google Dorking is technically legal and massively used by security experts. However, it is potentially used by hackers to gain unauthorized access to personal information. A Brooklyn Law School student and a published legal scholar, Star Kashman, often elaborately highlights this issue. She has studied and shared the ethical and criminal usage of search engine hacking and how it violates the Computer Fraud and Abuse Act (CFAA).

In her paper published in the Washington Journal of Law, Technology & Arts on 2 June 2023, she explains the legalities related to this technique. She mentioned that CFAA doesn’t regard Google Dorking as an illegal activity, stating that any information that is out in the public domain doesn’t require ‘unauthorized access.’ However, the FBI and many other legitimate organizations use ‘dorking’ and ‘hacking’ synonymously. She highlights that the existing definition of hacking as per CFAA and existing laws fails to highlight and address the problem of computer crime as well as limit the use of Google Dorking.

What Is Google Dorks Query?

Google Dorks Query are special terms or symbols called ‘operators’ which are used with keywords to discover normally undisclosed information.

Google Dorks List

The compromise of the CIA’s worldwide secret communications network leading to failure of 70% of its operations and the cyber attack on 46 financial institutions in the US during 2011-2013 along with Bowman Avenue Dam in Rye Brook, New York, are the two most prominent cases in the history of dorking. Both the cases and many others took place using the dork’s query.

Google Dorks Query List With Examples

The table below shows the Google Dorks list that security researchers and hackers use to discover site vulnerabilities for contrasting purposes. We already know that hackers use Google Dorking commands to fetch personal and private details with illicit intent. Security researchers use this technique to acquire knowledge of loopholes and report them for improvement, among many other legitimate purposes. For instance, the Google Mobile Vulnerability Reward Program and Apna Vulnerability Disclosure Policy  are two examples where cybersecurity researchers use Dorking commands.

The table below lists the most used dorks to get access to online information. These search terms are intertwined with a strategic approach to discover information that is inaccessible through normal search means.

S. NO. DORKS/
OPERATORS
PURPOSE EXAMPLE/SYNTAX
1 filetype: Retrieve the  specific file

type you need

filetype:keyword pdf

The search results will fetch the

pdf (or other format) format of the file.

2 site: Allows search for domains

in a specific website

site:example.com

The search results will show the pages

related to the site you entered (in this

case- ‘example.com’ ).

3 inurl: Helps search for web

pages containing the specified

keywords in the domain URL

inurl:keyword

Putting the particular site url in place of

‘url’ in the aforementioned place will fetch

the web domains containing specific

keywords in the URL.

4 intext: Shows web pages containing

the specified keywords in the

content

intext:keyword

This command will return the online

published content in search results

with the specified search terms.

5 Allintitle: Retrieve results with specific 

keywords in the web page title

Allintitle:keyword

This will show all search results

with the specified keywords.

6 Allinurl: Returns search results containing
the specific keywords in url
Allinurl:keyword

This will show all search results

with the specified keywords.

7 cache: Shows the last saved copy

of a particular website (if it exists)

cache:example.com

Or

cache:keyword.example.com

This will fetch the last saved web

page of a particular website. It is

useful to retrieve a website’s

previous page before its

update/downtime.

8 define: Provides the definition of the
searched term
define:word

It’ll show the meaning/definition

of the word searched

9 Link: Shows web pages linked to

a  specific URL

Link:example.com

It is used to find web pages linked

with a domain and to estimate its

impact.

10 site: Keeps the search restricted

to the particular, site, domain

or subdomain

site:example.com

To search for a specific domain within

a website (or website itself).

11 related: It helps to find pages related

to a specific website or search

term

related:example.com

The purpose of this command is

to find all relevant pages to a

particular website (in this case-

‘example.com’).

12 | Also referred to as ‘before |

after,’ this operator retrieves

search results containing the

specified terms

keyword1 | keyword2

This will return web pages related

to both the keywords.

13 + This dork is used to find

search results which connect

the specified search terms in

the content

keyword1 + keyword2

All the web pages containing information

about both the keywords will appear in

search results.

14 This query returns the search

results including the specified

terms

keyword1-keyword2-keyword3

It’ll fetch all the web results including

information about the described search

query.

15 phonebook: Used to search for caller IDs phonebook:number

It’ll return the search results including

information of organization or individual

to whom the phone number belongs, if indexed.

In case the number is not indexed, no search

result will be shown.

