Google Logo

Federal investigation of New York Dam computer system hacking revealed that the Iranian man responsible for the attack used an available Google search process to identify the flawed system.

“Google dorking”, a process which can simply be done by anyone with a computer and easily accessible Internet is also done with some few additional special techniques. The Feds also indicated that the process was being widely used by hackers to see which of the computers in the US had vulnerabilities.

The Iranian man charged with the offense, Hamid Firoozi, was charged on Thursday. The people briefed on the investigation mentioned that Hamid had accidentally stumbled onto the Bowman Avenue Dam located in Rye Brook, N.Y. He used the technique which helped identify an unprotected computer that controlled the dam’s sluice gates and other functions. After identification of the dam, Hamid allegedly used other methods to hack himself in.

One person from the investigation said, “He was just trolling around and Google dorked his way onto the dam.”

Google dorking is a search technique that has been around for almost ten years and according to cyber security experts is neither legal nor malicious. Michael Bazzell, former  computer crime investigator for the FBI said the technique was widely and commonly used by ‘white hat hackers,’ people who are there to check for vulnerabilities in an organization’s system servers or company computers vulnerabilities. Mr. Bazzell said, “You can look for hardware online that you can access without a password, or for a particular    type of login portal. It’s very effective.

The Justice Department accused six other Iranians together with Mr. Firoozi of attacking the US Financial system. This was the first public indictment against those who are tied to the Iranian government. The seven defendants were workers for two privately owned computer security companies. The companies did some work for the Iranian government, also including the Islamic Revolutionary Guard Corps, the Iran’s elite military force.

The defendants are however in Iran. They can be arrested if they leave their country. They could not be reached for comment, and the same goes for their lawyers.

The attack on the dam at the time sparked concerns that reached as far as the White House. The primary concern   was that hackers had started targeting US infrastructure. The US Attorney Preet Bharara said, “The infiltration of the Bowman Avenue Dam represents a frightening new frontier for cybercrime.”

The FBI and Department of Homeland Security warned the public and security organizations of vulnerabilities that were as a result of dorking. Mr. Bazzell said that it was the company’s duty to protect them and make sure Google had no access to data they didn’t want in the open.

2 COMMENTS

  1. “Live Free or Die Hard” did it first, a few years back.
    Hacker crashes all the traffic lights, dams, trains, oil refineries, anything online ….
    Cool movie. I think they were trying to warn you of something.

    Get that crap offline , idiots !

  2. If engineers at a dam in New York hadn’t disconnected water gates from its electronic control center for maintenance work, a major disaster would have happened. On that day, hackers said to be belonging to the IRGC managed to hack the dam’s electronic control center in order to unlock its gates and drown the area. Unfortunately, only the direct perpetrators were made accused in these cases and no charges were framed against the Iranian regime, which should have been held responsible for those attacks. Threatening action against regimes involved in cyber attacks, whether Iranian or any other, builds deterrence against similar attacks in the future. Targeting civil facilities to sabotage them and harm civilians are acts of terrorism, prohibited internationally even in times of war. These terrorist attacks should be categorized as per international law and their activities should be declared prohibited.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

8  +  2  =  

What is 3 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)