I don't think this would be a very effective tool for hackers.
I'm working on a site that has a .com and .co.uk domain. They are identical sites, so every page has a canonical tag on it- telling Google that the .co.uk is the preferred domain.
Made ZERO difference, and Google continued to index, revisit and reindex the .com pages.
Only since we put a noindex on every .com page and had the site successfully 'removed' via WMT has Google stopped indexing both domains.
Google was even indexing and showing a staging/dev version of the site in its results. A site with absolutely zero links, and again with the canonical tag telling google to index the www. domain. The only way it could have found this site was via the toolbar reporting back on visits to the URLs. (we've sinced done the same with this in WMT to remove it from Google's index).
Not really impressed with Google's adherence to a tag that it conceived and implemented.