Google Hacking with the NSA

Die NSA hat ihr internes Buch über Online-Recherche namens Untangling the Web: A Guide to Internet Research ins Netz gestellt (PDF, anonymisierter Link zur NSA) und darin gibt es ein Kapitel über „Google Hacking“. Sowas wie der Googleguide für Spione.

The book […] is filled with advice for using search engines, the Internet Archive and other online tools. But the most interesting is the chapter titled “Google Hacking.” Say you’re a cyberspy for the NSA and you want sensitive inside information on companies in South Africa. What do you do?

Search for confidential Excel spreadsheets the company inadvertently posted online by typing “filetype:xls site:za confidential” into Google, the book notes. Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

Use These Secret NSA Google Search Tips to Become Your Own Spy Agency