Dr. Ali Jahangiri, an information security and ethical hacking expert, is pleased to announce the Data Insecurity Workshop 2012 Malaysia. This unique ethical hackers training course uses real-world case studies and hands-on practical sessions, making this information security workshop like no other.

This practical, case study based workshop is designed to introduce IT professionals to the world of hacking and information security and give them the knowledge they need to thwart the criminal elements in cyberspace. Using real world examples this course will teach attendees the truth about domain hijacking, denial of service attacks, how to abuse SSH enabled servers and how to hack Windows in just 10 seconds!

Serupepeli Neiko, Fiji Police Force

Richard Kwenda – Namibia Ministry of Home Affairs & Immigration

A multidisciplinary approach is required to fully foresee the future of cybercrime forensics. It requires a team of specialists from different disciplines within the IT industry and related industrial and social segments such as telecom and law. However, in this article the author looks at the future of cybercrime forensics based on his knowledge and experience in this field.

Cybercrime Forensics for Governments

Cybercrime forensics at the governmental level will be more complicated in the future. Governments will need to turn more to their national security organisations to hunt down cyber criminals. In addition, they will need to invent anti-forensic tools and methods to keep their activities and information assets secret.

Cyberspace security and computer related technologies will be a real challenge for governments. The platforms and protocols for computer related technologies may have both domestic and international uses. Therefore, it will be difficult for governments to reach an agreement for international cyber security policies.

At the same time, some countries are the technology owners and this intellectual property ownership will give them an advantage compared to other countries without such a privilege. The technology ownership issue will force the other countries to utilise the open source platforms to develop their own customised operating systems and software.

Cybercrime Forensics for Corporates

Currently the cybercrime forensic markets have been dominated by a few companies. These are the pioneers in cybercrime forensics and analysis. They have the tools and the solutions for cyber forensic investigation. They train law enforcement agencies to use their tools and solutions and some of them even have special tools just for governmental use.

There are also many small companies with one or two consultant partners who are either retired law enforcement officers or former IT professionals from Fortune 500 companies. These people use their contacts and credentials to achieve some market share.  However, in the future, cybercrime forensics at the corporate level will be diversified to education and certain specialties and products. It will be difficult for small companies to build a team with the right core competencies. In addition, due to security clearance requirements and national security interests, most of these companies will only practice in their country of origin.

Furthermore, information security standards such as ISO27001 and ITIL will be implemented more in medium to enterprise size companies. Realistically, only these companies can afford the cost of compliance implementation. Therefore, it will be necessary for them to have proper incident response procedures and the corresponding cyber forensic investigation capabilities. These companies may well have their own cyber forensic investigation units.

Cybercrime Forensics in Professional Institutions

Cybercrime forensics is a new battle ground for professional institutions. Currently, there is no real internationally recognised authority to govern cybercrime forensics practices, regulations and certification.  Therefore, professional institutions are offering cybercrime forensic investigation training programs, certifications and conferences. Currently, some of these institutions are forming alliances (as trade and training partners) to achieve their sales targets. In the future, it is likely that these institutions will start to attack each other to gain market share.

Cybercrime Forensics in Universities

It is sad to note that more and more often information technology advances are coming from industry rather than universities. Within IT, a few companies dominate the industry and therefore the innovations. It will be the same for cybercrime forensics; the companies with market share have the money for research and development. The main issue with academic institutions is their approach, which is slow and traditional compared to the faster speed of development and implementation found in industry.

Furthermore, the training programs in universities are not aligned with the current job market and industry needs. The university students have a lack of practical knowledge compared to the IT professionals who are in the industry (and possibly without academic studies). This is the major reason why students choose further training to achieve professional certification and so distinguish themselves from other graduates.

Cybercrime Forensics in the Media

There will be more magazines, websites and blogs specialising in cybercrime forensics and analysis. They will be the voice of the industry with the power to review, promote and criticise books, products, solutions and training programs. They will sell advertising and help vendors sell their products. Whoever has more marketing budget and better relations will be the most successful in the cybercrime forensics industry. Nevertheless, there will be one or two magazines and websites that will remain independent, but they will find it difficult to survive in such a tough market.

Cybercrime Forensics and Technical Trends

The market will be divided to four main segments with specialised service providers for each segment. The segments are: Microsoft Windows related products, UNIX & Linux related products, Apple related products and computer network & telecom related products.

