Google gets singled out for these searches because of its effectiveness.
"The reason Google's good is that they give you more information and they give you more tools to search," O'Ferrell said.
Its powerful computer "crawls" over every Web page on the Internet at least every couple weeks, which means surfing every public server on the globe, grabbing every page, and every link attached to every page. Those results are then catalogued using complex mathematical systems.
The most basic way to keep Google from reaching information in a Web server, security experts said, is to set up a digital gatekeeper in the form of an instruction sheet for the search-engine's crawler. That file, which is called robots.txt, defines what is open to the crawler and what is not. But if the robots.txt file is not properly configured , or is left off inadvertently, a hole is opened where Google gets in. And because Google's crawlers are legal, no alarms will go off.
"The scariest thing is that this could be happening to the government and they may never know it was happening," Long said. "If there's a chink in the armor, [the hackers] will find it."
Google and other search-engine officials said they are sensitive to the problem, but are not in a position to control it.
With a vast system of more than 10,000 computer systems constantly collecting new information on more than 3 billion Web sites, the company cannot and does not want to police or censor what goes on the Web, said Craig Silverstein, Google's chief technology officer.
"I think Web masters have to be careful," he said. "The basic problem is that with 3 billion [Web sites], there's a lot of information out there." It offers a tool on its own Web site, "Webmaster guidelines," on how to remove Web sites from Google's system, including Google's vast store of cached pages that may no longer be available online, Silverstein said.
For hacking experts, Google-hacking has a kind of populist allure: any one with Internet access can do it if they know the right way to search.
"It's the easiest point-and-click hacking -- it's fun, it's new, quirky, and yet you can achieve powerful results," said Edward Skoudis, a security consultant for INS Inc., which helps government and business clients monitor what is visible from the Web. "This concept of using a search engine for hacking has been around for a while, but it's taken off in the last few months," probably because of a new-found enthusiasm in the underground hacking community, he said.