Charles Arthur On Technology

Google-eyed monsters

I can't recall where or how I first heard the title of John Brunner's book,
The Shockwave Rider, but know that the conjunction of those words intrigued me long before I got the chance to read it. What would a "shockwave rider" do? What would they look like?

I can't recall where or how I first heard the title of John Brunner's book, The Shockwave Rider, but know that the conjunction of those words intrigued me long before I got the chance to read it. What would a "shockwave rider" do? What would they look like?

On finding the book, some time in the 1980s, I discovered that Brunner had imagined a future world of computers linked with each other, forming a giant network retaining huge amounts of information. The central theme was of the hero's struggle to expose the forces trying to keep information secret; the shock wave he unleashes on the world is a program called a "worm" that passes from computer to computer and gets each one to declassify its secrets, making all knowledge available to everyone.

Oh, how clichéd, you say. Except that Brunner wrote it in the early 1970s, long before the internet, and not long after the concept of computer viruses had been developed. His book described an internet society rather well, given that Brunner had to imagine how it would work from first principles. As he later observed, his insight was simply to assume that human nature would continue as normal, and that the technology would be warped to fit our needs, for good or bad. Most of all, he noticed that people tend to take the path of least resistance in trying to solve a problem, which can leave all sorts of loopholes that can be exploited by those who understand the underlying system. Fast forward 30 years from Brunner's work, and we have the internet, and we have search engines which can act rather like his imagined worm, logging every last detail of what's out there.

Let's start with a gentle example. Type the phrase "Welcome to Adobe GoLive 5" into Google, and you'll get 459,000 results. From the top result (a page on Def Jam records for Ashanti) through to the last, they've all got that text somewhere on the page. Where? Well, right at the top of the window - it's the default title of a page written using Adobe's web design tool, and if a designer doesn't get rid of it at the draft stage, the mistake will remain for all to see. Step up a gear. What if you wrote a piece of software which will insert an invisible bit of text on a webpage which has been produced with a copy that hasn't been properly registered? The text could be part of a HTML tag, perhaps a comment or footer, which wouldn't stand out to the inexperienced user as meaningful. But when you, running the software company, did a search engine sweep for that particular tag, you could instantly pick up those copies which were unpaid for.

The all-seeing eyes of the search engines cut both ways. Webmasters are torn between the conflicting desire to let search engines' "spiders" into their site to index what's there (so people looking for relevant things will come there) and the wish to constrain where those spiders go amidst the documents. It might sound simple, but on a sprawling site that pulls in pages from many directories, it isn't. And that is how Google has begun to be used as a resource by hackers looking to find ways into sites, seeking out valid credit card numbers and holes in the system - along the lines of "Welcome to Adobe GoLive 5", but more sophisticated - that they can exploit. Some even go as far as to change the way their browser presents itself to sites, so they appear to be the "Googlebot". And most sites will let that one in, even to view paid-for content, in the hope people will be directed towards those pages via the search engine index.

But that also means that all sorts of content that used to require a lot of physical effort to find - a trip to the courts or local council - can now be done online. And sensitive information can be left for all to see. "If you don't want the world to see it, keep it off the web," Johnny Long, a computer researcher and author of Google Hacking for Penetration Testers told the ExtraMSN news site recently. He has his own site, at http://johnny.ihackstuff.com, with many examples of "malicious" Google searches. "The spread of web-based applications, such as message boards and remote administrative tools, has resulted in an increase in the number of misconfigured and vulnerable web applications on the net," he says. Pair that with something as powerful as Google's index, and "you have a convenient attack vector for malicious users".

But it's not just administrators of bulletin boards who need to worry. In the US, the explosion of public documentson the web has led to many security holes: confidential files from the US Department of Homeland Security have been indexed, and people can even access electrical control systems. "One Google query, a couple of buttons and you can turn off power to someone's house," Mr Long says.

But there are some key differences between the US and UK. First, the UK government has been slow to move online, so less data is available. Secondly, the UK and Europe has rigorous data protection laws covering personal information, and companies are reluctant to make documents available that contain data which can identify someone directly. Even so, make sure that there's nothing to worry about. One way to start, if you value your privacy and bank balance, is to try a search for your phone number (if you're ex-directory, as an increasing number of people are) and for your credit card number, with and without spaces. Don't do the latter search in a public area, such as a wireless hot-spot or internet café; you'll be sending the number over an unencrypted link, which isn't wise.

If you find your phone number coming up when you don't want it to, and much more important your credit card number, then get in touch with the respective sites. In the case of the credit card, cancel it right away, and check your balance; if you could find the number you can be sure that somewhere out there is a hacker who has set a program running to churn through the potential valid numbers for a credit card against Google, and to follow any links to websites. Google does remove pages like this from its index, but only when told. Meanwhile, hackers will have grabbed them if they can.

"A malicious community of Google hackers has formed and a response has become necessary," Mr Long writes on his webpage.

If Brunner was alive, no doubt he'd be nodding his head in amused recognition. Here comes the shock wave. Now, try to ride it.

www.charlesarthur.com/blog

Suggested Topics
Start your day with The Independent, sign up for daily news emails
ebooks
ebooksA special investigation by Andy McSmith
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Recruitment Genius: Graphic Designer

£25000 - £35000 per annum: Recruitment Genius: A great opportunity has arisen ...

Recruitment Genius: Telesales Executive - OTE £38,000

£16000 - £38000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: Parts Sales Advisor - OTE 18k-23k

£18000 - £23000 per annum: Recruitment Genius: One of Ford's leading Parts Who...

SThree: Recruitment Resourcer

£20000 - £25000 per annum + Uncapped Commission: SThree: Do you want to learn ...

Day In a Page

Revealed: Why Mohammed Emwazi chose the 'safe option' of fighting for Isis, rather than following his friends to al-Shabaab in Somalia

Why Mohammed Emwazi chose Isis

His friends were betrayed and killed by al-Shabaab
'The solution can never be to impassively watch on while desperate people drown'
An open letter to David Cameron: Building fortress Europe has had deadly results

Open letter to David Cameron

Building the walls of fortress Europe has had deadly results
Tory candidates' tweets not as 'spontaneous' as they seem - you don't say!

You don't say!

Tory candidates' election tweets not as 'spontaneous' as they appear
Mubi: Netflix for people who want to stop just watching trash

So what is Mubi?

Netflix for people who want to stop just watching trash all the time
The impossible job: how to follow Kevin Spacey?

The hardest job in theatre?

How to follow Kevin Spacey
Armenian genocide: To continue to deny the truth of this mass human cruelty is close to a criminal lie

Armenian genocide and the 'good Turks'

To continue to deny the truth of this mass human cruelty is close to a criminal lie
Lou Reed: The truth about the singer's upbringing beyond the biographers' and memoirists' myths

'Lou needed care, but what he got was ECT'

The truth about the singer's upbringing beyond
Migrant boat disaster: This human tragedy has been brewing for four years and EU states can't say they were not warned

This human tragedy has been brewing for years

EU states can't say they were not warned
Women's sportswear: From tackling a marathon to a jog in the park, the right kit can help

Women's sportswear

From tackling a marathon to a jog in the park, the right kit can help
Hillary Clinton's outfits will be as important as her policies in her presidential bid

Clinton's clothes

Like it or not, her outfits will be as important as her policies
NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

Who's monitoring the outsourced NHS services?

A report finds that private firms are not being properly assessed for their quality of care
Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

How do Greeks feel about Syriza?

Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
From Iraq to Libya and Syria: The wars that come back to haunt us

The wars that come back to haunt us

David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

Too busy to surf? Head to The Pool

A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders