Open Source Intelligence(OSINT), Part 4: Google Hacking to Find Unsecured Web Cams

Hacking InfoSec OSINT Vulnerabilities

Welcome back, my aspiring OSINT cyber warriors!

The Internet is the largest and deepest repository of data in the history of the world. With that tautology out of the way, let’s get down to work, and maybe, a little fun.

All the data on the Internet can be very valuable to an investigator or hacker, but here we are going to have a little fun. Nearly every web cam is connected to the Internet and with just a little knowledge we can find and operate them.

In any earlier post here, I taught you a little about Google hacking. The table below details some of the most important keywords used in creating Google dorks, as they are known.

We can use these techniques to find unsecured web cams.

Although this is mostly fun, once while doing a pentest at a major university, I found their server room webcam unsecured. As a result, I could zoom in and see all their server and network hardware as well as observe the times the server room was unattended. This was invaluable information in developing a strategy for compromising their network!

Google Dorks for Web Cams

There are literally hundreds of different Google dorks for finding web cams, but these are some of the most effective and my favorites.

Let’s try a few and see what we can find!

Hmmm…a restaurant patio somewhere on this planet with PTZ controls.

An intersection…you’ll find plenty of these among the unsecured web cams.

The classic pendulum at Dusseldorf University in Germany.

It was night when I connected to this rooftop cam somewhere in Delft.

A pretty scene somewhere in Sweden, I believe.

Watching a family load and launch their boat near the Algonquin Hotel complete with PTZ controls. Be safe!

I wonder if this person knows that their every move is being watched by people all over the world?

A bar in Barcelona Spain. Might be fun watching the drunks stumble out at closing.

A woman on your computer in her living room in Seattle.

Summary

Open Source Intelligence (OSINT) can be a valuable tool for the pentester or the forensic investigator betraying a cornucopia of data on the target. It can also be used for fun and voyeurism for those so inclined.