Search Engines like Google turned into Hacking Tool!

Page 1 of 2

How do the hackers use search engines as a free hacking tool?

The search engines are the most useful and handy tool in the cyber world. No matter what kind of information you need, all you need is a browser and an Internet connection and you get everything that you are looking for. But most of us forget that things that are normally created to do good to people can also be misused by people whose only hobby or profession is to get their hands on what they are not allowed to. You would be surprised to know that the only thing that turns search engines like Google into an easy but deadly weapon is the laziness or less knowledge of people who has got their stuff online. Unfortunately a big majority of those people are the System Administrators of the companies, who fail to protect the important confidential information that belongs to their employer. I am not writing this article to teach somebody how to get somebody’s confidential info or download illegal stuff. I should not be held responsible for any kind of misuse of the information contained in this article.

What kind of data can one actually search and download?

Nearly everything that can be downloaded or accessed over Internet through other means, can be downloaded or accessed more easily and safely with the help of search engines. This can be the confidential electronic data of your company such as xls, doc, pdf, jpg etc files or this can be illegal music or videos etc, and this is not all; this can be the lists of your passwords etc too which can open access to your mail accounts, bank accounts or other databases etc.

How does it happen?

The answer is more then just simple. Let’s take the the mother of search engines "The Google" as an example. The search engines give you the facility to search specific data types and that is the option that is normally being misused. Imagine yourself as a cyber thief who wants to get certain information. Then think what format could be the files that would probably contain the information you need. Ok how about getting some password files? Oh Yes! They can most probably be either .txt files or .xls files which can be opened with Notepad or Microsoft Excel program. You would then use the Index of and filetype strings to search the possible name of the file along with the data type. To do that you would simply go to www.google.com and search for the following phrase:

Index of /passwords filetype:txt
Or
Index of /passwords filetype:xls

The first query will return all the results where the file types would be .txt and the second one will show you all files that are .xls type with the passwords as the part of the names. Everything that a thief needs is now on the screen. Isn’t it scary? Such an easy access to such a sensitive data! Or consider getting a collection of .mp3 songs free to download. The cyber thief only needs the name of the song and he will get it even in multiple formats. Suppose he wants to download the song "Push The Button" in mp3 format. He just goes to Google and searches for:

Intitle:index.of "push the button" mp3

Wow, a whole list of web URLs where this song is freely available to download and not just this, the person who whose URL provides the access to songs has got his whole music albums uploaded there. Normally those are URLs of web spaces where some people or companies upload their data and music etc but forget that their site is listed in search engines and without password protection the folders and data can be exposed to outside world. Now the cyber thief is just a little bit scared if he is accessing a big company’s data, because the web site logs the information such as IP addresses and other details of their visitors. In that case an expert thief uses a second method for his safety "Anonymous Proxy Servers". That means that he involves a third party to reflect the data to him. The anonymous proxy servers masks the IP address and host information of the visitor so that means that if you are using a proxy server and access my site; I would not be able to see the real information that can be used to identify you. Anyway, the topic of proxy servers can be discussed in the next article as right now we can not go much in detail.