Many leading business organisations are unaware of the rapid growth in a new threat known as Google Hacking, according to leading IT provider, Computer Sciences Corporation (CSC): (NYSE). This simple tool can be used by hackers to find hidden information, break into sites and access supposedly secure information.

As a security researcher for CSC, Johnny Long spends his days breaking into clients' networks to find and repair vulnerabilities before malicious hackers can wreak havoc. In this line of work, he constantly comes across new and evolving threats, and in his book, Google Hacking for Penetration Testers, Long brings to light a potentially destructive hacking method that targets everyday Internet users.

The threat lies in the fact that personal data often appears in court, medical and education records, many of which are easily and legally accessible on the Internet. Using a clever combination of keystrokes, a hacker can access National Insurance numbers, credit card information and personal passwords—simply by using the popular Google search engine.

"There's no limit to what you can find," says Long, a member of CSC's Global Security Solutions division. "The threat is more real than ever because people are relying more on Web pages, and search engines are crawling more Web pages. As technology has expanded it has compounded the problem."

While Google hacking is more of a threat to consumers and private individuals than to the large businesses and organisations that are typical CSC clients, Long notes that it can also be used to perform reconnaissance on corporate or government targets.
"We've seen glaring examples where we can get user names and passwords for a site, just with Google, and you can turn around and use them against the site," Long explains. "In cases like that, it's a huge threat because you've just given away the keys to your kingdom. Beyond this type of data, even the smallest bits of information can be used to profile a network before an attack is launched."

Long's book, shows security practitioners how to protect their clients from Google hacking. Long calls upon his experience at CSC, where he has performed network and physical security assessments for hundreds of government and commercial clients. Long has made a career out of researching and breaking into computer systems to learn how to ultimately make them more secure. He adds that Google hacking is just one of myriad threats that CSC and its clients face on a daily basis.

Increasingly stringent government regulations and privacy laws, corporate espionage, malicious hacker attacks, and fears about business continuity in the event of an attack are affecting both commercial and government organisations. In addition, the rise of Internet technologies and e-business, as well as growing use of peer-to-peer file-sharing and instant messaging services, demands that companies continually augment their security protection.

CSC believes that end-to-end security is best achieved when client executives and IT staff can make informed security investments based on a shared insight into risk. To keep pace with those changing risks, CSC maintains state-of-the-art information security research and development labs in Australia, Germany, Sweden and the United States. Here, CSC researchers such as Long study threats and develop pre-emptive solutions to address those threats.

"I get paid to keep on top of the technology and techniques the bad guys are using," Long says. "And Google hacking is just one of many threats, one of many risks that are out there."

About CSC
Founded in 1959, Computer Sciences Corporation is a leading global information technology (IT) services company. CSC’s mission is to provide customers in industry and government with solutions crafted to meet their specific challenges and enable them to profit from the advanced use of technology.

With approximately 78,000 employees, CSC provides innovative solutions for customers around the world by applying leading technologies and CSC’s own advanced capabilities. These include systems design and integration; IT and business process outsourcing; applications software development; Web and application hosting; and management consulting. Headquartered in El Segundo, Calif., CSC reported revenue of $14.3 billion for the 12 months ended July 1, 2005. For more information, visit the company’s Web site at www.csc.com.