Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Thông thường, các thông tin như thế này được thu thập bởi những kẻ giả mạo, tội phạm sử dụng giao tiếp điện tử để thu thập thông tin cá nhân và giữ trong một danh sách trực tuyến hoặc cơ sở dữ liệu. Trong nhiều trường hợp, các nhà điều tra xác định vị trí các danh sách này hoặc cơ sở dữ liệu và liên kết bài cho họ trong các nhóm thảo luận trực tuyến. | Google Hacking Showcase Chapter 11 471 Figure 11.75 shows an extremely large document that contains hundreds of bits of personal information about victims including name address phone numbers credit card information CVV codes and expiration dates. Figure 11.75 Google Hacking Lots of Credit Card Info However credit card numbers and expiration dates aren t the only financially sensitive bits of information on the web as shown in Figure 11.76. Note Most often information like this is collected by phishers criminals using electronic communication to solicit personal information and kept in an online list or database. In many cases investigators locate these lists or databases and post links to them in online discussion groups. When Google s crawlers follow the link the captured data is exposed to Google Hackers. In 472 Chapter 11 Google Hacking Showcase other cases carders credit card number traders post this data on the web in open-air web discussions which Google then crawls and caches. For more information about phishing see Phishing Exposed from Syngress Publishing. Figure 11.76 Is Nothing Sacred These samples were collected from various web sites and include bank routing numbers PayPal usernames and passwords eBay usernames and passwords bank account and routing numbers and more most likely collected by phishers. Beyond Google In some cases Google is the first step in a longer hacking chain. Decent hackers will often take the next step beyond Google. In this section we ll take a quick look at some interesting Google hacks that took an extra few steps to pull off. Still simple in execution these examples show the creative lengths hackers will go to. This first screenshot shown in Figure 11.77 submitted by CP reports that a staff directory has been removed from the web for privacy purposes. Google Hacking Showcase Chapter 11 473 Figure 11.77 Staff Contact List Removed This isn t a bad idea but the problem is that the old document must also be removed from the .