Introduction
This paper is designed is to explain and give a comprehensive security review including the hacking footprinting of Google, Inc. It answers eight questions that cover the areas of footprinting, social engineering, web server and application vulnerabilities and threats, and finishes by discussing Structured Query Language injections.
Google, Inc. The Company
Google, Inc. is a multinational American state corporation that has been offering services in the fields of internet search, advertising technology, and cloud computing since 1998 when it was first incorporated as a private company (Miller, 2007, p. 10). ). This company came to birth from a genius idea of two computer science students, Sergey Brin and Larry Page, and it has since grown to serve major businesses in the global market. This multinational company has a vision of organizing the world’s information to make it accessible and useful universally to all who need it. In line with this vision, it runs more than one million data server centers worldwide and processes nearly two billion search requests every day. This organization offers a number of internet-based products and services such as the Gmail email services, Google Buzz and the Google+ social networking services among other web applications.
Google uses the internet widely as well as other companies, governments and institutions for data sharing purposes. This need to exchange electronic information exposes most of this company’s computer networks and systems to internet traffic. This necessary exposure brings with it security concerns, like the possibility of a system hack, footprinting, SQL injection among others. These risks are evident since the only barriers that exist between the hacker and the company’s internal secrets could be a poorly administered firewall or poorly checked border router.
Google has a team of internal security analysts who monitor and ensure that its systems are secure, but sometimes it appears more cost-effective to hire external analysts, who could be these hackers themselves. The hackers prove useful due to the experience and knowledge that they have of the system and the ability to detect any threat available.
Google’s services like Gmail, among others, are among the most familiar and easy-to-use business products and services that this multinational web-based search and software provider avails to its users and clients. These web-based applications are highly susceptible to hacking due to their easy accessibility and familiarity.
A good example is the recent hacking of several Google accounts of hundreds of people including senior government officials, political activists and military personnel across the United States. (Robertson, & Liedtke, 2011, p. 5). This hacking was suspected to have been done by two Chinese citizens who probably were government officials in the Chinese military.
Footprinting Analysis
Footprinting is the process of gathering more information about a target system before attempting to gain access to it (Ciampa, 2008, p. 273). It involves the use of publicly available resources and information to identify the various networks belonging to a given company. Footprinting is done by using various computer security techniques that include Domain Network System queries, Network queries, Network enumeration, Organizational queries, Operating system identification, Port Scanning, Point of contact queries and Ping sweeps among others. The tools employed in footprinting are nslookup, traceroute, Nmap, neotrace and Sam Spade among others. The vital information obtained through footprinting includes technologies that the organization uses, for example, its internet, intranet, extranet and its remote access, the security policies and procedures among others.
Through footprinting, other facts like the Phone numbers, addresses, the URL of the organization, the IP address, its blogs, newspapers, forums and other stuff available on its website can be obtained. This information helps potential hackers get much knowledge about the organization. This IP 74.125.39.104 varies depending on the locations of Google Inc’s worldwide branches since it has a variety of IP addresses being a big company.
Google inc has current hardware, Access Control Lists, that include Intrusion detection systems. The information obtained from footprinting can either be private information that is intranet-based or public remote accessed data. The private intranet-based information includes network protocols, internal domain names, and internal IP structures. The public remote access information includes telephone numbers and types, any remote access devices like dial-up modems, remote access authentication methods, remote VPN and VPN clients.
Most of the information obtained was through running a registrar query registrant at the whois website. This query gave us the administrator contacts which are: [email protected] 1600 Amphitheatre Parkway, Mountain View CA 94043 and [email protected] +1.6502530000 Fax: +1.6506188571.
The TCP (Transmission Control Protocol) /UDP( used Datagram Protocol) Services include services that Google Inc. offers in Google Talk and in sending IMs are enabled to talk.google.com on port 5222 or port 443.
How information gathered during the footprinting analysis can be used to initiate an attack against Google Inc
The information obtained from footprinting is used by hackers to identify how large the target organization may be, the potential entry and exit points that exist and any security mechanisms that might thwart their attack. The hacker then proceeds to map vulnerabilities in the organization’s system in order to gain access by cracking passwords, spoofing the IP address of trusted machines, or even using stack-smashing attacks against the system. After this, the hackers then sniff internal network traffic or even find other hosts that contain some of the companies important secrets. After the hacking activity, the hacker then cleans up the systems logs as an attempt to conceal the fact that an attack had actually occurred.
Hackers primarily use the contact information for system administrators to guess passwords and crack them or use them for social engineering purposes. Social engineering is a process in which the intruder can gain potential vital company or system information from the company employees or any affiliate by posing to be known to someone in the company. The help information in most websites provides information about password and login formats and names of potential users in the site various locations which make passwords easy to guess from fixed dictionaries.