The solution providers will create more comprehensive tools and solutions to gain better market share. They will transform their solutions into a set of tools for non-IT professionals. They will also try to make their tools web based, for remote forensic investigations.

The open source community will be active for the UNIX & Linux platforms to accrue required legislation to accredit the open source tools in the various countries and judicial systems.

Apple created a giant market for those who want to develop Apple device related tools and solutions. This will be a new era for the professionals who are working in cybercrime forensics.

Cloud computing, cellular networks, WiMax and virtualization will be the other areas of the interest for study and product development. It is obvious that everything is merging towards IT and cyberspace plays an important role in the near future. This will lead governments and authorities to pursue other methods of intelligence gathering, such as web and data mining, to protect their interests.

This will lead to the biggest privacy issue in history. All the data communication, of all users, will be logged at the carrier level. Then the authorities will use data mining tools to identify suspicious behavior of a particular user or users in their own or an allies’ territory. All this information will be saved in massive databases and then the commercial, financial and personal information, in addition to the communication records and social behaviors, will be linked together.

And this will ultimately lead to a new chapter in the history of cybercrime forensics, namely Applied Artificial Intelligence in Cybercrime Forensics.

Abdulla A Yousif, Dubai Municipality

Thank you Dr Ali for your kindness.

Jane Qobolo, Department of Civil Aviation

Christopher Mwale, Zamabia National Commercial Bank

Ignatius Farirayi, Econet Wireless

Abstract: Google hacking is the term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine. In Google hacking hackers use search engine commands or complex search queries to locate sensitive data and vulnerable devices on the Internet.

What is Google Hacking?

Google hacking is the term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine. In Google hacking hackers use search engine commands or complex search queries to locate sensitive data and vulnerable devices on the Internet.

Although Google hacking techniques are against Google terms of service and Google blocks well-known Google hacking queries, nothing can stop hackers from crawling websites and launching Google queries.

Google hacking can be used to locate vulnerable web servers and websites which are listed in the Google search engine database. In other words, hackers can locate many thousands of vulnerable websites, web servers and online devices all around the world and select their targets randomly. This kind of attack is most commonly launched by applying Google hacking techniques to satisfy junior hackers.

It is obvious that the Google hacking procedure is based on certain keywords, which could be used effectively if they are used by some internal commands of the Google search engine. These commands can be used to help hackers narrow down their search to locate sensitive data or vulnerable devices.

Nevertheless, the success of Google hacking techniques depends on the existence of vulnerable sites, servers and devices. However, we should not ignore the power of the search engines in providing information about the targets to the hackers in the reconnaissance phase.

Beyond Vulnerability

Malicious hackers can use Google hacking techniques to identify vulnerable sites and web servers for known vulnerabilities. In addition, they can look for error pages with the help of technical information or retrieve files and directories with sensitive contents such as databases, passwords, log files, login pages or online devices such as IP cameras and network storage.

Google Proxy

Hackers can use the Google Translate service (http://translate.google.com/translate_t) as a proxy server to visit a website or translate the contents of the website or URLs without leaving any footprints.

Figure 1: Google Translate Service.

Google Cache

Google copies the content of a website in its database. This function helps users to access the content of the website if the site is not available. However, a hacker can use this function to access and visit a targeted website without leaving any footprint and in complete anonymity.

Figure 2: The red cycle indicates the link to access the Cached page.

Directory Listings

Web server applications such as Apache and IIS provide facilities that a user can browse and navigate website directories by clicking on the directory name and links such as Parent Directories. The directories and their content can be listed if directory listing or directory browsing are enabled by the administrator. This vulnerability gives an unauthorized access to the files and it may help hackers to gain access to the information which can help them to hack a website or a web server or download its contents.

Figure 3: The result of using intitle:index.of “Parent Directory”.

Directory listings make the parent directory links available to browse directories and files. Hackers can locate the sensitive information and files just by simple browsing. In Google it is easy to find websites or web servers with enabled directory listings because the title of the pages start with the “index of” phrase so we can use index of in the search box to find the directory listings-enabled website. If we want to get better result from our search we can use this combination in the search box intitle:index.of or we can use intitle:index.of “Parent Directory”.

It is obvious that with the first command we used the Google search engine to search in its database for the websites which have been listed with the title of “Index of”. In the second command we used Google to search for sites with the directory listings and with the keyword which is often found in the directory listings.

