With more than 5.5 billion requests per day (1), Google is clearly the most used search engine in the world (2). Considering the huge amount of indexed data – Something close to 120 000 billion pages in 2015 – combined with the relevance and speed of its search algorithm, access to information is available to everyone, more than ever.
Perhaps did you already search your own name or nickname, just out of curiosity? This article will give you some simple directions and methodologies to go further in this endeavor, just by using Google. The objective of the “self-hack” is twofold: checking what data concerning you is on the Internet, and identifying an identity theft.
So, put on your hacking clothes or mask and go in quest of the digital footprint… yours!
Google Hacking is a technique that allows you to find sensitive information. To this end, you can use operators in google queries. Operators are specific parameters that allow you to make accurate requests, to find what you really look for.
For instance, the “site” operator allows us to perform requests on a specific website, “filetype” to search specific types of files, or “intitle” to search within page titles (rather than on the content).
An operator works like this: operator:value. As an example, site:facebook.com means “searching on facebook.com only”.
The first thing a hacker will look for is information about his target. That phase is called “reconnaissance”. When it comes to hacking yourself, the approach is a bit different, since you already have the information you are looking for. This gives you a two-fold advantage:
- You will be able to search deeper, since you will be able to be more focused in your queries (for instance, you know what websites your visit, email addresses you use…)
- You will be able to work in a “reverse mode”: By knowing what information is confidential, you can search it in search engines and verify it is no returned in the results
Now you know the basics to conduct your investigation, it’s the moment to start: hack yourself. Here are some directions to find a maximum amount of data concerning you.
1. Your credentials
The first search is quite simple, but may reveal much information about you: search your own firstname and lastname.
If your lastname is too common, or if you have the same lastname as a celebrity, chances are you do not appear in the results. In that case, you can add the name of the city you live in, or some similar information.
Common results are:
directories: postal addresses and phone numbers
social networks: personal information (place of study, activities, interests), photos, friends or professional relationships, personal websites, pseudonyms, email addresses.
You can now perform the same kind of search with your pseudonym or email address.
2. Targeting websites
You will now focus on specific websites. This can be useful to find social networks you registered on, or to make an inventory of personal information or activities you left here and there. You will also be able to discover if you have been a victim of identity theft.
To this end, use the “site” operator.
As mentioned above, the advantage is that you know which websites you are using. You can therefore target them, to verify which information you left on them. However, don’t limit yourself to that list of know addresses! You might miss some important information, but also what others say about you, on other websites…
Several websites might be relevant, especially social networks and community forums: facebook.com, twitter.com, plus.google.com, monster.com, linkedin.com, viadeo.com, flickr.com, onedrive.live.com, joomeo.com, youtube.com…
We will now add operators to our queries, in order to find files. To search files, we can use the “filetype” operator (or “ext” for extensions).
That request returns us indexed PDF files, where keywords “john” and/or “winny” have been found. Relevant filetypes to look for are: pdf, doc, docx, xml, xls, ppt et rtf.
We can also perform more accurate queries, by adding the “intitle” operator (to look for title elements).
When making a query (by typing your credentials for instance), go to the “Images” tab in Google, then click on the different results and look at the “website” field for that image. Even if some pictures do not seem to be relevant, you might find links to websites that contain information about you, or where you have been mentioned.
In that example, we can find a Google Plus profile page using your name.
Another way to find websites related to yourself is to use the image recognition feature of Google Image. In fact, it is quite common to use the same profile picture for different accounts, on different websites. Maybe you really love that photo you took of yourself 3 years earlier? Anyway, the fact is that you used it several times.
When clicking on the Image tab on Google, you can drag and drop your photo in the search bar, and Google will tell you if it finds the same picture in its results.
Look at the bottom of the page, in the “Pages that include matching images“ section, you may find pictures that concern you. This way, you can also see if other people use your photos or pictures.
Finally, you can also check whether an image you don’t want to be public is indexed on the search engine. By submitting it to Google in a search query, if there is no result then you’re fine.
5. Sensitive information
We will now look for sensitive information (yours), to see if it has been indexed. Sometimes information leaks out, after a breach on a website, a scam, or because of a technical problem.
First, let’s type some credentials (like your firstname + lastname, email, pseudonyme…) and one or several keywords like “password”, “mastercard”, …
These queries might not give very relevant results, since the word “password” is widely used. Just remember that the more specific you are (as illustrated in the examples above), the more relevant the results will be (and few in numbers).
When a website is hacked (or just a specific account), data is sometimes published on the Internet, for instance on pastebin.com. Thus, a good practice is to check whether your data is on that platform. To this end, we can use the “site” operator.
But let’s not neglect other evidences and avenues that may suggest a hack of your account or data.
Since you know what your sensitive information is, you can directly use it verify it is not made public. You can for instance directly type your mobile phone number to check it is nowhere;
However, never type something really sensitive (like a password or credit card number). In fact, even if your query is not indexed (e.g. made public) by Google, your search terms are sent to the search engines and potentially recorded. Moreover, someone may intercept your traffic.
I found something
If you found something that you wanted to stay private, delete it whenever possible. If the piece of data you discovered is published by a third party (social networks, blog, website you regularly visit…) then send a removal request to the owner. Finally, if you found your password or banking information, then do what must be done to invalidate or change related items.
You now know the basics of Google Hacking. With the few operators we detailed and a little imagination, you can forge thousands of requests that might give your more and more (relevant) results. Keep in mind that queries explained in this article are just some hints and that you can improve them over and over again.
If you want to do more, maybe some free online services can help you. Here are a few of them:
- checkusernames.com – testing the availability of a given username on more than 160 social networks and other platforms.
- com.lullar.com – same idea as checkusernames, but with an email address. The list of platform is smaller, however.
- pipl.com – look for someone on social networks. Several criteria are available: pseudonyme, email address, firstname, lastname, location.
- emailhunter.co – find email addresses, for a given domain name.
*1 Source (french) http://www.webrankinfo.com/dossiers/google/chiffres-cles#gref
*2 Approximately 90% of market shares, globally, in 2016 – StatCounter http://gs.statcounter.com/#search_engine-ww-monthly-201601-201611