Monthly Archives: November, 2014
Use any advanced search techniques in Google and you’re a Cyber-Terrorist
A recent warning was posted to USA law enforcement listing advanced Google search techniques as indicators of Cyber-Terrorism is slightly chilling. Thanks to: Sadly, this is not the Onion
saw this story. The advanced techniques are old school ways of ensuing you return only the filtered data you want in a more accurate manner. Google Dorking, as it’s called in slang is a method of searching for a specific keyword in specific conditions. For example, if you want to search only the website CNN.com for the keyword LolCats in Dorking terms is: site:CNN.com + “LolCats”.
Sean Gallagher from ArsTechnica, commented he believed the notice is meant to be more of a wakeup call to make law enforcement IT more aware of the techniques. I slightly disagree and saw only FUD in the law enforcement notice. The same story commentary also mentions how using advanced Google searches has already landed some reporters in trouble and wrongfully accused of criminal activity due to massive technology misunderstandings. Using a search engine is not illegal, at least not yet.
My advice if you are a law enforcement agency IT, learn more about Open Source Intelligence and disregard FUD notices written by technologically challenged policy makers. Here are ten friendly tips to help find or protect your internet exposed assets:
- Keep all public facing digital assets updated and harden them. There is no reason why you should be running old, weak crud on the internet.
- Apache Security read if you are running an Apache web server.
- How to Improve Security on the Edge with Windows Web Server 2008 and Internet Information Services with Security Guidance of ISS Security if you are running Windows Server.
- Best option: Rent space on Amazon AWS or Microsoft Azure they have DDoS defenses and can get you an inexpensive, new server version up and running. This gets a web server off your network, cheaply, with defenses available and limits damage only to reputation no information leakage. Also, if hardware breaks, no interruption for the most part and they fix everything within tight time service level agreements.
- Scan your public servers and internal servers with Evil FOCA from Informatica64. Scan all your domains, download all documents, analyze and take a look at what you have up for the public to see and the baddies to exploit. Review your metadata exposure.
- Google Dorking is a good passive reconnaissance tool but if I wear my Ethical Hacker Hat I wouldn’t use it before committing a crime. I would move to non-tracking search engines such as DuckDuckGo.com also combined with untraceable connections and several hops away. Run regular searches using different search engines to learn your public exposure.
- Use ShodanHQ against your domain, IP range and keywords by using a filter. I love Shodan J Try a super advanced search word like: police. I’m disappointed but not surprised: Owen Sound Police Services – FirePro event data server and Wildwood Crest Police webmail server. Try and limit the amount of data available on your public facing assets. Please don’t advertise unless you are running a Honeypot so obviously!
- If budgets have your IT bogged down. Network and pool external resources and contractors. What if four departments could share 1 full time, traveling IT Security contractor?
- Cover over all Web enabled Cameras when not in use, especially in interrogation rooms!:
Using Google Dorking or any other advanced internet searches are not illegal nor indicators of cyber terrorism. However, exposing private IT assets to the internet without proper hardening helps no one but criminals.