Use These Secret NSA Google Search Tips To Become Your Own Spy Agency


There is so much data available on the internet that even government cyber spies need a little help every now and then to sift it all through. So to help them, the National Security Agency produced a book to help its spies uncover hidden information on the Web.

The 643-page volume, titled Untangling the Web: A Guide to Internet Research (.pdf), was just released by the NSA following a FOIA request filed in April by MuckRock, a site that charges fees for processing public records of activists and others.

The book was published by the National Security Agency’s Center for Digital Content and contains tips on using search engines, the Internet Archive, and other online tools. But the most interesting is the chapter titled “Google Hacking”.

Suppose you are a cyber spy for the NSA and you want sensitive inside information about companies in South Africa. What are you doing?

Look for confidential Excel spreadsheets that the company inadvertently uploaded by typing “filetype: xls site: za confidential” into Google, the Notes book.

Want to find spreadsheets full of passwords in Russia? Type “filetype: xls site: ru login”. Even on websites written in languages ​​other than English, the terms “login”, “userid” and “password” are usually written in English, the authors point out.

Poorly configured web servers “which list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities – intitle: “index of “site: kr password.

“Nothing that I am going to describe to you is illegal and does not in any way involve access to unauthorized data,” state the authors in their book. Instead, it “involves the use of publicly accessible search engines to access publicly available information that was almost certainly not intended for public release.” You know, kind of like the “hack” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly available information from the AT&T website.

Stealing information from the Internet that others don’t want you to have may not be illegal, but it carries other risks, the authors note: “It is essential that you handle all types of Microsoft files on the Internet. Internet with extreme care. Never. open a Microsoft file type on the Internet. Instead, use one of the techniques described here, ”they write in a footnote. The word “here” is a hyperlink, but because the document is a PDF, the link is inaccessible. No word on the dangers of Adobe PDFs. But the version of the manual released by the NSA was last updated in 2007, so hopefully later versions will cover it.

Although the author’s name is redacted in the version released by the NSA, Muckrock’s FOIA says it was written by Robyn Winder and Charlie Speight. A note the NSA added to the book prior to publishing it under FOIA indicates that the opinions expressed therein are those of the authors and not those of the agency.

Lest you think that none of this is new, that Johnny Long has been talking about it for years at hacker conferences and in his book Google Hacking, you would be right. In fact, the authors of the NSA book salute Johnny, but with the caveat that Johnny’s tricks are designed to crack – break into websites and servers. “It is not something that I encourage or advocate,” writes the author.

Leave A Reply

Your email address will not be published.