Johnny Long

From Wikipedia, the free encyclopedia
Johnny Long
Occupation(s)Founder, Hackers for Charity

Johnny Long, otherwise known as "j0hnny" or "j0hnnyhax", is a computer security expert, author, and public speaker in the United States.

Long is well known for his background in Google hacking, a process by which vulnerable servers on the Internet can be identified through specially constructed Google searches. He has gained fame as a prolific author and editor of numerous computer security books.

Career in computer security[edit]

Early in his career, in 1996, Long joined Computer Sciences Corporation and formed the corporation's vulnerability assessment team known as Strike Force. Following a short position at Ciphent as their chief scientist, Long now dedicates his time to the Hackers for Charity organization. He continues to provide talks at many well-publicized security events around the world. In recent years, Long has become a regular speaker at many annual security conferences including DEF CON, the Black Hat Briefings, ShmooCon, and Microsoft's BlueHat internal security conferences. Recently, his efforts to start the Hackers for Charity[1] movement have gained notable press attention.[2] His talks have ranged from Google hacking to how Hollywood portrays hackers in film.

Google hacking[edit]

Through his work with CSC's Strike Force,[3] Johnny was an early pioneer in the field of Google hacking.[4] Through specially crafted search queries it was possible to locate servers on the Internet running vulnerable software. It was equally possible to locate servers that held no security and were openly sharing personal identifiable information such as Social Security numbers and credit card numbers. These efforts grew into the creation of the Google Hacking Database,[5] through which hundreds of Google hacking search terms are stored. The field of Google hacking has evolved over time to not just using Google to passively search for vulnerable servers, but to actually use Google search queries to attack servers.

Google Dorking has been used to commit various forms of cybercrime, such as the doxing of Supreme Court justices in 2022[6] and the hack of the Bowman Avenue Dam.[7] According to Star Kashman, a legal scholar who has explored the legal implications of this technique, while Google Dorking is used for legitimate purposes like conducting research or assessing vulnerabilities, it could also be utilized for malicious purposes as well.[8]

Hackers for Charity[edit]

In his latest endeavor, Johnny Long has created the Hackers for Charity[1] non-profit organization. Known by its byline, "I Hack Charities", the organization collects computer and office equipment to donate to underdeveloped countries. Along with coordinating the donation of goods and supplies, Johnny lived in Uganda with his family for seven years full-time where they personally setup computer networks and helped build village infrastructures. In addition, they started a computer training center which provides free and low-cost technical training, a hackerspace, a restaurant and a leather working program all based in Jinja Uganda. Each of these projects are still running (as of May 2019). Each of these projects were funded by donations from the hacker community through fundraising efforts at various conferences.

Personal life[edit]

Long is known to publicly pronounce his faith in Christianity. He begins and ends each of his presentations with information regarding Hackers for Charity[1] and regularly donates proceeds from his books to help HFC.

Published works[edit]

Long has contributed to the following published works:

  • Google Hacking for Penetration Testers, Syngress Publishing, 2004. ISBN 1-931836-36-1 (Author, book translated into five different languages)
  • Aggressive Network Self-Defense, Syngress Publishing, 2005. ISBN 1-931836-20-5 (Author, Chapter 4, "A VPN Victim's Story: Jack's Smirking Revenge" with Neil Archibald.
  • InfoSec Career Hacking, Syngress Publishing, 2005. ISBN 1-59749-011-3. (Author, Chapter 6, "No Place Like /home – Create an Attack Lab")
  • Stealing the Network: How to Own an Identity, Syngress Publishing, 2005. ISBN 1-59749-006-7. (Technical Editor, Author, Chapter 7, "Death by a Thousand Cuts"; Chapter 10, "There's something else" with Anthony Kokocinski; and "Epilogue: The Chase")
  • OS X For Hackers at Heart, Syngress Publishing, 2005. ISBN 1-59749-040-7 (Author, Chapter 2, "Automation" and Chapter 5, "Mac OS X for Pen Testers")
  • Penetration Tester's Open Source Toolkit, Syngress Publishing, 2005. ISBN 1-59749-021-0 (Technical Editor, Author, "Running Nessus with Auditor")
  • Stealing the Network: How to Own a Shadow, Syngress Publishing, 2007. ISBN 1-59749-081-4
  • Google Talking, Syngress Publishing, 2007. ISBN 1-59749-055-5 (Technical Editor and Contributor)
  • Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators, Syngress Publishing, 2007 ISBN 1-59749-138-1. (Author, Chapter 8, "No-Tech Hacking")
  • Asterisk Hacking, Syngress Publishing, 2007. ISBN 1-59749-151-9 (Technical Editor)
  • Google Hacking for Penetration Testers, Volume 2, Syngress Publishing, 2007. ISBN 978-1-59749-176-1 (Author)
  • TechnoSecurity's Guide to E-Discovery and Digital Forensics, Elsevier Publishing, 2007 ISBN 978-1-59749-223-2 (Author, "Death by 1000 cuts").
  • No-Tech Hacking, Elsevier Publishing, 2008 ISBN 1-59749-215-9 (Author)


  1. ^ a b c "Hackers for Charity (HFC)".
  2. ^ "News interview". Baltimore Sun. February 17, 2008.
  3. ^ "First Hand Interview with Johnny Long" (PDF). CSC. Archived from the original (PDF) on 2011-07-08. Retrieved 2011-01-21.
  4. ^ "Google hacking". Network World. Archived from the original on 2009-01-26.
  5. ^ "". Archived from the original on 2009-08-08. Retrieved 2009-08-16.
  6. ^ Roscoe, Jules. "TikTok users are doxing the Supreme Court". VICE.
  7. ^ "Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector". UNITED STATES DEPARTMENT OF JUSTICE.

External links[edit]