Network blocks provide information on how large the target network is and scan the IP addresses in the network block machines which are live hosts. Knowledge of the IP address of the host helps to determine whether the host is alive and getting the vulnerabilities and exploiting them.
Company information like company names domain names business subsidiaries Internet Protocol, network phone numbers are potential entries into the firm’s system. The Transmission Control Protocol and User Datagram Protocol ports are used to listen to each system and identify the operating system that is installed in each host.
Trace routers help attackers know the relationship of each host to others in the same system and help identify the potential security mechanism between the hacker and the system. The listening TCP and UDP ports help the hackers determine the version of Web, File Transfer Protocol or mail server running through connecting to these ports.
Contact names and e-mail addresses of the organization’s key employees are useful inlets into the system. The physical address could provide illegal access to buildings, wired and wireless networks, computers among others like attaining detailed satellite imagery of locations of the organization from various sources on the internet. A phone number is also used to look at the physical address of companies via web-based sites.
The social engineering techniques that could be utilized to gather information regarding Google Inc’s Computer systems
Social engineering is the art of manipulating persons to perform certain actions or to divulge confidential information instead of breaking in or applying technical cracking methods. social engineering in another sense is a form of trickery that is used to gather information, for fraud purposes or get access to computer systems. This method does not involve face-to-face contact with the target victim but uses impersonation. impersonation involves posing as a client and gaining information over the phone or even through gate-crushing certain events.
Some of the techniques employed in social engineering pretexting, diversion theft, phishing, Interactive Voice Response, Baiting, Quid pro quo, spoofing, and common confidence trickster among others.
Pretexting refers to the act of creating and utilizing an invented scenario for purposes of engaging the targeted victim in such a way that the victim will have a high chance of divulging information to the hacker. This technique involves prior research and use of earlier information to be used in impersonation, like using a person’s date of birth, his social security number among others to acquire information from him. This technique when used could make Google Inc disclose vital customer information, including their telephone records, banking records and other information.
Diversion theft, on the other hand, is a deception game that is carried out by professional thieves and in most cases against courier services companies. The major aim of this technique is to persuade the person in charge for legitimate delivery that the goods are requested elsewhere. Diversion theft can be used in this company to divert the transfer of vital information of the business to the hacker’s accounts, it could be a diversion of funds.
Phishing refers to a technique of fraudulently obtaining confidential information, most probably by sending an email that appears to have come from a legitimate business. The sender could pose as a bank, or credit company and request for verification of information and may even warn of some unexpected consequences in case such information is never provided. The mail will in most instances contain a link to a fraudulent web page that appears to be legitimate, having a company logo and content among others. With respect to this company, this technique can be used by the hacker sending mails to various Gmail Account users and requesting them to update their accounts by clicking a given link, and the clients who will respond will have their accounts hacked. In some cases, the hackers will mimic the HTML code used by Google Inc in making the Gmail Accounts, and other of its web pages.
The Interactive Voice Response or phone phishing technique uses a rogue voice response system to recreate a legal-sounding copy of an organization’s interactive voice response system. In most cases, the targeted victim is prompted by the use of a phishing e-mail to call in; via a toll-free number, to the hacker who is posing as a bank or any other related firm that provides services to the target victim. The call would be probably to verify certain information, like IN numbers and passwords, and these systems will reject log-ins continually to ensure that the victim will enter his PIN numbers and passwords several times and in the process disclose several different passwords. The voice prompts could be recorded typical commands like pressing one to change a password and pressing zero to speak to a customer care agent. The hacker can also call the target organization and imitate a person of authority in the firm and thus pull out information from these employees. The most vulnerable are the help desk since they are trained to be friendly and give out information, and are minimally educated in areas of security.
Baiting is a technique in which the attacker leaves a malware-infected CD ROM or USB flash drive in a certain location where he is sure it will be found by the targeted victim. In most cases, this device is given a legitimate-looking label to erase any curiosity and awaits the victim to use it. The attacker could probably create a disk that features the company’s corporate logo that is available from the victim’s website. When this disk gets into the hands of an employee of the target company, the employee might insert it into the company’s computer to satisfy his curiosity and in the process unknowingly install the malware. The installed malware will give the attacker unfettered access to the employee’s PC and consequently the target company’s internal computer network compromising it.
Quid pro quo is a technique that literally means giving something for something in return. In this technique, the attacker calls hit and miss numbers at the company claiming to be calling back from technical support, and fortunately, they will hit somebody with a problem. The attacker will help to solve the problem and in doing so acquire the user-type commands that will give him access to launch an attack on the organization. This method can also be carried out when the hackers pose as researchers and in the process acquire passwords from the question-answer sessions they will involve the company workers in.
