Information Security Tips Series
Google Hacking



0 Photo



Google Hacking is the skill to optimise the searching function of Google search engine to collect information for hacking.
Impact on general users

Google Hacking will not steal your personal information on the Internet, but it shows the searching results being published on the web and being captured by Google. For example, if someone had published your name, phone number and email address on the web in past, such as blog, you might search such records with Google search. However, if you just search the phone number, you would not find out such record because Google restrict the request.
How to Google Hacking?

The first step is to locate the right content and then narrow down the volume of searching results from Google. The following operators are the key elements to build up the Google queries, including: (in the square bracket, XXX is your searching keywords)

*    ["XXX XXX"]: The quoted phrase will search for exact wordings between quotes.

*    [-XXX]: The word after the negative sign will be excluded from the result.

*    [~XXX]: This means "similar to". Google will return the results similar to the XXX keyword, e.g. [security ~manual] will return results with "security manual", and "security guide", etc.

*     [XXX * XXX]: The asterisk * is the wildcard for a single word.

*     [XX..XX]: The dots operator should be included between two numbers to search for any number between two numbers, e.g. [age 20..25]

*    [filetype:XXX]: This operator will restrict the results specified in XXX file format, e.g. [security manual filetype:doc] will return all results in doc file format.

*    [site:XXX]: The results including this operator will include the specified website or domain only, e.g. [form site:police.gov.hk] will return the content with the word "form" from force website.

Google stores websites content in its database. By searching this database, the target websites will not have your IP address in their log because you are not really visiting their sites. So, you will be hidden from the target. Also, you will get the historical data even the target has removed them from their websites.
How to protect privacy?

Being an end-user, we are concerned about what we have disclosed on the web, especially the social networking media, such as Facebook, web forums, etc. Even we cannot control those web sites and their web server settings to prevent them from leaking our information, but by using the Google Hacking techniques to search the content publicised, we may know what will be disclosed from the web sites. If we don't agree with their privacy policy and setting of the sites, we may refuse to use their services.


<<Back to Features>> <<Back to Top>>