Recently 7 hackers from Iran have been identified by US Justice Department, for breaking into the US Financial System. All seven hackers belong to two private security companies, who work for the Iranian Government and are suspected to be a part of Iran’s elite military force.
Out of the seven alleged cyber-criminals, Mr. Hamid Firoozi has been accused of breaking into Bowman Avenue Dam in Rye Brook, New York back in 2013. He gained access to the dam by using a technique called “Google Dorking”. The technique is said to function by targeting a vulnerable computer system. Hamid used this procedure to discover the computer which controlled the dam, and used different hacking methods to take over the operation of dam once he had gained access.
Google Dorking is not something new. According to data privacy advocates, the practice has been in use for the last 10 years. Surprisingly the technique is not even constitutionally illegal or malicious. It has been widely used by white hat hackers to test corporate security breaches in the past. However, according to assistant attorney general for National Security and Justice Department, the technique is now being practiced widely by black hat hackers.
The Bowman Avenue Dam incident alarmed the US security authorities. According to US officials the dam was small and less than 20 miles north of NYC. It was chiefly used for flood controlling and did not posses any severe threats. However, a major concern that worried the authorities was that hackers are now targeting US infrastructure.
Most of the systems controlling major industrial zones, roads and networks are outdated. Companies choose to ignore data security/privacy advocates advice for the sake of “Smart Infrastructure”. However these smart systems may lead disasters in future, if not built to comply with essential security and privacy policies.
Blaming Google is inappropriate, as Google is simply indexing information that is open to public. It is the sole responsibility of organizations and authorities to ensure that confidential data stays private.