Dumpster diving or trashing is another technique of obtaining information from a company’s dumpsters or trash. From the trash information like company phone books, memos, organizational charts, policy and system manuals, disks and outdated hardware, a printout of sensitive data or login names and passwords among others can be obtained. This information provides hackers with sufficient knowledge of the organization for example the phone books give him names and numbers of people whom he can impersonate, the organizational charts show him the people in positions of authority, policy manuals illustrate how secure or insecure the company is, system manuals and other sensitive data give him the exact keys needed to unlock networks and the outdated hardware can be restored and provide all kinds of useful information.
Reverse social engineering is a technique that involves creating a persona that appears to be in a position of authority in the target organization so that employees will often ask him for information. This technique involves three steps of sabotaging the network and causing a problem to arise, he then advertises himself as the appropriate contact that can fix the problem. When he comes to fix the problem he then requests certain information from the employees and gets what he came for.
Appropriate countermeasures should be used to combat such social engineering techniques
The countermeasures to stop these social engineering include the organization making a decision on which information is sensitive and which one can be released to the general public. After designing the sensitive information, they must tell their employees which is this sensitive information. After this, they then carry out training on employees on how to verify the identity of persons requesting sensitive information.
Testing security periodically and not announcing the results. Employees to be advised never to give out their personal details like Date of Birth, Banking Information, passwords among others. And ensuring systems are protected with up-to-date antivirus, firewalls and up-to-date operating system patches.
A series of countermeasures and remedies that could be utilized to counter footprinting in Google Inc
The remedies used to fight footprinting involver, placing offline any data and information that has a high potential to identify and consequently compromise the organization’s security like access to business plans and proprietary documents. The next measure involves determining which information is necessary for the public about the organization and only this necessary information should be made available on the network. Thirdly the organization should frequently visit its Web to determine the current insecurities and attributes for protection. The next step involves running ping sweeps of the organization’s network to see the results and familiarizing itself with the American Registry for Internet Numbers to identify the available network blocks.
The countermeasures can be used to protect the organization and defend itself against attack against footprinting attacks. First, the organization should keep patches of its network updated by installing weekly and if possible daily updates and monitoring the Computer Emergency Response Team for information on the latest forms of vulnerabilities. The next step involves shutting down unnecessary ports and services. This is done through a review of installation requirements through the elimination of unnecessary service applications and performing post-installation lockdown and hardening of the machine. The next stage involves changing default passwords to stronger passwords that utilize both uppercase and lowercase letters and numbers among other special characters. Next is to control the physical access to the computer systems of the organization, by ensuring that employees lockdown consoles when they are not in use, and installing security measures like alarms, video cameras, security guards, biometric scans, ID cards to defend against potential network attack. Next is curtailing unexpected input, more so in the web pages that allow users entry of usernames and passwords to not allow invalid characters which can allow access to root file system from UNIX server.
The next step involves performing backups and testing them regularly. Next is to educate employees about the risks of social engineering and come up with strategies to validate the identities of suspected callers over the phone, via email or even in person. The next stage involves encrypting and password-protecting sensitive data, more so web accessible e-mail to discourage any sniffer program and minimize exposure of sensitive company data. The next step involves implementing security hardware and software, through firewalls, intrusion detection systems, anti-virus software and content filtering to be utilized to minimize threats. And lastly, a written security policy for the company should be developed and employees encouraged to abide by it.
Common web server vulnerabilities that the organization is most susceptible to
A web server is either a computer or a computer application that helps to deliver data content that can be accessed through the internet. web servers are commonly used to host websites and as data storage banks for running enterprise applications. Web servers have a primary function of delivering web pages on the client’s request, and mostly in form of HTML documents and any other additional content like images, java Scripts, and style sheets. Top internet web servers include Apache, Microsoft, Igor Sysoev, Google, and Lighttpd.
Google Inc as an organization is susceptible to several web server vulnerabilities like XML injection, operating system command execution, directory path traversal, LDAP injection, and denial of service. These vulnerabilities provide an attacker who has network access to this webserver application to run the systems commands, download arbitrary files and inject arbitrary data.
XML injection refers to an attack technique that is used to compromise the logic of an XML application, this injection can alter the intended logic of the application and can cause insertion of malicious content into the resulting web document or message created, or override the earlier user with the new user who is the hacker.
The operating system command execution becomes a vulnerability since it is used via a web interface to execute commands on a web server, and any web server interface that is not properly sanitized is subject to this form of exploit. An ability to execute Operating system Commands allows the user the freedom to upload malicious programs or even obtain passwords.
Directory path traversal is a malicious attack that is aimed at accessing files and directories stored outside the webroot folder. The attacker when browsing this application looks for utter links to files stored on the webserver, and by manipulating the variables that reference the files with a dot-dot-slash character sequence, they can access arbitrary files and directories that are stored on the file systems. This attack may also be executed by using external malicious codes that are injected into the path like the resource injection attack.
