Iranian dam hacker allegedly used 'Google dorking' to find vulnerabilities
One of the seven indicted Iranian hackers allegedly used ‘Google dorking’ to find vulnerabilities in dam.
Officials say the Iranian man charged last week with hacking into a New York dam used a technique called “Google dorking” to identify the vulnerable system.
Hamid Firoozi, 34, is accused of using the technique, which is an advanced search on Google to find things like websites running outdated operating systems, to identify a vulnerable computer in the dam's systems, federal authorities told the Wall Street Journal.
Officials said Firoozi had been using the technique for months to search for vulnerable U.S. industrial-control systems before he allegedly gained access to the dam's supervisory control and data-acquisition system in August 2013.
The Federal Bureau of Investigation and the Department of Homeland Security released an intelligence document in 2014 to warn agencies of potential vulnerabilities that can be found through dorking.
Firoozi and six others were also indicted for allegedly conducting a hacking campaign that included attacks on banks.