In the movies, hackers are technical geniuses. They speak in binary code and manipulate machines nearly telepathically. Reality isn’t so glamorous. In fact, one of the easiest hacking methods uses a tool nearly all of us use nearly every day: Google.
Google Dorking
Google is a powerful search engine, scouring the entire web to find the answer to nearly any question. Through using Google’s advanced query methods, hackers are able to find information that wasn’t meant to be public, like connected devices and open ports.
Despite being called “advanced,” compared to a lot of techniques, Google dorking isn’t complicated. Google provides operators that enables more specific, direct searches. For example, by adding “site:*.gov” to a query, users can limit their search results to those coming from government sites. By using multiple operators, a searcher’s results are filtered and targeted for the specific information they’re seeking.
Hackers don’t need to be especially clever to come up with these queries. There are query databases that can be used to find hidden information. Although these were initially created to assist white-hat hackers in penetration tests, the information is readily accessible to black-hat hackers as well.
Google Dorking in Practice
This isn’t a theoretical risk. An Iranian hacker used Google dorking to hack a dam in suburban New York. The advanced query methods led the hacker to the dam’s control systems. Fortunately, the dam’s sluice gates had been disconnected due to a maintenance problem; preventing the hacker from issuing commands.
Other infrastructure systems, not just dams, are also vulnerable. The Ukrainian power grid experienced a blackout after a cyberattack. They had manual, backup methods that assisted them in recovering. In the United States, many power grids don’t have those methods, so the impact of a hack would be more severe and longer lasting.
Sources of Vulnerability
The risks to infrastructure come from both old technology and new. In many cases, systems run on older software with known vulnerabilities. When they haven’t been fully patched, they offer hackers easier exploits. The risk from newer technology comes from the many additional network connections. The growth of the Internet of Things has vastly increased the number of connected devices. While these smart devices help run facilities more efficiently, every additional connection presents an additional security risk.
Protecting the Power Grid is a Priority
Back in 2012, the federal government simulated an attack on the New York City power supply to gain support for legislation to enhance cyber defenses. Four years later, the Iranian’s success in attacking a dam shows just how important it is to address these infrastructure vulnerabilities. That attack did no damage, but if it had succeeded, the consequences could have been catastrophic. Attacks that shut down the power grid for an extensive period would also be devastating.
As a result, the Obama administration has made protecting the power grid a priority. The Office of Electricity Delivery and Energy Reliability will spend $23 million to develop cybersecurity methods for the power industry.
With the emphasis on protection of the power grid, operators need to understand the threat environment, the vulnerabilities that exist, and the threats that will arise in the future. Xiologix, an experienced systems integrator, can assess the vulnerabilities in your environment and threats to it. We partner with security vendor Fortinet to deploy advanced, defense-in-depth cybersecurity solutions to suit your architecture.
