Iranian hackers used Google search tactic: report

The Iranian hackers allegedly behind the hack of a New York dam apparently used a simple Google search process to help identify the dam’s vulnerable network, The Wall Street Journal reported.

The so-called Google dorking process allows hackers to track down computer systems that are easy to infiltrate, often due to an older operating system or outdated security features. While the method isn’t as simple as a typical Google search, it is available to anyone with access to Google and who is well-versed in a few search tactics.

{mosads}And this process was how the Iranian hacker charged with infiltrating a New York dam located the weak network, people familiar with the investigation told the Journal.

“He was just trolling around, and Google-dorked his way onto the dam,” one person told the Journal.

The Obama administration last week indicted Hamid Firoozi for the hack, claiming he had gotten into the Bowman Avenue Dam in Rye Brook, N.Y., in 2013. Although Firoozi didn’t take control of the dam, prosecutors said he had access that would have given him the ability to control water levels and flow rates.

Firoozi was one of seven Iranian hackers the Justice Department indicted, marking the first charges the U.S. has ever filed against cyber intruders with ties to the Iranian government.

The incident highlighted the vulnerability of America’s critical infrastructure computer networks as well as the emerging sophistication of Tehran’s cyber program.

And the revelation that Firoozi was able to easily uncover critical networks using basic Google search techniques is likely to generate even more concerns about the digital defenses guarding important computer systems that control water, electricity, gas and other essential utilities.

Firoozi had been using the Google dork technique for months looking for exposed U.S. industrial-control systems, those familiar with the investigation told the Journal.

The alleged hacker reportedly uses dozens of technical search terms that prompted Google to scan for vulnerabilities on websites tied to American infrastructure locations.

Once Firoozi found his mark, he used more complex hacking skills to crack into the dam’s networks.

Firoozi is far from the first to use Google dorking as a way to identify targets. The FBI and Department of Homeland Security have warned that cyber criminals are aided by similar tactics.

“Malicious cyber actors are using advanced search techniques, referred to as ‘Google dorking,’ to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyberattacks,” the two agencies said in 2014.

Security experts also use the method for good, as part of their efforts to root out and eradicate security flaws.