Are you a dork? If you’re a regular reader of SourceCon, the answer to that question is probably yes – at least according to the way the federal government defines the term “Google dorking.”
What is Google dorking? Our federal government shared the following definition in a recent warning to business owners.
“Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in
subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.”
Hmm, that type of activity sure sounds familiar (except for the cyber attacks, of course).