I’ve given you secret and malicious intelligence information. Apparently.

I use this so often. And I’ve mentioned it to you in a piece about searching for specific email addresses. If you type this into Google:

“omnifocus”

You get an awful lot of results. If, instead, you type this:

omnifocus at williamgallagher.com

Well, okay, you still get an awful lot of results. But you’re telling Google to solely and only and specifically and exclusively search my williamgallagher.com site. Now, Google doesn’t exactly do that. First it searches me, then it searches everywhere else like it always does. But those first few entries are on my site.

I do go a little further. I’ll search a site like that and if I’m looking for a screenplay, say, I might specify that I want “filetype:pdf”. That returns only PDF results. Fine. It cuts down a lot of time searching but apparently that’s a problem:

Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames.

Malicious Cyber Actors User Advanced Search Techniques – Intelligence for Police, Fire, EMS and Security Personnel – 7 July 2014

You go through a range of reactions to this, don’t you? Like a typical man, I preen a bit at the idea that searches I do every day are ‘advanced’. I don’t fully understand the term ‘cyber actor’ but it sounds exciting. And then you get called a dork. Google Dorking is such a new term that there isn’t a Wikipedia page about it. (There is this and it seems a nice place to visit.)

I think the onus is on the people who put classified or confidential information on their computers. Let them shut out searches like this. Especially as apparently it’s a bit easy for them to do.

But hey, if anyone asks where you learnt how to crack NATO defence secrets or whatever it is, you point them right at… um… anyway, is that the time?