Specific Directory

Hackers can locate specific directories by using the directory name in their search queries. For instance to locate an “admin” directory in addition to directory listings, the hacker can use these commands: intitle:index.of.admin or intitle:index.of inurl:admin.

Figure 4: The result of using intitle:index.of.admin.

Specific File

It is possible to search for a certain file by directory listings. For instance, to search for the password.mdb file, this search query can be used: intitle:index.of password.mdb .

Specific File Extension

Google lets users search its database for a specific file extension by using the filetype: command. For instance, if you want to search for pdf files, then you can use the query filetype:pdf in the search box.

Server Information

It is possible to use Google hacking techniques to determine the version of the web server application along with directory listings. This kind of information is vital to an attacker because it will help him or her to use the best way to attack the web server. For instance, hackers can use the search query intitle:index.of “server at” to find the web sites with vulnerable directory listings which are operated by an Apache server.

Figure 5: The result of intitle:index.of "server at".

Different versions of Microsoft IIS servers have wide usage all around the world. It would be easy to find the servers which are operated by Microsoft IIS 6.0 servers, which are listed in the Google database by using the query “Microsoft IIS/6.0 server at” on the Google search engine.

Error Pages

The error pages and warning pages are informative for hackers because these pages could be used to determine the vulnerability of the target. Most of the time hackers use the error messages as keywords or search phrase to find their targets. For instance, if you use “Syntax error in query expression ” –the in the Google search box, you can find the websites which have this error message as an Access error message; this message can display path names, function names and filenames which are helpful for the hackers.

Figure 6: The result of "Syntax error in query expression " –the.

Hackers may use Google to locate vulnerable servers by searching for the error pages of web servers such as IIS. The queries intitle:”the page cannot be found”and “internet information services” can be used to search for IIS servers that present error 404.

Default Pages

Default pages are major sources of information about targets for hackers. They use Google to find live servers which are on the default page; most of the time, these servers have default configurations with many vulnerabilities.

Login Pages

The login pages can be use for brute force attacks and gain unauthorized access to the target. In addition, the login pages can be useful to provide information about the target server. For instance, if we use the search query allinurl:”exchange/logon.asp” in the Google search box, we can find the login page of the Microsoft Outlook Web Access.

For the typical login page in the web applications or portals which have been programmed by ASP, you can use inurl:login.asp or inurl:/admin/login.asp.

Figure 7: The result of allinurl:"exchange/logon.asp".

Locating CGI-BIN

Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with web servers. Hackers can use Google to locate the CGI-BIN applications or pages to target. For instance, the search query inurl:/cgi-bin/login.cgi locates the login pages base on CGI-BIN.

Online Devices

It is possible to create special search phrases to locate online devices such as IP cameras, network storage and printers with Google. In this technique hackers use the default pages or the application names which vendors used for hardware and that have been supplied by vendors.

For instance, if you want to locate AXIS Network cameras then you can apply the search phrase inurl:indexFrame.shtml Axis to find online AXIS cameras. Here is another example: to locate online Linksys network storage with the GigaDrive Utility, you can use the search phrase intitle:”GigaDrive Utility” in the Google Search box.

Figure 8: The result of inurl:indexFrame.shtml Axis.

Google Hacking Database

There is an unofficial website (http://johnny.ihackstuff.com/ghdb/ ) which acts as a database for hacking of Google. This database has been used since its creation in 2004 by the Google hacking community.

You would be able to develop your own Google hacking database by studying the behaviour of the equipment and identifying the pages, page titles and files which can be called and accessed by user and which will be listed in Google.

Disclaimer:

• This document is to educate, introduce and demonstrate Google hacking. You should not use the information which has been presented in this document for illegal or malicious attacks and you should not use the described techniques in an attempt to compromise any computer system.
• Ali Jahangiri operates a policy of continuous development. The information which this document contains reflects his understanding at the time when presented. Ali Jahangiri reserves the right to revise this document or withdraw it at any time without prior notice and states no obligation to update the data included in this document.
• The contents of this document are provided “as is”. No warranties of any kind, either express or implied, including, but not limited to, the implied warranties of solutions and instructions for a particular purpose, are made in relation to the accuracy, reliability or contents of this document.
• Under no circumstances shall Ali Jahangiri be responsible for any loss of data or income or any special, incidental, consequential or indirect damages howsoever caused.

Download : Google-Hacking-by-Ali-Jahangiri

Evelyn Malm, Bank of Ghana