Your Source for Leaks Around the World!

Untangling the Web: How to Search the Internet Like the NSA

In Archive, Hacking, Internet, NSA on March 25, 2014 at 8:06 PM

The National Security Agency has produced a book to help its spies uncover intelligence hiding on the web.

The 652-page book is titled Untangling the Web: A Guide to Internet Research and was published by the Center for Digital Content of the National Security Agency.

It was released by the NSA last year after a FOIA request filed by MuckRock, but that version is a redacted black and white copy. After doing a quick Google search, LeakSource has discovered the proper unredacted version of the book (source/pdf), in color with working hyperlinks. It looks like it has been on the Internet since 2007.

The author’s are revealed to be Robyn Winder and Charlie Speight, whose names were redacted in the MuckRock version.

via Kim Zetter/WIRED:

The most interesting is the chapter titled “Google Hacking.”

Say you’re a cyberspy for the NSA and you want sensitive inside information on companies in South Africa. What do you do?

Search for confidential Excel spreadsheets the company inadvertently posted online by typing “filetype:xls site:za confidential” into Google, the book notes.

Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.

  1. […] There is so much to say but I just cannot.  I am overwhelmed by the nature of power, greed, hypocrisy and falsehoods that permeate the media, social media and sometimes even family.   Read the article and click on the website link for your personal copy.  I will be putting the PDF on this site as well. For your perusal, from the Leak Source website: […]

  2. […] Untangling the Web: How to Search the Internet Like the NSA, LeakSource […]

  3. Greetings I am so grateful I found your blog, I
    really found you by accident, while I was researching on Bing for something
    else, Anyways I am here now and would just like to say kudos for a tremendous post and a
    all round interesting blog (I also love the theme/design), I don’t have time to read through it all
    at the moment but I have book-marked it and also
    added in your RSS feeds, so when I have time I will
    be back to read a lot more, Please do keep up the awesome work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: