A few extra-fancy Google searches may have been at work when a hacker busted into a New York dam in 2013.
The alleged hacker used a simple technique called “Google dorking” to tap into the computer system that controlled gates and other mechanisms on the Bowman Avenue dam in suburban New York, the Wall Street Journal reports.
“He was just trolling around, and Google-dorked his way onto the dam,” a person familiar with the investigation told the Journal.
Get Data Sheet, Coins2Day ’s technology newsletter.
That dam hack was part of a massive, multi-year breach that tapped into at least 46 financial institutions across the United States. On Thursday, the White House indicted seven Iranians for the attacks.
Attorney General Loretta Lynch said the breach totaled up to tens of millions of dollars in damages. The hackers are suspected of working on behalf of the Iranian government.
The so-called “dorking” technique that was used on the dam is not always a malicious one. It’s simply a way to use specific Google search terms to find more hidden information and pages that wouldn’t normally turn up in a regular Google search.
This particular search strategy can help turn up information companies or agencies may not have meant to make totally public online, like login portals. Experts also use dorking to look for security holes.
For more about Google search, watch:
But the straightforward, unsophisticated technique that was used in the dam breach is concerning for security experts. As Intel CTO Steve Grobman told Reuters, “This is as a good example of how critical infrastructure is vulnerable to various actors.”
The other security breaches in the indictment. All of which took place between 2011 and 2013, included other kinds of attacks that targeted financial institutions such as Bank of America, Nasdaq OMX Group, the New York Stock Exchange, and Capital One, the Journal noted.