16 map: This command is excessively used

to get the map of

a particular location

map:location

This search query will show the map for the

location entered.

Threats Of Google Dorking

Dorking has been a big hand behind multiple cybercrimes conducted from time to time. Although this technique has been used by security researchers and ethical hacking experts, it has been constantly used by cyber criminals to steal people’s private details. The elephant in the room is that even people belonging to non-technical areas can also easily learn about dorks and how to use them. This is to say, anyone can access our online information irrespective of the field or area they work in.

Google Doeks Query

To know what hackers use Google Dorking for, continue reading:

1) Access Camera:

Surveillance cameras such as CCTV cameras and webcams are a tpical target for cybercriminals. They use the dorks to penetrate the security and can get access to live video feeds without the knowledge of the person on the other end.

Case: In 2013, Miss Teen USA- Cassidy Wolf fell prey to a college student who had been monitoring her webcam through hacking. He blackmailed her to do as he said against her private pictures, which he threatened to leak otherwise. The 19-year-old admitted that he had 30-40 slave computers (that he was monitoring) and was eventually arrested, CNN confirmed. Several similar cases wherein people have been watched without having a clue about it were  reported.

2) Identity Theft:

Doing crimes in someone else’ name is called identity theft. Hackers steal the identity of people to commit fraud. They steal information like PAN number, National Identification Number (NIN), passwords, etc., and use it for fraud calls, texts, transactions, account activities, etc.

Case: In December 2023, The Deputy Commissioner of Bengaluru Urban District, Dayananda K.A, filed a complaint with the Central Division Cyber Crime Police (India) stating that an unidentified person was using his photograph, name, and designation and asking for money from his colleagues through WhatsApp, The Hindu reported.

More such fraudulent activities have been executed for landing a job, obtaining false tax returns, govt. benefits and money depicting accidental/emergency cases. As per ProQuest Publishing, global identity theft cases spiked by 116,000 during the year 2019-2020.

3) Unauthorized Transactions:

Another common purpose hackers use Google Dorks query for is unauthorized transactions. It has become very easy for cybercriminals to get access to bank accounts and financial card details by retrieving their passwords, pins, emails, and even sometimes the encrypted codes. Activities like phishing scams, online rewards scams, malicious links, app downloads, etc., are used to trick people into sharing their sensitive data and hacking their devices.

Case: The Federal Trade Commission (FTC) reported that people lost $8.8 billion in such frauds in 2022. In addition, the use of deep voice and voice cloning/fake voice is massively used to get money transfers. For instance, a $35 Million fraud happened with the branch manager of a Hong Kong-based company.

4) Stalking & Doxing

Google dorks have also been consistently used to get residential information of people by online stalkers and hackers. But this doesn’t end here; such criminal-minded people even post people’s sensitive details over the web. This is called doxing.

Case: In 2016, a man in New York was sentenced to 24 months of imprisonment for doxing, swatting, and cyberstalking. As per the publication of the United States Attorney’s Office, dated 11 July 2016, govt. found evidence of the man posting “PII of at least 50 celebrities and state and federal officials on different websites that all shared the domain name “Exposed,” which were accessible to anyone, anywhere. The natural, inevitable, and intended consequence of this publication of names, social security numbers, dates of birth, addresses, credit reports, and the like was the use of that information by countless others to illicitly obtain credit cards and other finance-related accounts using the identities of the doxing victims, causing many victims to suffer continuing credit issues. The publication of the victim’s personal identifying information also revealed to any other would-be harassers or assailants how and where to contact the victims.”

5) Device & File Hacking:

A hacker can access any of your smart devices using Google dorks. Hackers create fake Wi-Fi networks that retrieve your data once you connect with them. This problem is quite common in places offering public Wi-Fi facilities and also opens gates to gain access to private files on the network.

Furthermore, smart devices, including smart TVs, cell phones, laptops, printers, and even smart refrigerators and ACs, etc., get hacked when cybercriminals retrieve your device information. Many cases have been reported where hackers have captured private pictures of people via hacking their smart devices.

Case: In December 2023, the win of Prince Harry against a UK’s leading tabloid group, Mirror Group Newspapers, who hired private investigators to peer into his personal information and hack his mobile was a much-discussed iconic event.

Online fraudsters are keenly looking for chances to acquire our personal and private information. Nevertheless, certain measures can help you protect yourself from online hacking. The next section talks about such measures in detail, so continue reading further…

Protective Measures Against Google Dorking

While avoiding online hacking can be a biting-a-bullet kind of task, the below-mentioned measures can help you fight against it:

What To Do If Your Phone Is Hacked Google Dorking

(a) Do Not Put Everything Online

Nowadays, we tend to save everything online, like our credit/debit card credentials or passwords. Although this is a very useful feature, it risks your information. That’s why you must try to limit keeping everything online, and in case you do, change your passwords from time to time and ensure all safety precautions.

(b) Check If Your Information Is Indexed Or Not

A hacker can access any indexed online information using Dorking techniques. To check whether a web page is indexed or not, use this command- site: paste web page link and press Enter. If you see the web page in the first place, you should use robots.txt file, no-index and no-follow tags (refer to next two points) to deindex it. Furthermore, this will help you detect any flaw in the computer or online systems/networks and take necessary actions in the required time.

(c) Use No-follow and No-index Tags

No-follow tags are used with links you don’t want search engines to follow. And no-index tags are used with pages you don’t want search engines to index. These two tags are a great way to effectively stop web pages from getting indexed and out in the public domain.

(d) Use A Robots.txt File

Using a Robots.txt file can be very helpful in safeguarding important files, directories, and online publications. Search engines use this file as a guide to know which pages to index.

(e) Use Two-Factor/Multi-Factor Authentication

Keeping your device’s security systems safe using two-factor or multi-factor authentication, pin-protections, etc., can help safeguard your online data.

(f) Be Selective For File & Directory Permissions

While managing your online documents, files, directories, sheets, etc., be selective in assigning the permissions. Only allot the required access to the people who need it.

(g) Use Antivirus & Firewall Protection

Antivirus software and firewall protections can prove successful in tackling such issues. For instance, Microsoft and Windows offer in-built firewall protections. Similarly, installing antivirus can help protect mobile devices.

(h) Identify & Uninstall Suspicious Apps

Hackers secretly install some apps into people’s devices that help them retrieve their data. You must check if any app is installed on your device that you aren’t aware of. Also, check what permissions you’ve allowed to the installed apps to limit unwanted access.

(i) Don’t Click On Suspicious Links

Cybercriminals usually try phishing techniques by sending malicious links through emails and social media apps. Such links are heavily in rotation during festivals depicting free rewards links. So be aware of such links and don’t click on them.

(j) Avoid Jailbreaking

Removing software restrictions on your device that come by default from the manufacturer is called jailbreaking and can prove dangerous. It can leave your device entirely at hackers’ disposal and hence is not recommended.

(k) Use Long & Different Passwords

Framing long passwords can help you save your online accounts from being a beacon for hackers. In addition, use different passwords for different accounts and apps.

(l) Activate Alerts

By applying for SMS and email alerts, you can detect a forthcoming fraud scenario and safeguard your accounts. Otherwise, someone can access your data anytime without your knowledge. Banks have this facility to keep the customers posted about transactions and might suggest freezing your account immediately in case of suspicious activity.

(m) Never Enter Your Information On Decrypted Sites

Decrypted sites or sites without encryption can always fall prey to hackers’ ill-intents. That’s why you never enter your sensitive information (or any information) on such sites. You can spot a tune icon on encrypted sites on Google or a padlock icon in the case of other search engines. Another cue to spot a safe site is using “https” at the start of its URL.

(n) Keep Your Apps, Browsers & OS Updated

Not updating device/system software, apps, and browsers can land you trouble. Keep a check on regular updates to not lose in the war against cybercriminals.

(o) Take BackUp & Format Your Device

Keeping data backup can also work if your device is hacked. If no other means work for you or you are locked out of your account, you might need to format your device. A backup can save you from losing your data in such a scenario. But, remember not to take a backup for any suspicious app.

You can also use the advice of cybercrime institutions or report cybercrime on your country’s official designated authority portal. They might suggest you freeze your account, inform your known ones, change your contact number, ID, etc.

Wrapping Up

Google Dorking uses simple dork commands with specific search terms that show conventionally inaccessible results. This methodology is heavily employed in cybersecurity and isn’t technically illegal. However, it has caused havoc for people because of its illicit use by hackers. Looking at the unethical use of dorks queries, there is a need to frame laws regulating the use of dorking techniques and to pass legislation elucidating restrictions on access to personal and private information with ambiguous legal status.

At last, it depends on us how we use this technique. Using Google dorks query for illicit purposes is sure to attract legal penalties.

Get A Free Consultation
And Estimate

Enquiry Form