The search engines, Google, Yahoo!, and Bing are great at helping us find information on the web. If you are like me, I personally perform a lot of search queries every day, finding new information and visiting new websites every day. That’s why I use a search engine. However, the search engines are indexing too much information on the internet–and as such, they are not doing enough to stop hackers. They are helping them.
According to a new report by Imperva, their research shows that during an attack, hackers can generate more than 80,000 daily search queries to probe the Web for vulnerable Web applications. Hackers continue to use search engines such as Google, Yahoo!, and Bing, to find websites that are vulnerable–and which sites they can hack into and cause problems for website owners.
Let’s take, for example, the search query above. This is a search for “powered by oscommerce” “catalog” which use the OS Commerce application. That search query is not typical. There is really no reason why someone would want to find all of the websites that contain the entire catalog of websites powered by the OS Commerce shopping cart software unless they were up to no good.
There are literally hundreds, if not thousands, of search queries that are not ‘typical’ search queries. The search engines are not doing enough to stop these queries from being made, time and time again. In this latest test, hackers were able to query Google over 80,000 times in one day, pulling data about websites that were vulnerable. If Google had intentions of stopping hackers, search queries such as these would not be able to be performed 80,000 times in one day.
According to Imperva, here is how hackers set up automated queries in order to get information they need from the search engines:
The Hacker’s 4 Steps for an Industrialized Attack:
1. Get a botnet. This is usually done by renting a botnet from a bot farmer who has a global network of compromised computers under his control.
2. Obtain a tool for coordinated, distributed searching. This tool is deployed to the botnet agents and it usually contains a database of dorks.
3. Launch a massive search campaign through the botnet. Our observations show that there is an automated infrastructure to control the distribution of dorks and the examination of the results between botnet parts.
4. Craft a massive attack campaign based on search results. With the list of potentially vulnerable resources, the attacker can create, or use a ready-made, script to craft targeted attack vectors that attempt to exploit vulnerabilities in pages retrieved by the search campaign. Attacks include: infecting web applications, compromising corporate data or stealing sensitive personal information
Google is not doing enough to stop hackers. Imperva, in their report, explains. “Although Google Hacking has been around – in name – for some time, some new innovations by hackers require another, closer look. Specifically, Google, and other search engines, put in place anti-automation measures to stop hackers from search abuse. However, by using distributed bots, hackers take advantage of bot’s dispersed nature, giving search engines the impression that individuals are performing a routine search. The reality? Hackers are conducting cyber reconnaissance on a massive scale. ”
Imperva’s report, titled “Hacker Intelligence Summary Report – The Convergence of Google and Bots: Searching for Security Vulnerabilities using Automated Botnets”, is a fascinating read.