Google hacking to escalate in 2005

Security experts are predicting a massive increase this year in so-called "Google hacking", whereby malicious Internet users or worms use the search engine to discover resources that are not intended for public consumption.

Last year two high profile worms used Google and other search engines to find potential targets. In August, a MyDoom variant used Google to find e-mail addresses and a few months later the Santy worm found vulnerable bulletin board applications using various search engines. Security experts expect to see a lot more this year and advise enterprises to minimise their exposure to such attacks.

Andrew Collins, security manager in Asia/Pacific for CyberTrust, said that enterprises can avoid many of the potential dangers by ensuring that network resources -- such as Web cams -- are not indexed by search engines.

"We expect to see further automated attacks using Google searches to select potential targets as well as a continuing increase in the discovery of search strings that return unintended information such as error codes, web based cameras and restricted/private documents and Web pages. Network enabled physical security systems , such as web cams and digital video capture systems, should be moved onto private networks that are not addressable from the Internet," said Collins.

Web cams were also highlighted as a potential danger in a recent advisory by Gartner analyst Jay Heiser. According to Heiser, the Web interfaces of network cameras have a default address structure that can easily be found using Google hacking techniques.

"Some of the cameras reached through the search engine are meant to be viewed by the public, but many are not. Keep them up-to-date with patches and use strong passwords. Unpatched cameras have had their configuration or behaviour changed by hackers," said Heiser.

Heiser explained that most search engines look for a file called ‘robots.txt’, which specifies which areas of a site, if any, can be indexed.

"Using robots.txt and other techniques to prevent indexing is a best practice for non-public systems and the various components supporting public systems. Treat all Internet-facing devices -- even apparently obscure ones such as network cameras -- as relevant to security," said Heiser.

CyberTrust's Collins said that if enterprises think about their security as an entire system rather than the strengths and weaknesses of each individual application and appliance, they will be less vulnerable to attack.

"If an enterprise has invested in a strong security architecture than the threat posed by current Google hacks is minimal," said Collins.