Quick Intro to NotInMyBackYard Diggity

Intro to Not My Backyard - Image depicting search engines

Share

So, most likely you’ve just read the article in USA Today and are wondering what exactly is this “NotInMyBackYard Diggity” tool? What does it do, and how can it help me? Well, you’ve come to the right place.

NotInMyBackYard (NIMBY) - The Gist

According to the Verizon - 2012 Data Breach Investigation Report, in most large organizations notification of a breach occurred when the thief made the disclosure known. They go on to joke about creating a new breach discovery classification of ‘YouTube,’ ‘PasteBin,’ and ‘Twitter’. NotInMyBackYardDiggity makes it easy to search for your sensitive information in third-party sites (i.e. “not your backyard”).

This tool leverages both Google and Bing, and comes with pre-built queries that make it easy for users to find sensitive data leaks related to their organizations that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for organizations that have sensitive data leaks on domains they don’t control or operate.

Another element worth noting is that this tool is not only designed to help large organizations, but also will be an extremely useful tool for individuals to use to sweep the web to see if their personal information is currently be exposed somewhere on the Internet due to some public breach or because some reckless company is playing fast and loose with their data. For example, this tool would have been extremely helpful to the 43,000 Yale alumni who had their personal info exposed via an Excel spreadsheet on a public website.

Getting Up and Running in 3 Easy Steps

NotInMyBackYard Diggity is actually part of our larger search engine hacking tool: SearchDiggity. To get setup and quickly begin discovering where your personal information may be leaked on the Internet, follow these easy steps:

Step 1 - Install the SearchDiggity MSI file

Locate and install the latest version of SearchDiggity. A simple MSI installer file can be found at: Attack Tools - Google Hacking Diggity Project.

Quick-Intro-to-NotInMyBackYard-Diggity-Image1

Run through the simple installer wizard (pretty much keep clicking “Next”)

Step 2 - Run SearchDiggity

The installer creates a desktop icon, just double click on it.

Quick-Intro-to-NotInMyBackYard-Diggity-Image2

Once open, you’ll find the tab for NotInMyBackYard Diggity over to the right:

Quick-Intro-to-NotInMyBackYard-Diggity-Image3a

Step 3 - Enter your sensitive info to search for, check the boxes, and click Scan

Ok, so maybe that’s a couple steps. But still pretty simple.
Enter your personal info in Targets (examples: name, email, domain of your company, SSN,…)
Check some boxes and click SCAN.

Quick-Intro-to-NotInMyBackYard-Diggity-Image4a

More details are coming soon for NotInMyBackYard Diggity

More details for NotInMyBackYard will be coming later today in a follow up blog post, but this should get you off and running. Be sure to check out our videos, presentation slides, and project pages for more info on our various search engine hacking tools:

Google Hacking Diggity Project

Updates with additional guidance

UPDATED 3 - To answer the most frequently asked question, there is no Mac version of NotInMyBackYard. Its MS Windows only, sorry.

UPDATED 2 - See NotInMyBackYard slides providing more detail on the tool and how it works.

UPDATED 1 - I just created a Diggity Media Gallery and added a YouTube playlist with our various presentations over the past three years to date, interviews, and other useful tutorials that will help new comers get up to speed on the various attack and defense tool in the Diggity search engine hacking arsenal. I will continue to add other tool specific videos, slide decks, and tool screenshot galleries in the near term. Stay tuned.


Francis brown

About the author, Francis Brown

Co-Founder and Board Member

Francis Brown, CISA, CISSP, MCSE, is the Co-founder and Board Member of Bishop Fox. Before founding Bishop Fox, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.

Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

More by Francis

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.