Google Advanced Operators and Government Website Leakage

Posted August 24th, 2010 by

Ah yes, the magic of Google hacking and advanced operators.  All the “infosec cool kids” have been having a blast this week using a combination of filetype and site operators to look for classification markings in documents. I figure that with the WikiLeaks brouhaha lately, it might be a good idea to write a “howto” for government organizations to check for web leaks.

Now for the search string:, “enter document marking here” site:agency.gov filetype:rtf | filetype:ppt | filetype:pptx | filetype:csv | filetype:xls | filetype:xlsx | filetype:docx | filetype:doc | filetype:pdf looks for typical document formats on the agency.gov website looking for a specific caveat.  You could easily put in a key phrase used for marking sensitive documents in your agency.  Obviously there will be results from published organizational policy describing how to mark documents, but there will also be other things that should be looked at.

Typical document markings, all you have to do is pick out key phrases from your agency policy that have the verbatim disclaimer to put on docs:

  • “This document contains sensitive security information”
  • “Disclosure is prohibited”
  • “This document contains confidential information”
  • “Not for release”
  • “No part of this document may be released”
  • “Unauthorized release may result in civil penalty or other action”
  • Any one of a thousand other key words listed on Wikipedia

Other ideas:

  • Use the “site:gov” operator to look for documents government-wide.
  • Drop the “site” operator altogether and look for agency information that has been published on the web by third parties.
  • Chain the markings together with an “or” for one long search string: “not for release” | “no part of this document may be released” site:gov filetype:rtf | filetype:ppt | filetype:pptx | filetype:csv | filetype:xls | filetype:xlsx | filetype:docx | filetype:doc | filetype:pdf

If you’re not doing this already, I recommend setting up a weekly/daily search looking for documents that have been indexed and follow up on them as an incident.



Similar Posts:

Posted in Hack the Planet, Technical, What Works | 3 Comments »
Tags:

3 Responses

  1.  Hammy Havoc Says:

    The power of Google never ceases to amaze. It’s useful for identifying security issues though.

  2.  Craig Says:

    So scared right now.

  3.  Generate Web Traffic Says:

    Google is really the boss. You can use its power for good purposes and also for bad purposes. We should know our limit that what we should or what not because every organizations have rights to secure their information. Thanks for the post..

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: