Hacking with Google Dorks

A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. The attacker can use these complex queries to find information that is accidentially published on the Internet usually by an accidental configuration error in a company’s online software solutions.

A Prime Example: Trello

Recently, Trello was cited by security researcher, Craig Jones (see image below), for the reams of Non-Public Personally Identifiable (NPPI) information an HR onboarding Trello board had published to the Internet. Trello is a project management and Human Resourcing tool that allows you to publish your projects to the public Internet. Unfortunately, some HR organizations have publicly published salary information, passwords, and addresses as revealed in this Google Dorking article.

Source: TechTarget 

Related Readings: Google Dorks: An Easy Way of Hacking

What does this mean for an SMB?

SMB employees should be aware of the information they are handling and what they can do to ensure this doesn’t happen to them. There are a few options to reduce the likelihood of this happening. One option is to train your employees on cybersecurity basics to improve their awareness on issues like this. SMB’s can also limit the number of employees with administrative rights to these online applications.  Doing this while also holding administrators accountable for the proper handling and protection of critical information can sometimes prevent an accidental release of critical and sensitive information. Finally, you may want to develop an approval and cybersecurity review process for the online Cloud solutions your SMB allows to be implemented. Train your employees not to just start using such services without registering them through a known, well-published process that all employees sign off on following.

To learn more about Google Dorks, watch this short video:

https://www.youtube.com/watch?v=HH6edTy3mQI&feature=emb_logo

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!