Charles Arthur On Technology

Google-eyed monsters

I can't recall where or how I first heard the title of John Brunner's book,
The Shockwave Rider, but know that the conjunction of those words intrigued me long before I got the chance to read it. What would a "shockwave rider" do? What would they look like?

I can't recall where or how I first heard the title of John Brunner's book, The Shockwave Rider, but know that the conjunction of those words intrigued me long before I got the chance to read it. What would a "shockwave rider" do? What would they look like?

On finding the book, some time in the 1980s, I discovered that Brunner had imagined a future world of computers linked with each other, forming a giant network retaining huge amounts of information. The central theme was of the hero's struggle to expose the forces trying to keep information secret; the shock wave he unleashes on the world is a program called a "worm" that passes from computer to computer and gets each one to declassify its secrets, making all knowledge available to everyone.

Oh, how clichéd, you say. Except that Brunner wrote it in the early 1970s, long before the internet, and not long after the concept of computer viruses had been developed. His book described an internet society rather well, given that Brunner had to imagine how it would work from first principles. As he later observed, his insight was simply to assume that human nature would continue as normal, and that the technology would be warped to fit our needs, for good or bad. Most of all, he noticed that people tend to take the path of least resistance in trying to solve a problem, which can leave all sorts of loopholes that can be exploited by those who understand the underlying system. Fast forward 30 years from Brunner's work, and we have the internet, and we have search engines which can act rather like his imagined worm, logging every last detail of what's out there.

Let's start with a gentle example. Type the phrase "Welcome to Adobe GoLive 5" into Google, and you'll get 459,000 results. From the top result (a page on Def Jam records for Ashanti) through to the last, they've all got that text somewhere on the page. Where? Well, right at the top of the window - it's the default title of a page written using Adobe's web design tool, and if a designer doesn't get rid of it at the draft stage, the mistake will remain for all to see. Step up a gear. What if you wrote a piece of software which will insert an invisible bit of text on a webpage which has been produced with a copy that hasn't been properly registered? The text could be part of a HTML tag, perhaps a comment or footer, which wouldn't stand out to the inexperienced user as meaningful. But when you, running the software company, did a search engine sweep for that particular tag, you could instantly pick up those copies which were unpaid for.

The all-seeing eyes of the search engines cut both ways. Webmasters are torn between the conflicting desire to let search engines' "spiders" into their site to index what's there (so people looking for relevant things will come there) and the wish to constrain where those spiders go amidst the documents. It might sound simple, but on a sprawling site that pulls in pages from many directories, it isn't. And that is how Google has begun to be used as a resource by hackers looking to find ways into sites, seeking out valid credit card numbers and holes in the system - along the lines of "Welcome to Adobe GoLive 5", but more sophisticated - that they can exploit. Some even go as far as to change the way their browser presents itself to sites, so they appear to be the "Googlebot". And most sites will let that one in, even to view paid-for content, in the hope people will be directed towards those pages via the search engine index.

But that also means that all sorts of content that used to require a lot of physical effort to find - a trip to the courts or local council - can now be done online. And sensitive information can be left for all to see. "If you don't want the world to see it, keep it off the web," Johnny Long, a computer researcher and author of Google Hacking for Penetration Testers told the ExtraMSN news site recently. He has his own site, at http://johnny.ihackstuff.com, with many examples of "malicious" Google searches. "The spread of web-based applications, such as message boards and remote administrative tools, has resulted in an increase in the number of misconfigured and vulnerable web applications on the net," he says. Pair that with something as powerful as Google's index, and "you have a convenient attack vector for malicious users".

But it's not just administrators of bulletin boards who need to worry. In the US, the explosion of public documentson the web has led to many security holes: confidential files from the US Department of Homeland Security have been indexed, and people can even access electrical control systems. "One Google query, a couple of buttons and you can turn off power to someone's house," Mr Long says.

But there are some key differences between the US and UK. First, the UK government has been slow to move online, so less data is available. Secondly, the UK and Europe has rigorous data protection laws covering personal information, and companies are reluctant to make documents available that contain data which can identify someone directly. Even so, make sure that there's nothing to worry about. One way to start, if you value your privacy and bank balance, is to try a search for your phone number (if you're ex-directory, as an increasing number of people are) and for your credit card number, with and without spaces. Don't do the latter search in a public area, such as a wireless hot-spot or internet café; you'll be sending the number over an unencrypted link, which isn't wise.

If you find your phone number coming up when you don't want it to, and much more important your credit card number, then get in touch with the respective sites. In the case of the credit card, cancel it right away, and check your balance; if you could find the number you can be sure that somewhere out there is a hacker who has set a program running to churn through the potential valid numbers for a credit card against Google, and to follow any links to websites. Google does remove pages like this from its index, but only when told. Meanwhile, hackers will have grabbed them if they can.

"A malicious community of Google hackers has formed and a response has become necessary," Mr Long writes on his webpage.

