Following a Freedom of Information Act request by MuckRock, the National Security Agency has been forced to make public a book it produced called Untangling the Web: A Guide to Internet Research. Understandably, it's full of gems.
Sadly, though, it's a whopping 643 pages long, so there's quite a lot to sift through. But while you can save most of it for a rainy weekend, the section named Google Hacking deserves sharing now, as WIRED points out. The author gleefully points out:
“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data, [...but] involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.”
Great! So what tips does it offer? Well, actually they're just very logical and well-thought out search strings, but they clearly work. For the most part, the authors of the book offer up tips to find Microsoft documents scattered across the internet that shouldn't really be there.
So searching for “filetype:xls site:za confidential” should throw up secret documents from South Africa, while “filetype:xls site:ru login” should help you track down tables of Russian passwords. The authors point out that even non-English speaking countries tend to use terms like “login,” “userid,” and “password” in their documents. Good to know. Finally, "intitle: “index of” site:kr password" should throw up lists of South Korean directories never intended to be found online.
Image by Tischenko Irina/Shutterstock