LDAP injections vulnerabilities are attacks used to exploit web-based applications that create LDAP statements depending on the user input. Usually, whenever an application fails to properly sanitize the user input, it is possible to adjust the LDAP statements using a local proxy. But this usually results in the execution of arbitrary commands like granting permissions to unaccepted queries and content adjustment in the LDAP network resulting in compromise.
Lastly, the Denial of service vulnerability attack is where this organization or legitimate users are prevented from using a service they are legitimately entitled to use either through an attacker’s act of flooding the network to prevent legitimate network traffic. It can also be disrupting communication between two machines and consequently preventing access to a service or even by disruption of service to a specified system.
Common threats against Google Inc’s web applications that pose the greatest risk to them
Web applications are the types of applications that can be accessed over a network such as an internet or intranet, or they can also be computer software applications that are hosted in browser-supported languages like JavaScript or HTML. This company has a number of web applications which include Gmail accounts, Google Docs and other business applications. Among these web applications, the Gmail Accounts application has been susceptible to numerous tacks over the last years and has led the company to withdraw it from countries like China where hacking rates have been high. These applications are accessed through HTTP variables, SOAP messages, RSS and Atom feeds, XML files from servers and from mail systems by the hackers.
These common threats include Remote code execution, username enumeration, Cross-Site Scripting, and SQL injections which are attacks for PHP applications since this coding is popular among most websites. The remote code execution is a vulnerability that allows the attacker to run an arbitrary system-level code on the susceptible server and retrieved any information contained in them that he may desire. This vulnerability is mainly caused by improper coding errors in the system.
SQL injection is a vulnerability that allows the attacker an opportunity to retrieve crucial information about the company from its web server’s database. The impact of this threat depends largely on the web applications’ security measures and can vary from basic disclosure of information to remote code execution to compromise of the total system. The format string vulnerability arises from the use of unfiltered user input as the format string parameter in a number of Pearl or C functions performing formatting.
Cross-site scripting has once affected the Google search application of this company, it requires that the victim execute a malicious URL that can be crafted in such a way that it appears to be legitimate when looked at the first time. The attacker can then effectively execute something malicious in the victim’s browser when visiting the crafted URL.
The username enumeration vulnerability is a type of attack in which the backend validation script tells the hacker whether the supplied username is correct or not. The attacker exploits this vulnerability by using different usernames and determining valid ones with the help of the different error messages.
How SQL injection could be used to obtain or destroy information from a web application’s database and also explains how these injections could pose as potential threats to the organization’s web applications
Structured Query Language injection refers to an attack in which a malicious code is inserted into strings that are eventually passed to an instance of SQL Server for parsing and execution. Successful SQL injections can read sensitive data from databases, modify the data in these databases and execute administration operations on these databases among others. These SQL injection attacks allow the hackers to spoof identify and tamper with existing data as well as allow the complete disclosure of all data on the system. This injection can also destroy data if not making it completely unavailable.
SQL is used to obtain or destroy information from web application databases by gaining access to these web applications through using sign up forms, contact forms, log-on forms or any other window into the database. The access is granted by entering SQL commands into the form fields instead of the expected data like the username or password. Improperly coded forms allow the attacker to make use of them as entry points into the database and make data in this database visible and accessible to other databases on the same server or others in the network.
SQL injection utilizes the guest option in most website databases, since every time a website visitor enters data into a form on the website a SQL query is generated and delivered to the database. The hacker instead will enter specifically crafted SQL commands into the fields in the form instead of the expected information. His intent is to secure a response from the database that will assist him in understanding the database construction like table names. After this, the hacker can then access and view data in the important tables, add data to them, or use the access to the database to discover and change the security settings on the server that would allow him administrative access.
SQL injection techniques pose potential threats to organizations’ web applications since most SQL attacks are highly successful. This is brought about by the ignorance of the problem by many web application developers. Another contribution to his is the short project timeline for developing these applications, which does not provide these junior developers with adequate time to research the security implications of using a structured query language.
SQL also poses a threat since it is faster and more advanced and can be used easily to launch high-profile and widespread attacks on targeted websites.
Conclusion
In conclusion, organizations are constantly at risk of data theft, direct database SQL injections among other hacking hazards. It calls for an up-to-date updating of security systems and reducing vital information accessible to the public to be safe. Hacking is a reality and it continues to advance with every advancement in technology, and for organizations to be safe they need to keep up with the pace.
Reference
Ciampa, M. (2008). Security+ guide to network security fundamentals. Stamford, CT: Cengage Learning
Miller, M. (2007). Googlepedia: the ultimate Google resource. Indianapolis, IN: Pearson Technology Group.
Robertson, J., & Liedtke, M. (2011). Google: Chinese Gmail hack included military. Navy Times. Web.