The National Security Agency has produced a book to help its spies uncover intelligence hiding on the web.
Untangling the Web is a 643 page guide to Internet research that was recently released by the NSA following a FOIA request filed in April by MuckRock.
The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. Which includes a chapter dedicated to “Google Hacking.”
>Say you’re a cyberspy for the NSA and you want sensitive inside information on companies in South Africa. What do you do?
>Search for confidential Excel spreadsheets the company inadvertently posted online by typing “filetype:xls site:za confidential” into Google, the book notes.
>Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.
>Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.
>“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.[SOURCE](http://www.wired.com/2013/05/nsa-manual-on-hacking-internet/)