If Brunner was alive, no doubt he'd be nodding his head in amused recognition. Here comes the shock wave. Now, try to ride it.

www.charlesarthur.com/blog

Suggested Topics
Start your day with The Independent, sign up for daily news emails
Arts and Entertainment
The Doctor and Clara have their first real heart to heart since he regenerated in 'Deep Breath'
TV
Arts and Entertainment
Jamie Oliver
filmTV chef Jamie Oliver turned down role in The Hobbit
News
The official police photograph of Dustin Diamond taken after he was arrested in Wisconsin
peopleDownfall of the TV star charged with bar stabbing
Life and Style
Sony Computer Entertainment President and Group CEO Andrew House, executive in charge of Sony Network Entertainment, introduces PlayStation Now
tech
PROMOTED VIDEO
Arts and Entertainment
Jeremy Clarkson, left, and Richard Hammond upset the locals in South America
tvReview: Top Gear team flee Patagonia as Christmas special reaches its climax in the style of Butch and Sundance
News
people
Sport
Ashley Barnes of Burnley scores their second goal
footballMan City vs Burnley match report
Arts and Entertainment
Peter Mayhew as Chewbacca alongside Harrison Ford's Han Solo in 'Star Wars'
film
News
i100
Arts and Entertainment
Man of action: Christian Bale stars in Exodus: Gods and Kings
film
ebooks
ebooksA year of political gossip, levity and intrigue from the sharpest pen in Westminster
Arts and Entertainment
Tracy Emin's 1998 piece 'My Bed' on display at Christie's
artOne expert claims she did not
Life and Style
Apple showed no sign of losing its talent for product launches with the new, slightly larger iPhone 6 making headlines
techSecurity breaches and overhyped start-ups dominated a year in which very little changed (save the size of your phone)
Arts and Entertainment
Catherine (Sarah Lancashire) in Happy Valley ((C) Red Productions/Ben Blackall)
TV
Arts and Entertainment
Clueless? Locked-door mysteries are the ultimate manifestation of the cerebral detective story
booksAs a new collection of the genre’s best is published, its editor explains the rules of engagement
Sport
Robin van Persie is blocked by Hugo Lloris
footballTottenham vs Manchester United match report
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Recruitment Genius: Maintenance Assistant

£25000 - £30000 per annum: Recruitment Genius: A Maintenance Assistant is requ...

Recruitment Genius: Business Manager

£32000 - £40000 per annum: Recruitment Genius: A Business Manager is required ...

Recruitment Genius: Operations Manager

£45000 - £55000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: Panel & Cabinet Wireman

£20000 per annum: Recruitment Genius: Panel Wireman required for small electro...

Day In a Page

A timely reminder of the bloody anniversary we all forgot

A timely reminder of the bloody anniversary we all forgot

Who remembers that this week we enter the 150th anniversary year of the end of the American Civil War, asks Robert Fisk
Homeless Veterans appeal: Former soldiers pay their respects to a friend who also served

Homeless Veterans appeal

Former soldiers pay their respects to a friend who also served
Downfall of Dustin 'Screech' Diamond, the 'Saved By The Bell' star charged with bar stabbing

Scarred by the bell

The downfall of the TV star charged with bar stabbing
Why 2014 was a year of technological let-downs

Why 2014 was a year of technological let-downs

Security breaches and overhyped start-ups dominated a year in which very little changed (save the size of your phone)
Cuba's golf revolution: But will the revolutionary nation take 'bourgeois' game to its heart?

Will revolutionary Cuba take 'bourgeois' golf to its heart?

Fidel Castro ridiculed the game – but now investment in leisure resort projects is welcome
The Locked Room Mysteries: As a new collection of the genre’s best is published, its editor Otto Penzler explains the rules of engagement

The Locked Room Mysteries

As a new collection of the genre’s best is published, its editor explains the rules of engagement
Amy Adams on playing painter Margaret Keane in Tim Burton's Big Eyes

How I made myself Keane

Amy Adams hadn’t wanted to take the role of artist Margaret Keane, because she’d had enough of playing victims. But then she had a daughter, and saw the painter in a new light
Ed Richards: Parting view of Ofcom chief. . . we hate jokes on the disabled

Parting view of Ofcom chief... we hate jokes on the disabled

Bad language once got TV viewers irate, inciting calls to broadcasting switchboards. But now there is a worse offender, says retiring head of the media watchdog, Ed Richards
A look back at fashion in 2014: Wear in review

Wear in review

A look back at fashion in 2014
Ian Herbert: My 10 hopes for sport in 2015. Might just one of them happen?

Ian Herbert: My 10 hopes for sport in 2015

Might just one of them happen?
War with Isis: The West needs more than a White Knight

The West needs more than a White Knight

Despite billions spent on weapons, the US has not been able to counter Isis's gruesome tactics, says Patrick Cockburn
Return to Helmand: Private Davey Graham recalls the day he was shot by the Taliban

'The day I was shot by the Taliban'

Private Davey Graham was shot five times during an ambush in 2007 - it was the first, controversial photograph to show the dangers our soldiers faced in Helmand province
Revealed: the best and worst airlines for delays

Revealed: the best and worst airlines for delays

Many flyers are failing to claim compensation to which they are entitled, a new survey has found
The stories that defined 2014: From the Scottish independence referendum to the Ice Bucket Challenge, our writers voice their opinions

The stories that defined 2014

From the Scottish independence referendum to the Ice Bucket Challenge, our writers voice their opinions
Stoke-on-Trent becomes first British city to be classified as 'disaster resilient' by the United Nations

Disaster looming? Now you know where to head...

Which British city has become the first to be awarded special 'resilience' status by the UN?