The Wall Street Journal reports: An Iranian charged with hacking the computer system that controlled a New York dam used a readily available Google search process to identify the vulnerable system, according to people familiar with the federal investigation.
The process, known as “Google dorking,” isn’t as simple as an ordinary online search. Yet anyone with a computer and Internet access can perform it with a few special techniques. Federal authorities say it is increasingly used by hackers to identify computer vulnerabilities throughout the U.S.
Hamid Firoozi, who was charged Thursday by federal prosecutors, stumbled onto the Bowman Avenue Dam in Rye Brook, N.Y., in 2013 by using the technique to identify an unprotected computer that controlled the dam’s sluice gates and other functions, said people briefed on the investigation. Once he identified the dam, he allegedly hacked his way in using other methods.
“He was just trolling around, and Google-dorked his way onto the dam,” one person familiar with the investigation said.
The search technique has been around for about 10 years, said cybersecurity experts, and is neither illegal nor always malicious. It is primarily used by “white hat hackers,” computer specialists who test an organization’s computer system for vulnerabilities, said Michael Bazzell, a former computer crime investigator for the Federal Bureau of Investigation. [Continue reading…]