Iranian Hacker Used Google To Hack N.Y. Dam Computer

By "Google dorking," hackers can use certain search parameters to find unprotected computers.
Katie Kuehner-HebertMarch 29, 2016

“Google dorking,” a widely accessible method for locating computer vulnerabilities, enabled an Iranian to find and then hack into the unsecured computer system of a New York dam in an attempt to sabotage its operations on behalf of the Iranian government.

So say people familiar with a federal investigation that led to last week’s indictment of Hamid Firoozi for hacking into the computer system of the Bowman Avenue Dam in Rye Brook, N.Y., according to The Wall Street Journal. Firoozi was also charged, along with six other Iranians who collectively worked for two private computer-security companies, with conducting a coordinated campaign of cyberattacks against U.S. banks on behalf of the Iranian government.

Sources told the WSJ that Firoozi performed Google dorking, a process in which a hacker (or a security employee testing for vulnerabilities) can use certain search parameters to find unprotected computer systems. Firoozi allegedly had been using the Google technique for months in search of such vulnerable U.S. industrial-control system as a computer using an old operating system or one that hadn’t been updated with a security patch, according to the newspaper.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

“He was just trolling around, and Google-dorked his way onto the dam,” one person familiar with the investigation told the WSJ.

Next, he allegedly applied more complicated computer methods to hack into the dam’s controls. Firoozi gained access to the dam’s supervisory control and data-acquisition system in August 2013, according to an indictment unsealed in Manhattan federal court. If the dam’s sluice gate hadn’t been manually disconnected as a result of maintenance problems, Firoozi would have been able to remotely operate it.

Google dorking has been primarily used by “white hat hackers,” computer specialists who test an organization’s computer system for vulnerabilities, cybersecurity consultant Michael Bazzell told the WSJ.

“You can look for hardware online that you can access without a password, or for a certain type of login portal,” Bazzell said. “It’s very effective.”