NSA Google search tips

May 20, 2013

Headquarters of National Security Agency in Fort Meade, Maryland (credit: NSA)

A book Untangling the Web: A Guide to Internet Research (PDF) produced by the The National Security Agency to uncover intelligence hiding on the web has just been released by the NSA, following a FOIA request, Wired reports.

It offers advice for using search engines, the Internet Archive, and other online tools. But the most interesting is the chapter titled “Google Hacking.” For example: to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

Johnny Long has been talking about this for years at hacker conferences and in his book Google Hacking, Wired notes.