Cult of the Dead Cow releases Google hacking tool


The Cult of the Dead Cow, the infamous hacking collective, has released a Google hacking utility called Goolag Scan that brings the ability to search the information engine for web-based data that is normally hidden to anyone wannabe with a web browser and half a brain. It does this by implementing something in the region of 1500 customised Google search routines to reveal application server passwords, credit card numbers, corporate email records and audit logs to name just a few examples. Sure, the ability to find this stuff is open to anyone using Google who knows what to look for and how to filter the results accordingly. Sure, the real problem is the companies who have not properly secured the data in the first place so making it available for such searching. But let's be honest, the Cult of the Dead Cow sure ain't helping matters.

"Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers" says Calum Macleod, European director at encryption experts Cyber Ark, who adds "A lot of companies protect their Web-based and Internet gateway- accessible data using ID and password systems, but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages."

The Cult of the Dead Cow will say that it is releasing this utility, which has been in use within the group for three years apparently, in order to get people thinking about whether online data storage is a good idea, to get them thinking about web based security more seriously.

That sounds awfully akin to getting people to take road safety more seriously by providing imbecile joy riders with a tank and pointing them in the direction of a school at going home time…

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

jwenting 1,649 duckman Team Colleague

it's a group of computer criminals...
They're releasing it as a piece of advertising, trying to draw in buyers for their services.
If they're releasing what they've been using themselves before that only means they've got something more powerful already and/or have mined it dry themselves already so it's got no economic value left for them.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.