In 2013, the Westmore News, a small newspaper serving the suburban community of Rye Brook, New York, ran a feature on the opening of a sluice gate at the Bowman Avenue Dam. Costing some $2 million, the new gate, then nearing completion, was designed to lessen flooding downstream.
The event caught the eye of a number of local politicians, who gathered to shake hands at the official unveiling. "I've been to lots of ribbon-cuttings," county executive Rob Astorino was quoted as saying. "This is my first sluice gate."
But locals apparently weren't the only ones with their eyes on the dam's new sluice. According to an indictment handed down late last week by the U.S. Department of Justice, Hamid Firoozi, a well-known hacker based in Iran, gained access several times in 2013 to the dam's control systems. Had the sluice been fully operational and connected to those systems, Firoozi could have created serious damage. Fortunately for Rye Brook, it wasn't.
Hack attacks probing critical U.S. infrastructure are nothing new. What alarmed cybersecurity analysts in this case, however, was Firoozi's apparent use of an old trick that computer nerds have quietly known about for years.
It's called "dorking" a search engine — as in "Google dorking" or "Bing dorking" — a tactic long used by cybersecurity professionals who work to close security vulnerabilities.
Now, it appears, the hackers know about it, as well.
Hiding in open view
"What some call dorking we really call open-source network intelligence," said Srinivas Mukkamala, co-founder and CEO of the cyber-risk assessment firm RiskSense. "It all depends on what you ask Google to do."
Related Articles -